Lattice-Based Key-Aggregate (Searchable) Encryption in Cloud Storage

In cloud storage, selectively sharing encrypted data is becoming increasingly important. One key design challenge is the management of encryption keys. Traditionally, a large quantity of encryption keys have to be managed by the data owner, and an equally large number of keyword trapdoors must be sent to the cloud for the purpose of searching over the shared data, which are cumbersome in terms of secure communication and management. Recently, key-aggregate (searchable) encryption schemes have been introduced to alleviate the problem. However, they were only designed under the Bilinear Diffie-Hellman Exponent assumption in the prior works. Lattice-based key-aggregate (searchable) encryption schemes are valuable, because they have security against quantum computing attacks, average-case to worse-case equivalence as well as simplicity and potential efficiency. Here we propose a key-aggregate encryption scheme and a key-aggregate searchable encryption scheme which are both based on a lattice problem (i.e., the Learning with Errors problem). Some key techniques are employed during the construction of the schemes. A basis delegation algorithm is designed to generate the aggregate key without increasing the lattice dimension. The encryption algorithms of the two schemes are trickily devised to make the encrypted files decryptable or searchable. To overcome the problem of general matrix multiplication failing to satisfy commutative law, a hash function is designed by using diagonalizable matrices to make the encrypted file decryptable and the trapdoor adjustable.We present the schemes' correctness proof, formal security analysis as well as performance analysis, which confirm that they are provably secure and practically efficient. To the best of our knowledge, the former is the first lattice-based key-aggregate encryption scheme and the latter is the first lattice-based key-aggregate searchable encryption scheme. We also demonstrate their application to cloud storage for searchable group data sharing by combining the two schemes.