Constructing Subspace Membership Encryption through Inner Product Encryption

Subspace membership encryption is a generalization of inner product encryptions, which was recently formalized by Boneh, Raghunathan, and Segev in Asiacrypt 2013. The construction of this new predicate encryption was motivated by the fact that traditional predicate encryptions did not yield function privacy, a security notion introduced by Boneh et al. in Crypto 2013. This newly defined security notion requires that no information on the predicate associated to a given secret key is revealed, beyond the absolute minimum necessary. Boneh et al. gave a generic construction of the subspace membership encryption based on any inner product encryption. However, our research shows that their construction for subspace membership encryptions when the attribute space is small was incorrect, and that it does not yield the attribute hiding security, which is the baseline notion of security for predicate encryptions. In this paper, we will first show why the construction does not possess the attribute hiding security, and see that this can not be altered through simple reconstruction. Then, we will formulate a generalized construction of subspace membership encryptions by introducing probability distributions over the attribute and predicate space, and prove that the attribute hiding security can not be satisfied even in the generalized setting. We will consider the requirements for subspace membership encryptions to yield the attribute hiding security, and evaluate them probabilistically. Finally, we will present an extension of our generalized construction, and show that it holds the attribute hiding security even in small attribute spaces. However, in our extended generalized construction, function privacy was deprived, which was precisely the motivation of formalizing subspace member encryptions in the first place. Although, we did not succeed in constructing a subspace membership encryption which both yields the attribute hiding security and function privacy, we formalized a richer framework of construction of subspace membership encryptions, and discovered a trade-off like relationship between the two security notions, which presents possibility for a construction in-between ours and Boneh et al.’s. Furthermore, our extended generalized construction cuts open new perspectives in the construction of subspace membership encryptions and enables us to make various choices on the underlying inner product encryptions.