Ciphertext-Policy ABE for $\mathsf{NC}^1$ Circuits with Constant-Size Ciphertexts from Succinct LWE

TL;DR

This paper presents a lattice-based ciphertext-policy attribute-based encryption scheme supporting NC^1 access policies with constant-size ciphertexts, achieving efficiency and security under the succinct LWE assumption.

Contribution

It introduces a novel CP-ABE scheme with constant-size ciphertexts for NC^1 circuits, based on the succinct LWE assumption, and applies it to broadcast encryption.

Findings

Constant-size ciphertexts for NC^1 policies

Security based on succinct LWE assumption

Efficient broadcast encryption scheme

Abstract

We construct a lattice-based ciphertext-policy attribute-based encryption (CP-ABE) scheme for $\mathsf{NC}^1$ access policies with constant-size ciphertexts. Let $\lambda$ be the security parameter. For an $\mathsf{NC}^1$ circuit of depth $d$ and size $s$ on $\ell$-bit inputs, our scheme has the public-key and ciphertext sizes $O(1)$ (independent of $d$), and secret-key size $O(\ell)$, where the $O(\cdot)$ hides $\operatorname{poly}(\lambda)$ factors. As an application, we obtain a broadcast encryption scheme for $N$ users with ciphertext size $\operatorname{poly}(\lambda)$ independent of $\log N$ and key sizes $\operatorname{poly}(\lambda,\log N)$. Our construction is selectively secure in the standard model under the $\operatorname{poly}(\lambda)$-succinct LWE assumption introduced by Wee (CRYPTO~2024).