Semantic Definition of Anonymity in Identity-Based Encryption and Its Relation to Indistinguishability-Based Definition

In this paper we point out an overlooked subtlety in providing proper security definitions of anonymous identity-based encryption (anonymous IBE) and its applications such as searchable encryption. Namely, we find that until now there is no discussion whether the widely used indistinguishability-based notion of anonymity for IBE implies simulation-based definition of anonymity, which directly captures the intuition that recipients’ IDs are not leaked from ciphertexts. We compensate this undesirable situation by providing a simulation-based notion, which requires that a ciphertext can be simulated without knowing the associated ID, by specializing the anonymity notion defined for more generalized notion of attribute-based encryption in previous work to the setting of IBE and then proving that this definition is equivalent to the conventional indistinguishability-based definition. We note that while the final result is something one would expect, our proof is not completely trivial. In particular, previous proofs that show the equivalence between semantic security and indistinguishability-based one in the setting where the security of payload is the main concern do not work immediately in our setting due to the difference between the semantics of identities and messages and the existence of the key extraction oracles.

[1]  Dongdai Lin,et al.  Anonymous Identity-Based Encryption with Identity Recovery , 2018, ACISP.

[2]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[3]  Hoeteck Wee,et al.  Attribute-Hiding Predicate Encryption in Bilinear Groups, Revisited , 2017, TCC.

[4]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[5]  Jan Camenisch,et al.  Blind and Anonymous Identity-Based Encryption and Authorised Private Searches on Public Key Encrypted Data , 2009, Public Key Cryptography.

[6]  Dennis Hofheinz,et al.  On definitions of selective opening security , 2012, IACR Cryptol. ePrint Arch..

[7]  Abhi Shelat,et al.  Relations Among Notions of Non-malleability for Encryption , 2007, ASIACRYPT.

[8]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[9]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[10]  Yang Cui,et al.  Relations Among Notions of Security for Identity Based Encryption Schemes , 2005, LATIN.

[11]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[12]  Kazuki Yoneyama,et al.  Verifiable and Forward Secure Dynamic Searchable Symmetric Encryption with Storage Efficiency , 2017, ICICS.

[13]  David Cash,et al.  The Locality of Searchable Symmetric Encryption , 2014, IACR Cryptol. ePrint Arch..

[14]  Hai Jin,et al.  Anonymous Identity-Based Broadcast Encryption with Constant Decryption Complexity and Strong Security , 2016, AsiaCCS.

[15]  Kihyun Kim,et al.  Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[16]  Sebastian Gajek Dynamic Symmetric Searchable Encryption from Constrained Functional Encryption , 2016, CT-RSA.

[17]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[18]  Ioannis Demertzis,et al.  Fast Searchable Encryption With Tunable Locality , 2017, SIGMOD Conference.

[19]  Kaoru Kurosawa,et al.  How to Update Documents Verifiably in Searchable Symmetric Encryption , 2013, CANS.

[20]  Yohei Watanabe,et al.  Identity-Based Encryption with Security Against the KGC: A Formal Model and Its Instantiation from Lattices , 2019, ESORICS.

[21]  Ioannis Demertzis,et al.  Searchable Encryption with Optimal Locality: Achieving Sublogarithmic Read Efficiency , 2018, IACR Cryptol. ePrint Arch..

[22]  Andreas Schaad,et al.  Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data , 2014, Sicherheit.

[23]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[24]  Sherman S. M. Chow Removing Escrow from Identity-Based Encryption , 2009, Public Key Cryptography.

[25]  Chun-I Fan,et al.  Anonymous Multi-Receiver Identity-Based Authenticated Encryption with CCA Security , 2015, Symmetry.

[26]  Wei Liu,et al.  Anonymous Identity-Based Broadcast Encryption with Chosen-Ciphertext Security , 2016, AsiaCCS.

[27]  Duong Hieu Phan,et al.  Anonymous Identity Based Encryption with Traceable Identities , 2019, ARES.

[28]  Gil Segev,et al.  Tight Tradeoffs in Searchable Symmetric Encryption , 2018, IACR Cryptol. ePrint Arch..

[29]  David Pointcheval,et al.  New Anonymity Notions for Identity-Based Encryption , 2008, Formal to Practical Security.

[30]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[31]  Ramarathnam Venkatesan,et al.  A secure coprocessor for database applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[32]  Hari Balakrishnan,et al.  CryptDB: processing queries on an encrypted database , 2012, CACM.

[33]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[34]  Moni Naor,et al.  Searchable symmetric encryption: optimal locality in linear space via two-dimensional balanced allocations , 2016, STOC.

[35]  Rafail Ostrovsky,et al.  Private Large-Scale Databases with Distributed Searchable Symmetric Encryption , 2016, CT-RSA.

[36]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..