Paper 2026/1083

When KGC Meets Curator: New Paradigm of Registered ABE and FE

Jun Zhao, East China Normal University

Kai Zhang, Shanghai University of Electric Power

Junqing Gong, East China Normal University

Haifeng Qian, East China Normal University

Abstract

Functional encryption (FE) which covers the notion of attribute-based encryption (ABE), is the cryptographic tool to realize fine-grained control on the accessibility of encrypted data. The traditional FE requires a central trusted authority to issue secret keys. It depends on the full-trust model, and is vulnerable to the security issue caused by key-escrow. While the registered FE (Reg-FE) achieves the zero-trust model and addresses the security issue by removing the use of central authority. It allows users to generate secret keys themselves and join the system by registering corresponding public keys to a curator. This work introduces delegated Reg-FE, which is a primitive with a new registration paradigm. It allows the registration of certain authorities that can issue secret keys for their respective classical FE sub-systems, beyond the prior work of registering plain users. Delegated Reg-FE implements a hybrid trust model within a two-level hierarchy. By redefining key escrow as a functional mechanism rather than a security concern, this model employs a zero-trust upper level which removes key-escrow, while the subsystem of each authority is locally full-trust and retains key-escrow mechanism. We construct four delegated Reg-FE schemes for functionalities that can be described as the $2\times 2$ combinations of linear function and policy check. Namely, Delegated Reg-IPFE, Delegated Reg-ABE, Reg-IPFE with delegated ABE, and Reg-ABE with delegated IPFE. All concrete schemes support bounded registrations and delegations, and achieve standard adaptive security under MDDH assumption on prime-order bilinear group. Furthermore, these schemes only rely on black-box techniques. Technically, these schemes rely on dual-system techniques as prior registration-based works. And we devise a new "hierarchically invoked dual-system" technique on schemes which have sub-ABE delegation systems. Furthermore, we present a generic construction of Delegated Reg-FE from the combination of Reg-FE and FE. The instantiations of this generic construction demonstrate the feasibility of delegated Reg-FE, supporting arbitrary functions as well as unbounded numbers of registrations and delegations. However, this approach requires non-black-box techniques and achieves weaker semi-adaptive security without malicious registration, where the semi-adaptive means the adversary claims the challenge after seeing common reference string but before making any query. Its security relies solely on the underlying assumptions of the Reg-FE and FE components.

@misc{cryptoeprint:2026/1083,
      author = {Ziqi Zhu and Jun Zhao and Kai Zhang and Junqing Gong and Haifeng Qian},
      title = {When {KGC} Meets Curator: New Paradigm of Registered {ABE} and {FE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/1083},
      year = {2026},
      doi = {10.1007/978-981-95-5119-4_2},
      url = {https://eprint.iacr.org/2026/1083}
}