Practical Identity-Based Encryption Without Random Oracles

We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight” security reduction, albeit to a stronger assumption that depends on the number of private key generation queries made by the adversary. Our assumption is a variant of Boneh et al.'s decisional Bilinear Diffie-Hellman Exponent assumption, which has been used to construct efficient hierarchical IBE and broadcast encryption systems. The construction is remarkably simple. It also provides recipient anonymity automatically, providing a second (and more efficient) solution to the problem of achieving anonymous IBE without random oracles. Finally, our proof of CCA2 security, which has more in common with the security proof for the Cramer-Shoup encryption scheme than with security proofs for other IBE systems, may be of independent interest.

[1]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[4]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[5]  Hideki Imai,et al.  Efficient Identity-Based Encryption with Tight Security Reduction , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[7]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[8]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[9]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[10]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[11]  Yevgeniy Dodis,et al.  Efficient Construction of (Distributed) Verifiable Random Functions , 2003, Public Key Cryptography.

[12]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[13]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[14]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[15]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[16]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[17]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[18]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[19]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[20]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[21]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[22]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[23]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[24]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[25]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[26]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..