Lattice-based group encryptions with only one trapdoor

Group encryption (GE), the encryption analog of group signatures, is a fundamental primitive that offers a privacy-preserving service for a specific receiver concealed within a group of certified users. Like other cryptographic primitives, GE constructions are always considered relative to the potential danger of quantum computations. The only existing lattice-based variant appeared in the work of Libert et al. (Asiacrypt’16). Despite its non-trivial achievement, the construction suffers in terms of efficiency due to the extensive use of lattice trapdoors. In this paper, we develop an integrated zero-knowledge argument system that is friendly to both accumulated values and hidden matrices and supports efficient designs from lattices. Based on this system, we propose efficiency enhancing GE where only group users are required to possess the lattice trapdoors and the other parties are not. In particular, we utilize lattice-based cryptographic accumulators to confirm prospective group members and use the dual Regev encryption scheme to provide privacy for ciphertext recipients. These modifications significantly increase GE efficiency. In addition, under the intractability assumptions of the standard lattice problems, we prove the security of the proposed scheme in the standard model (assuming interaction during the proof phase), which retains the strongest level of security as the only currently available candidate.