TY - GEN
T1 - A Framework for Witness Encryption from Linearly Verifiable SNARKs and Applications
AU - Garg, Sanjam
AU - Hajiabadi, Mohammad
AU - Kolonelos, Dimitris
AU - Kothapalli, Abhiram
AU - Policharla, Guru Vamsi
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2025.
PY - 2025
Y1 - 2025
N2 - Witness Encryption (WE) is a powerful cryptographic primitive, enabling applications that would otherwise appear infeasible. While general-purpose WE requires strong cryptographic assumptions, and is highly inefficient, recent works have demonstrated that it is possible to design special-purpose WE schemes for targeted applications that can be built from weaker assumptions and can also be concretely efficient. Despite the plethora of constructions in the literature that (implicitly) use witness encryption schemes, there has been no systematic study of special purpose witness encryption schemes. In this work we make progress towards this goal by designing a modular and extensible framework, which allows us to better understand existing schemes and further enables us to construct new witness encryption schemes. The framework is designed around simple but powerful building blocks that we refer to as “gadgets”. Gadgets can be thought of as witness encryption schemes for small targeted relations (induced by linearly verifiable arguments) but they can be composed with each other to build larger, more expressive relations that are useful in applications. To highlight the power of our framework we methodically recover past results, improve upon them and even provide new feasibility results. The first application of our framework is a Registered Attribute-Based Encryption Scheme [Hohenberger et al. (Eurocrypt 23)] with linear sized common reference string (CRS). Since 2023, numerous Registered Attribute-Based Encryption (R-ABE) constructions have emerged though a black-box R-ABE construction with a linear–in the number of users–CRS has been a persistent open problem, with the state-of-the-art concretely being ≈N1.58 (Garg et al. [GLWW, Crypto 24]). Empowered by our Witness Encryption framework we provide the first construction of black-box R-ABE with linear-sized CRS. Our construction is based on a novel realization of encryption for DNF formulas that leverages encryption for set membership. Our second application is a feasibility result for Registered Threshold Encryption. This is an analogue of the recently introduced Silent Threshold Encryption (Garg et al. [GKPW, Crypto 24]) placed in the Registered Setting. We formalize Registered Threshold Encryption and provide an efficient construction, with constant-sized encryption key and ciphertexts, that makes use of our WE framework.
AB - Witness Encryption (WE) is a powerful cryptographic primitive, enabling applications that would otherwise appear infeasible. While general-purpose WE requires strong cryptographic assumptions, and is highly inefficient, recent works have demonstrated that it is possible to design special-purpose WE schemes for targeted applications that can be built from weaker assumptions and can also be concretely efficient. Despite the plethora of constructions in the literature that (implicitly) use witness encryption schemes, there has been no systematic study of special purpose witness encryption schemes. In this work we make progress towards this goal by designing a modular and extensible framework, which allows us to better understand existing schemes and further enables us to construct new witness encryption schemes. The framework is designed around simple but powerful building blocks that we refer to as “gadgets”. Gadgets can be thought of as witness encryption schemes for small targeted relations (induced by linearly verifiable arguments) but they can be composed with each other to build larger, more expressive relations that are useful in applications. To highlight the power of our framework we methodically recover past results, improve upon them and even provide new feasibility results. The first application of our framework is a Registered Attribute-Based Encryption Scheme [Hohenberger et al. (Eurocrypt 23)] with linear sized common reference string (CRS). Since 2023, numerous Registered Attribute-Based Encryption (R-ABE) constructions have emerged though a black-box R-ABE construction with a linear–in the number of users–CRS has been a persistent open problem, with the state-of-the-art concretely being ≈N1.58 (Garg et al. [GLWW, Crypto 24]). Empowered by our Witness Encryption framework we provide the first construction of black-box R-ABE with linear-sized CRS. Our construction is based on a novel realization of encryption for DNF formulas that leverages encryption for set membership. Our second application is a feasibility result for Registered Threshold Encryption. This is an analogue of the recently introduced Silent Threshold Encryption (Garg et al. [GKPW, Crypto 24]) placed in the Registered Setting. We formalize Registered Threshold Encryption and provide an efficient construction, with constant-sized encryption key and ciphertexts, that makes use of our WE framework.
UR - https://www.scopus.com/pages/publications/105014164357
UR - https://www.scopus.com/pages/publications/105014164357#tab=citedBy
U2 - 10.1007/978-3-032-01881-6_16
DO - 10.1007/978-3-032-01881-6_16
M3 - Conference contribution
AN - SCOPUS:105014164357
SN - 9783032018809
T3 - Lecture Notes in Computer Science
SP - 504
EP - 539
BT - Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings
A2 - Tauman Kalai, Yael
A2 - Kamara, Seny F.
PB - Springer Science and Business Media Deutschland GmbH
T2 - 45th Annual International Cryptology Conference, CRYPTO 2025
Y2 - 17 August 2025 through 21 August 2025
ER -