--- res: bibo_abstract: - Witness encryption (WE) was introduced by Garg et al. [GGSW13]. A WE scheme is defined for some NP language L and lets a sender encrypt messages relative to instances x. A ciphertext for x can be decrypted using w witnessing x ∈ L, but hides the message if x ∈ L. Garg et al. construct WE from multilinear maps and give another construction [GGH+13b] using indistinguishability obfuscation (iO) for circuits. Due to the reliance on such heavy tools, WE can cur- rently hardly be implemented on powerful hardware and will unlikely be realizable on constrained devices like smart cards any time soon. We construct a WE scheme where encryption is done by simply computing a Naor-Yung ciphertext (two CPA encryptions and a NIZK proof). To achieve this, our scheme has a setup phase, which outputs public parameters containing an obfuscated circuit (only required for decryption), two encryption keys and a common reference string (used for encryption). This setup need only be run once, and the parame- ters can be used for arbitrary many encryptions. Our scheme can also be turned into a functional WE scheme, where a message is encrypted w.r.t. a statement and a function f, and decryption with a witness w yields f (m, w). Our construction is inspired by the functional encryption scheme by Garg et al. and we prove (selective) security assuming iO and statistically simulation-sound NIZK. We give a construction of the latter in bilinear groups and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at a 128-bit security level and can be computed on a smart card.@eng bibo_authorlist: - foaf_Person: foaf_givenName: Hamza M foaf_name: Abusalah, Hamza M foaf_surname: Abusalah foaf_workInfoHomepage: http://www.librecat.org/personId=40297222-F248-11E8-B48F-1D18A9856A87 - foaf_Person: foaf_givenName: Georg foaf_name: Fuchsbauer, Georg foaf_surname: Fuchsbauer foaf_workInfoHomepage: http://www.librecat.org/personId=46B4C3EE-F248-11E8-B48F-1D18A9856A87 - foaf_Person: foaf_givenName: Krzysztof Z foaf_name: Pietrzak, Krzysztof Z foaf_surname: Pietrzak foaf_workInfoHomepage: http://www.librecat.org/personId=3E04A7AA-F248-11E8-B48F-1D18A9856A87 orcid: 0000-0002-9139-1654 bibo_doi: 10.1007/978-3-319-39555-5_16 bibo_volume: 9696 dct_date: 2016^xs_gYear dct_language: eng dct_publisher: Springer@ dct_title: Offline witness encryption@ ...