Tightly Secure Hierarchical Identity-Based Encryption

PDF / 4,022,435 Bytes
35 Pages / 595.276 x 841.89 pts (A4) Page_size
65 Downloads / 234 Views

Tightly Secure Hierarchical Identity-Based Encryption Roman Langrehr∗1

Jiaxin Pan∗2

May 25, 2020

1

ETH Zurich, Zurich, Switzerland [email protected] 2 Department of Mathematical Sciences NTNU – Norwegian University of Science and Technology, Trondheim, Norway [email protected] Communicated by Masayuki Abe Abstract We construct the first tightly secure hierarchical identity-based encryption (HIBE) scheme based on standard assumptions, which solves an open problem from Blazy, Kiltz, and Pan (CRYPTO 2014). At the core of our constructions is a novel randomization technique that enables us to randomize user secret keys for identities with ﬂexible length. The security reductions of previous HIBEs lose at least a factor of Q, which is the number of user secret key queries. Diﬀerent to that, the security loss of our schemes is only dependent on the security parameter. Our schemes are adaptively secure based on the Matrix Diﬃe-Hellman assumption, which is a generalization of standard Diﬃe-Hellman assumptions such as k-Linear. We have two tightly secure constructions, one with constant ciphertext size, and the other with tighter security at the cost of linear ciphertext size. Among other things, our schemes imply the first tightly secure identity-based signature scheme by a variant of the Naor transformation. Keywords: Hierarchical identity-based encryption, tight security, aﬃne message authentication codes.

1 1.1

Introduction Motivation

Tight security. Reductions are useful tools for proving the security of public-key cryptographic schemes. Asymptotically, a reduction shows that if there is an eﬃcient adversary A that breaks the security of a scheme, then we can have another adversary R that solves the underlying computationally hard problem. Concretely, a reduction provides a security bound for the scheme, εA ≤ · εR ,1 where εA is the success probability of A and εR is that of R. Ideally, it is more desirable to have as small as a constant. We say a reduction is tight if is a small constant and the running time of A is approximately the same as that of R. Most of the current works have considered the tightness notion called “almost tight security”, where may linearly (or, even better, logarithmically) depend on the security parameter, but not on the size of A.2 Recently, tightly secure cryptographic schemes drew a large amount of attention (e.g. [HJ12, CW13, BKP14, GHKW16, GDCC16, AHN+ 17, GHKP18, HHK18]), since tightly secure schemes do not need to compensate for any security loss. ∗ Most of this work were done when both authors were at Karlsruhe Institute of Technology (KIT), Germany. In particular, J. Pan was employed at the group of Dennis Hofheinz and supported by DFG grant HO 4534/4-1. 1 Here we ignore the additive negligible terms for simplicity. 2 In this paper, we do not distinguish almost tight security from tight security, but we will detail the security loss in the security proof and comparison of our schemes.

c The Author(s) 2020.

R. Langrehr J. Pan

(Hierarchical) identity-based

Data Loading...

Tightly Secure Hierarchical Identity-Based Encryption

Recommend Documents

Towards Tightly Secure Lattice Short Signature and Id-Based Encryption

Tightly CCA-secure encryption scheme in a multi-user setting with corruptions

Tightly Close It, Robustly Secure It: Key-Based Lightweight Process for Propping up Encryption Techniques

Tightly-Secure Signatures from Five-Move Identification Protocols

Adaptively Secure Inner Product Encryption from LWE

Secure Cloud Encryption Using File Hierarchy Attribute

Adaptively Secure Threshold Symmetric-Key Encryption

Bounded-Collusion Identity-Based Encryption from Semantically-Secure Public-Key Encryption: Generic Constructions with S

Secure Generalized Deduplication via Multi-Key Revealing Encryption

SADDLE: Secure Aerial Data Delivery with Lightweight Encryption

Beyond Birthday Bound Secure Fresh Rekeying: Application to Authenticated Encryption

Session key based fast, secure and lightweight image encryption algorithm