On (Hierarchical) Identity Based Encryption Protocols with Short Public Parameters (With an Exposition of Waters' Artificial Abort Technique)

At Eurocrypt 2005, Waters proposed an efficient identity based encryption (IBE) scheme. One drawback of this scheme is that the size of the public parameter is rather large. Our first contribution is a generalization of Waters scheme. In particular, we show that there is an interesting trade-off between the tightness of the security reduction and smallness of the public parameter size. For a given security level, this implies that if one reduces the public parameter size there is a corresponding increase in the computational cost. This introduces a flexibility in choosing the public parameter size without compromising in security. In concrete terms, to achieve 80-bit security for 160-bit identities we show that compared to Waters protocol the public parameter size can be reduced by almost 90% while increasing the computation cost by 30%. Our second contribution is to extend the IBE protocol to a hierarchical IBE (HIBE) protocol which can be shown to be secure in the full model without the use of random oracle. A previous construction of a HIBE in the same setting is due to Waters. Our construction improves upon Waters’ suggestion by significantly reducing the number of public parameters.

[1]  David Galindo,et al.  The Exact Security of Pairing Based Encryption and Signature Schemes , 2004 .

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Rajeev Motwani,et al.  Randomized Algorithms , 1995, SIGA.

[4]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[5]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[6]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[7]  Sanjit Chatterjee,et al.  HIBE With Short Public Parameters Without Random Oracle , 2006, ASIACRYPT.

[8]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[9]  David Naccache,et al.  Secure and Practical Identity-based Encryption , 2005 .

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[12]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[13]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[14]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[15]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[16]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[17]  Sanjit Chatterjee,et al.  Trading Time for Space: Towards an Efficient IBE Scheme with Short(er) Public Parameters in the Standard Model , 2005, ICISC.

[18]  Jan Camenisch,et al.  Advances in cryptology - EUROCRYPT 2004 : International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004 : proceedings , 2004 .

[19]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[20]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[21]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.