Generic constructions of master-key KDM secure attribute-based encryption

Master-key key-dependent message (mKDM) security is a strong security notion for attribute-based encryption (ABE) schemes, which has been investigated in recent years. This line of research was started with identity-based encryption (IBE; Garg, Gay, and Hajiabadi, PKC 2020) and then was extended to (more general) ABE (Feng, Gong, and Chen, PKC 2021). Both these constructions are based on dual system techniques which crucially rely on pairings. How to construct mKDM secure ABEs without pairings or even generically was an open problem. In this paper, we propose two generic constructions of mKDM secure ABE from an ABE secure against chosen-plaintext attacks in the random oracle model (ROM) and standard model. In the ROM, our construction is very efficient, and it gives rise to the first mKDM secure ABE from lattices. Our construction in the standard model requires indistinguishability obfuscation, but it shows that, even in the standard model, mKDM security can be achieved generically, and it is not limited to dual-system-based techniques.