Efficient fully CCA-secure predicate encryptions from pair encodings

Abstract

<p style='text-indent:20px;'>Attrapadung (Eurocrypt 2014) proposed a generic framework for fully (adaptively) CPA-secure predicate encryption (PE) based on a new primitive, called <i>pair encodings</i>. Following the CCA conversions of Yamada et al. (PKC 2011, 2012) and Nandi et al. (ePrint Archive: 2015/457, AAECC 2018), one can have CCA-secure PE from CPA-secure PE if the primitive PE has either verifiability or delegation. These traditional approaches degrade the performance of the resultant CCA-secure PE scheme as compared to the primitive CPA-secure PE. As an alternative, we provide a direct fully secure CCA-construction of PE from the pair encoding scheme. This costs an extra computation of group element in encryption, three extra pairing computations and one re-randomization of key in decryption as compared to the CPA-construction of Attrapadung.</p><p style='text-indent:20px;'>Recently, Blömer et al. (CT-RSA 2016) proposed a direct CCA-secure construction of predicate encryptions from pair encodings. Although they did not use the aforementioned traditional approaches, a sort of verifiability checking is still involved in the CCA-decryption. The number of pairing computations for this checking is nearly equal to the number of paring computations in CPA-decryption. Therefore, the performance of our direct CCA-secure PE is far better than Blömer et al.</p>