Attribute-based proxy re-encryption from standard lattices

Attribute-based proxy re-encryption (ABPRE), which combines the notions of proxy re-encryption (PRE) and attribute-based encryption (ABE), allows a semi-trusted proxy to transform a ciphertext under a particular access-policy into a ciphertext under another access policy, without revealing any information about the underlying plaintext. This primitive is very useful in some applications, where encrypted data needs to be stored in untrusted environments, such as cloud storage. In its key-policy flavor, the secret key is associated with an access policy that specifies which type of ciphertexts can be decrypted by that key, where ciphertexts are marked with different sets of attributes. However, all existing key-policy attribute-based proxy re-encryption (KP-ABPRE) schemes are based on classical number-theoretic assumptions, which are vulnerable to quantum attacks. This paper proposes the first KP-ABPRE scheme based on the learning with errors (LWE) problem, which is widely believed to be quantum-resistant. Our scheme is multi-hop, supports polynomial-depth policy circuits and has short private keys, where the size of the keys is dependent only on the depth of the supported policy circuits. In addition, we prove that our scheme is CPA secure in the selective security model, based on the LWE assumption.