Creating Post-Quantum Cryptography for Attribute-Based Encryption

Introduced in a 2005 paper co-authored by NTT Research Cryptography & Information Security (CIS) Lab Director Brent Waters, attribute-based encryption (ABE) is now approaching commercialization. As a case in point, NTT is conducting a proof-of-concept (POC) information-sharing platform using ABE with the University of Technology Sydney (UTS). Part of a broader technology partnership with UTS, this initial platform is aimed at internal UTS applications. As more evidence for the growing maturity of this encryption scheme, NTT Research recently conducted an ABE hackathon that drew five NTT global teams to Sunnyvale, where they spent two weeks building potential implementations of the technology.

Compared to the prevailing coarse-grained access model of public-key encryption, where giving out a secret key essentially amounts to giving access to all the encrypted data, ABE is a more finely tuned approach that grants prescribed access of encrypted data to someone with a set of matching traits. The checking of those attributes happens mathematically, “inside the crypto,” which shifts attention away from servers or software engineering and toward policies and the encryption itself. In addition to exploring the commercialization of ABE through its Technology Promotion Team, which organized the recent hackathon, NTT Research is also engaged in basic research into post-quantum ABE schemes.

One relatively recent paper on the subject was co-authored by Dr. Waters and CIS Lab Scientists Pratish Datta and Ilan Komargodski. Titled “Decentralized Multi-Authority ABE for DNFs from LWE,” and presented at EuroCrypt 2021, the Datta, Komargodski and Waters (DKW) paper presents the first collusion-resistant, post-quantum decentralized multi-authority (MA)-ABE scheme. It is proved under the Learning with Errors (LWE) assumption, which has become a pillar in post-quantum security. The scheme also supports access policies captured by disjunctive normal form (DNF) formulas, which are useful in automated theorem proving.

“The rapid advances in internet communications, social networking platforms, electronic payments, and cloud technology have already created the need for highly sophisticated security infrastructures for which the basic public-key encryption no longer suffices,” Dr. Datta said in an interview. “ABE has emerged as a promising tool for deployment in such advanced security infrastructures. This has motivated us to develop post-quantum secure ABE schemes to protect these advanced security infrastructures against quantum adversaries, so that the advent of quantum computers cannot disrupt the digital services built on top of those security infrastructures.” (For more on Dr. Datta and additional comments on the EuroCrypt 2021 paper, see this recent profile and Q&A.) 
So far, the NTT Research Technology Promotion Team has implemented a prototype of the scheme, but not yet the full MA-ABE. The team, led by Takashi Goto, is conducting tests for decryption correctness and performance. To be deployed commercially, however, Mr. Goto said it would need to undergo further adaptation. “Although practical quantum attacks do not constitute an imminent threat,” Mr. Goto said, “NTT customers can rest assured that some of the world’s top cryptographers are exploring post-quantum ABE solutions, and that NTT will provide migration paths down the road.”