Removing Escrow from Identity-Based Encryption

Key escrow is inherent in identity-based encryption (IBE). A curious key generation center (KGC) can simply generate the user's private key to decrypt a ciphertext. However, can a KGC still decrypt if it does not know the intended recipient of the ciphertext? We answer by formalizing KGC anonymous ciphertext indistinguishability ($\mathcal{ACI-KGC}$). We find that all existing pairing-based IBE schemes without random oracles, whether receipt-anonymous or not, do not achieve KGC one-wayness, a weaker notion of $\mathcal{ACI-KGC}$. In view of this, we first show how to equip an IBE scheme by Gentry with $\mathcal{ACI-KGC}$. Second, we propose a new system architecture with an anonymous private key generation protocol such that the KGC can issue a private key to an authenticated user without knowing the list of users identities. This also better matches the practice that authentication should be done with the local registration authorities instead of the KGC. Our proposal can be viewed as mitigating the key escrow problem in a different dimension than distributed KGCs approach.

[1]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[2]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[3]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[5]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[6]  David Galindo,et al.  Boneh-Franklin Identity Based Encryption Revisited , 2005, IACR Cryptol. ePrint Arch..

[7]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[8]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[9]  Brent Waters,et al.  Black-box accountable authority identity-based encryption , 2008, CCS.

[10]  Hideki Imai,et al.  Efficient Identity-Based Encryption with Tight Security Reduction , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[11]  Choonsik Park,et al.  Information Security and Cryptology - ICISC 2004, 7th International Conference, Seoul, Korea, December 2-3, 2004, Revised Selected Papers , 2005, ICISC.

[12]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[13]  Matthew Green,et al.  Blind Identity-Based Encryption and Simulatable Oblivious Transfer , 2007, ASIACRYPT.

[14]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[15]  Melissa Chase Efficient non-interactive zero-knowledge proofs for privacy applications , 2008 .

[16]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[17]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[18]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[19]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[20]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[21]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[22]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[23]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Threshold Identity-Based Key Encapsulation Without Random Oracles , 2006, SCN.

[24]  Joonsang Baek,et al.  Efficient Multi-receiver Identity-Based Encryption and Its Application to Broadcast Encryption , 2005, Public Key Cryptography.

[25]  Siu-Ming Yiu,et al.  Separable and Anonymous Identity-Based Key Issuing , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[26]  Byoungcheon Lee,et al.  Information Security and Cryptology - ICISC 2006, 9th International Conference, Busan, Korea, November 30 - December 1, 2006, Proceedings , 2006, ICISC.

[27]  David Pointcheval,et al.  Chosen-Ciphertext Security without Redundancy , 2003, ASIACRYPT.

[28]  Sanjit Chatterjee,et al.  Generalization of the Selective-ID Security Model for HIBE Protocols , 2006, Public Key Cryptography.

[29]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[30]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[31]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[32]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[33]  Kim-Kwang Raymond Choo,et al.  Strongly-Secure Identity-Based Key Agreement and Anonymous Extension , 2007, ISC.

[34]  Jean-Jacques Quisquater,et al.  Identity Based Encryption Without Redundancy , 2005, ACNS.

[35]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[36]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[37]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[38]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[39]  Sanjit Chatterjee,et al.  HIBE With Short Public Parameters Without Random Oracle , 2006, ASIACRYPT.

[40]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[41]  Sanjit Chatterjee,et al.  New Constructions of Constant Size Ciphertext HIBE Without Random Oracle , 2006, ICISC.

[42]  Sanjit Chatterjee,et al.  Trading Time for Space: Towards an Efficient IBE Scheme with Short(er) Public Parameters in the Standard Model , 2005, ICISC.

[43]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[44]  Liqun Chen,et al.  Security Proof of Sakai-Kasahara's Identity-Based Encryption Scheme , 2005, IMACC.

[45]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[46]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[47]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[48]  Koutarou Suzuki,et al.  Fully Secure Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts , 2011, IACR Cryptol. ePrint Arch..

[49]  David Pointcheval,et al.  New Anonymity Notions for Identity-Based Encryption , 2008, Formal to Practical Security.

[50]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[51]  William P. Marnane,et al.  Identity- Based Cryptography , 2008 .

[52]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[53]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[54]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[55]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[56]  Yevgeniy Vahlis,et al.  CCA2 Secure IBE: Standard Model Efficiency through Authenticated Symmetric Encryption , 2008, CT-RSA.

[57]  Tanja Lange,et al.  Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings , 2006, INDOCRYPT.

[58]  Ronald Cramer,et al.  Public Key Cryptography - PKC 2008, 11th International Workshop on Practice and Theory in Public-Key Cryptography, Barcelona, Spain, March 9-12, 2008. Proceedings , 2008, Public Key Cryptography.

[59]  Benoît Libert,et al.  Towards Black-Box Accountable Authority IBE with Short Ciphertexts and Private Keys , 2008, Public Key Cryptography.

[60]  David Naccache,et al.  Secure and Practical Identity-based Encryption , 2005 .

[61]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[62]  Sanjit Chatterjee,et al.  Multi-receiver Identity-Based Key Encapsulation with Shortened Ciphertext , 2006, INDOCRYPT.

[63]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[64]  Jian Weng,et al.  Identity-Based Parallel Key-Insulated Encryption Without Random Oracles: Security Notions and Construction , 2006, INDOCRYPT.

[65]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[66]  Dan Boneh,et al.  Generalized Identity Based and Broadcast Encryption Schemes , 2008, ASIACRYPT.

[67]  Volker Roth,et al.  General Certificateless Encryption and Timed-Release Encryption , 2008, IACR Cryptol. ePrint Arch..

[68]  Eike Kiltz,et al.  From Selective-ID to Full Security: The Case of the Inversion-Based Boneh-Boyen IBE Scheme , 2007, IACR Cryptol. ePrint Arch..

[69]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[70]  Kenneth G. Paterson,et al.  Certificateless Encryption Schemes Strongly Secure in the Standard Model , 2008, Public Key Cryptography.