Delegating capabilities in predicate encryption systems


Shi, E.; Waters, B. Delegating capabilities in predicate encryption systems. 35th International Colloquium on Automata, Languages & Programming (ICALP 2008); 2008 July 6-13; Reykjavik, Iceland.(A version of this paper has been published in Springer Lecture Notes in Computer Science vol. 5126.)


In predicate encryption systems, given a capability, one can evaluate one or more predicates on the encrypted data, while all other information about the plaintext remains hidden. We consider the first such systems to permit the delegation of capabilities. In a system that supports delegation, a user Alice who has a capability can delegate to Bob a more restrictive capability, which allows him to learn less about encrypted data than she did.

We formally define delegation in predicate encryption systems and propose a new security definition for delegation. In addition, we present an efficient construction supporting conjunctive queries. The security of our construction can be reduced to the general 3-party Bilinear Diffie-Hellman assumption, and the Bilinear Decisional Diffie-Hellman assumption in composite-order bilinear groups.

Read more from SRI