Abstract
Inner product encryption, first introduced by Katz et al., is a type of predicate encryption in which a ciphertext and a private key correspond to an attribute vector and a predicate vector, respectively. Only if the attribute and predicate vectors satisfy the inner product predicate will the decryption in this scheme be correct. In addition, the ability to use inner product encryption as an underlying building block to construct other useful cryptographic primitives has been demonstrated in the context of anonymous identity-based encryption and hidden vector encryption. However, the computing cost and communication cost of performing inner product encryption are very high at present. To resolve this problem, we introduce an efficient inner product encryption approach in this work. Specifically, the size of the private key is only one G element and one Zp element, and decryption requires only one pairing computation. The formal security proof and implementation result are also demonstrated. Compared with other state-of-the-art schemes, our scheme is the most efficient in terms of the number of pairing computations for decryption and the private key length.
Highlights
Inner product encryption (IPE), first introduced by Katz et al [1], is a type of predicate encryption [2] in which a ciphertext and a private key correspond to an attribute vector x and a predicate vector y, respectively
The security definition of an IPE scheme [1] can be naturally extended from the IND–CPA security of identity-based encryption [12,13,14]
Under the security approach of IPE, an adversary learns nothing about the encrypted message from a ciphertext associated with an attribute vector x if they do not own the private key associated with a predicate vector y such that x, y = 0
Summary
Inner product encryption (IPE), first introduced by Katz et al [1], is a type of predicate encryption [2] in which a ciphertext and a private key correspond to an attribute vector x and a predicate vector y, respectively. Under the security approach of IPE, an adversary learns nothing about the encrypted message from a ciphertext associated with an attribute vector x if they do not own the private key associated with a predicate vector y such that x, y = 0. Such a definition is called the IND–CPA security for IPE scheme in some papers [15] and is defined as the payload-hiding property in [1]. An unresolved question remains: can we obtain an efficient IPE scheme by reducing the cost of decryption and optimizing the length of the private key?
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
