On the Power of Hierarchical Identity-Based Encryption

We prove that there is no fully black-box construction of collision-resistant hash functions CRH from hierarchical identity-based encryption HIBE with arbitrary polynomial number of identity levels. To the best of our knowledge this is the first limitation proved for HIBE. As a corollary, we obtain a series of separations that are not directly about HIBE or CRH but are interesting on their own right. Namely, we show that primitives such as IBE and CCA-secure public-key encryption cannot be used in a black-box way to construct fully homomorphic encryption or any primitive that implies CRH in a black-box way. Our proof relies on the reconstruction paradigm of Gennaro and Trevisan FOCS 2000 and Haitner eti¾?al. FOCS 2007 and extends their techniques for one-way and trapdoor permutations to the setting of HIBE. A main technical challenge in the proof of our separation stems from the adaptivity of the HIBE adversary who is allowed to obtain keys for different identities before she selects the attacked identity. Our main technical contribution is to develop compression/reconstruction techniques that can be achieved relative to such adaptive attackers.

[1]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[2]  Brent Waters,et al.  A Punctured Programming Approach to Adaptively Secure Functional Encryption , 2015, CRYPTO.

[3]  Yuval Ishai,et al.  Sufficient Conditions for Collision-Resistant Hashing , 2005, TCC.

[4]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[5]  Rafail Ostrovsky,et al.  Garbled RAM Revisited , 2014, EUROCRYPT.

[6]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[7]  Dominique Unruh,et al.  Random Oracles and Auxiliary Input , 2007, CRYPTO.

[8]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[9]  Moni Naor,et al.  Primary-Secondary-Resolver Membership Proof Systems , 2015, TCC.

[10]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[11]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[12]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[13]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[14]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[15]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[16]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[17]  Leonid Reyzin,et al.  Finding Collisions on a Public Road, or Do Secure Hash Functions Need Secret Coins? , 2004, CRYPTO.

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[20]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[21]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[22]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[23]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[24]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[25]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[26]  Yehuda Lindell,et al.  A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions , 2003, EUROCRYPT.

[27]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[28]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[29]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[30]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[31]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[32]  Craig Gentry,et al.  Garbled RAM Revisited, Part I , 2014, IACR Cryptol. ePrint Arch..

[33]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[35]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[36]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[37]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[38]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[39]  Gil Segev,et al.  Limits on the Power of Indistinguishability Obfuscation and Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[40]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[41]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[42]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[43]  Joseph Naor,et al.  A Primal-Dual Randomized Algorithm for Weighted Paging , 2007, FOCS.

[44]  Kai-Min Chung,et al.  On the power of nonuniformity in proofs of security , 2013, ITCS '13.

[45]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[46]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[47]  Jonathan Katz,et al.  Lower bounds on the efficiency of encryption and digital signature schemes , 2003, STOC '03.

[48]  Satyanarayana V. Lokam,et al.  On Black-Box Reductions between Predicate Encryption Schemes , 2012, TCC.

[49]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.