{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T23:02:49Z","timestamp":1765062169000,"version":"3.41.2"},"reference-count":35,"publisher":"International Association for Cryptologic Research","issue":"4","license":[{"start":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T00:00:00Z","timestamp":1712620800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,9,2]]},"abstract":"<jats:p>Multi-authority\/input attribute-based encryption (MA-\/MI-ABE) are multi-party extensions of ABE which enable flavours of decentralised cryptographic access control. This work aims to advance research on multi-party ABE and their lattice-based constructions in several directions:<\/jats:p>\n          <jats:p>- We introduce the notion of multi-client (MC-)ABE. This can be seen as an augmentation of MI-ABE with the addition of a ciphertext identity (CID) in the syntax, or a specialisation of multi-client functional encryption (MC-FE) to the ABE setting.<\/jats:p>\n          <jats:p>- We adapt the 2-input (2I-)ABE of Agrawal et al. (CRYPTO'22), which is heuristically secure yet without a security proof, into a 2-client (2C-)ABE, and prove it satisfies a variant of very-selective security under the learning with errors (LWE) assumption.<\/jats:p>\n          <jats:p>- We extend Wee's ciphertext-policy (CP-)ABE (EUROCRYPT'22) to the MA setting, yielding an MA-ABE. Furthermore, combining techniques in Boneh et al.'s key-policy ABE (EUROCRYPT'14) and our MA-ABE, we construct an MC-ABE. We prove that they satisfy variants of very-selective security under the evasive LWE, tensor LWE, and LWE assumptions.<\/jats:p>\n          <jats:p>All our constructions support policies expressed as arbitrary polynomial-size circuits, feature distributed key generation (for MA) and encryption (for 2C\/MC), and are proven secure in the random oracle model. Although our constructions only achieve limited security against corrupt authorities\/clients, the fully distributed key generation\/encryption feature makes them nevertheless non-trivial and meaningful.<\/jats:p>\n          <jats:p>Prior to this work, existing MA-ABEs only support up to NC1 policies regardless of their security against corrupt authorities; existing MI-ABEs only support up to constant-many encryptors\/clients and do not achieve any security against corrupt encryptors\/clients; and MC-ABEs only existed in the form of MC-FEs for linear and quadratic functions. <\/jats:p>","DOI":"10.62056\/ahmpgy4e-","type":"journal-article","created":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:00:52Z","timestamp":1736787652000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":2,"title":["Lattice-based Multi-Authority\/Client Attribute-based Encryption for Circuits"],"prefix":"10.62056","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-6876-0954","authenticated-orcid":false,"given":"Valerio","family":"Cini","sequence":"first","affiliation":[{"name":"NTT Research","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9126-1887","authenticated-orcid":false,"given":"Russell","family":"Lai","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/020hwjq30","id-type":"ROR","asserted-by":"publisher"}],"name":"Aalto University","place":["Finland"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8905-1207","authenticated-orcid":false,"given":"Ivy","family":"Woo","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/020hwjq30","id-type":"ROR","asserted-by":"publisher"}],"name":"Aalto University","place":["Finland"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2025,1,13]]},"reference":[{"key":"ref1:TCC:Chase07","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/978-3-540-70936-7_28","article-title":"Multi-authority Attribute Based Encryption","volume":"4392","author":"Melissa Chase","year":"2007"},{"key":"ref2:SCN:BJKPW18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/978-3-319-98113-0_23","article-title":"Non-trivial Witness Encryption and Null-iO from Standard\n  Assumptions","volume":"11035","author":"Zvika Brakerski","year":"2018"},{"key":"ref3:C:GenSahWat13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-642-40041-4_5","article-title":"Homomorphic Encryption from Learning with Errors:\n  Conceptually-Simpler, Asymptotically-Faster, Attribute-Based","volume":"8042","author":"Craig Gentry","year":"2013"},{"key":"ref4:EC:BGGHNS14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1007\/978-3-642-55220-5_30","article-title":"Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE\n  and Compact Garbled Circuits","volume":"8441","author":"Dan Boneh","year":"2014"},{"key":"ref5:EC:Wee22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-031-07085-3_8","article-title":"Optimal Broadcast Encryption and CP-ABE from Evasive\n  Lattice Assumptions","volume":"13276","author":"Hoeteck Wee","year":"2022"},{"key":"ref6:EC:DatKomWat21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-030-77870-5_7","article-title":"Decentralized Multi-authority ABE for DNFs from LWE","volume":"12696","author":"Pratish Datta","year":"2021"},{"key":"ref7:EC:FFMV23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1007\/978-3-031-30620-4_19","article-title":"Multi-key and Multi-input Predicate Encryption from Learning\n  with Errors","volume":"14006","author":"Danilo Francati","year":"2023"},{"key":"ref8:C:ARYY23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"532","DOI":"10.1007\/978-3-031-38551-3_17","article-title":"Constant Input Attribute Based (and Predicate) Encryption\n  from Evasive and Tensor LWE","volume":"14084","author":"Shweta Agrawal","year":"2023"},{"key":"ref9:EC:GGGJKL14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1007\/978-3-642-55220-5_32","article-title":"Multi-input Functional Encryption","volume":"8441","author":"Shafi Goldwasser","year":"2014"},{"key":"ref10:C:AgrYadYam22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"590","DOI":"10.1007\/978-3-031-15802-5_21","article-title":"Multi-input Attribute Based Encryption and Predicate\n  Encryption","volume":"13507","author":"Shweta Agrawal","year":"2022"},{"key":"ref11:AC:CDGPP18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"703","DOI":"10.1007\/978-3-030-03329-3_24","article-title":"Decentralized Multi-Client Functional Encryption for Inner\n  Product","volume":"11273","author":"J\u00e9r\u00e9my Chotard","year":"2018"},{"key":"ref12:PKC:ABKW19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-030-17259-6_5","article-title":"Decentralizing Inner-Product Functional Encryption","volume":"11443","author":"Michel Abdalla","year":"2019"},{"key":"ref13:AC:AbdBenGay19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-030-34618-8_19","article-title":"From Single-Input to Multi-client Inner-Product Functional\n  Encryption","volume":"11923","author":"Michel Abdalla","year":"2019"},{"key":"ref14:AC:LibTit19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"520","DOI":"10.1007\/978-3-030-34618-8_18","article-title":"Multi-Client Functional Encryption for Linear Functions in\n  the Standard Model from LWE","volume":"11923","author":"Beno\u00eet Libert","year":"2019"},{"key":"ref15:TCC:AgrGoyTom22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1007\/978-3-031-22318-1_25","article-title":"Multi-Input Quadratic Functional Encryption: Stronger\n  Security, Broader Functionality","volume":"13747","author":"Shweta Agrawal","year":"2022"},{"key":"ref16:AC:NguPhaPoi22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-031-22963-3_4","article-title":"Multi-Client Functional Encryption with Fine-Grained Access\n  Control","volume":"13791","author":"Ky Nguyen","year":"2022"},{"key":"ref17:EC:LewWat11b","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"568","DOI":"10.1007\/978-3-642-20465-4_31","article-title":"Decentralizing Attribute-Based Encryption","volume":"6632","author":"Allison B. Lewko","year":"2011"},{"key":"ref18:PKC:WanFanLiu19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-030-17259-6_4","article-title":"FE for Inner Products and Its Application to Decentralized\n  ABE","volume":"11443","author":"Zhedong Wang","year":"2019"},{"key":"ref19:JC:DatKomWat23","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1007\/s00145-023-09445-7","article-title":"Decentralized Multi-authority ABE for NC${}^1$ from\n  BDH","volume":"36","author":"Pratish Datta","year":"2023","journal-title":"Journal of Cryptology"},{"key":"ref20:EC:DatKomWat23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1007\/978-3-031-30620-4_15","article-title":"Fully Adaptive Decentralized Multi-Authority ABE","volume":"14006","author":"Pratish Datta","year":"2023"},{"key":"ref21:PKC:AmbGay23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-031-31371-4_11","article-title":"Multi-authority ABE for Non-monotonic Access Structures","volume":"13941","author":"Miguel Ambrona","year":"2023"},{"key":"ref22:TCC:WatWeeWu22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"651","DOI":"10.1007\/978-3-031-22318-1_23","article-title":"Multi-authority ABE from Lattices Without Random Oracles","volume":"13747","author":"Brent Waters","year":"2022"},{"volume-title":"Multi-Authority Attribute-Based Encryption from LWE in the\n  OT Model","year":"2019","author":"Sam Kim","key":"ref23:EPRINT:Kim19"},{"key":"ref24:AC:VaiWeeWic22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/978-3-031-22963-3_7","article-title":"Witness Encryption and Null-IO from Evasive LWE","volume":"13791","author":"Vinod Vaikuntanathan","year":"2022"},{"key":"ref25:C:Tsabary22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-031-15802-5_19","article-title":"Candidate Witness Encryption from Lattice Techniques","volume":"13507","author":"Rotem Tsabary","year":"2022"},{"volume-title":"Optimal Broadcast Encryption and CP-ABE from Evasive\n  Lattice Assumptions","year":"2023","author":"Hoeteck Wee","key":"ref26:EPRINT:Wee23"},{"article-title":"Evasive LWE Assumptions: Definitions, Classes, and\n  Counterexamples","year":"2024","author":"Chris Brzuska","key":"ref27:AC:BrzUnaWoo24"},{"key":"ref28:C:FreWatWu23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"498","DOI":"10.1007\/978-3-031-38551-3_16","article-title":"How to Use (Plain) Witness Encryption: Registered ABE,\n  Flexible Broadcast, and More","volume":"14084","author":"Cody Freitag","year":"2023"},{"key":"ref29:C:BLMR13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-642-40041-4_23","article-title":"Key Homomorphic PRFs and Their Applications","volume":"8042","author":"Dan Boneh","year":"2013"},{"key":"ref30:EC:MicPei12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1007\/978-3-642-29011-4_41","article-title":"Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller","volume":"7237","author":"Daniele Micciancio","year":"2012"},{"key":"ref31:DBLP:conf\/innovations\/BrakerskiV22","series-title":"LIPIcs","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ITCS.2022.28","article-title":"Lattice-Inspired Broadcast Encryption and Succinct\n  Ciphertext-Policy ABE","volume":"215","author":"Zvika Brakerski","year":"2022"},{"key":"ref32:EC:DodReySmi04","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1007\/978-3-540-24676-3_31","article-title":"Fuzzy Extractors: How to Generate Strong Keys from\n  Biometrics and Other Noisy Data","volume":"3027","author":"Yevgeniy Dodis","year":"2004"},{"key":"ref33:EC:AgrBonBoy10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1007\/978-3-642-13190-5_28","article-title":"Efficient Lattice (H)IBE in the Standard Model","volume":"6110","author":"Shweta Agrawal","year":"2010"},{"key":"ref34:STOC:GenPeiVai08","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1145\/1374376.1374407","article-title":"Trapdoors for hard lattices and new cryptographic\n  constructions","author":"Craig Gentry","year":"2008"},{"key":"ref35:EC:GenMic18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/978-3-319-78381-9_7","article-title":"Faster Gaussian Sampling for Trapdoor Lattices with\n  Arbitrary Modulus","volume":"10820","author":"Nicholas Genise","year":"2018"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:10:46Z","timestamp":1736788246000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/4\/1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,13]]},"references-count":35,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,1,13]]}},"URL":"https:\/\/doi.org\/10.62056\/ahmpgy4e-","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2025,1,13]]},"assertion":[{"value":"2024-04-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-2-65"}}