Making Any Identity-Based Encryption Accountable, Efficiently

Identity-Based Encryption IBE provides a compelling solution to the PKI management problem, however it comes with the serious privacy consideration that a trusted party called the PKG is required to generate and hence also know the secret keys of all users. This inherent key escrow problem is considered to be one of the major reasons hindering the wider utilization of IBE systems. In order to address this problem, Goyal [20] introduced the notion of accountable authority IBE A-IBE, in which a judge can differentiate the PKG from the user as the source of a decryption software. Via this "tracing" mechanism, A-IBE deters the PKG from leaking the user's secret key and hence offers a defense mechanism for IBE users against a malicious PKG. All previous works on A-IBE focused on specialized constructions trying to achieve different properties and efficiency enhancements. In this paper for the first time we show how to add accountability to any IBE scheme using oblivious transfer OT, with almost the same ciphertext efficiency as the underlying IBE. Furthermore, we extend our generic construction to support identity reuse without losing efficiency. This property is desirable in practice as users may accidentally lose their secret keys and they -naturally- prefer not to abandon their identities. How to achieve this property was open until our work. Along the way, we first modify the generic construction and develop a new technique to provide public traceability generically.

[1]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[2]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[3]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[4]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[5]  Sherman S. M. Chow Removing Escrow from Identity-Based Encryption , 2009, Public Key Cryptography.

[6]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[7]  Yunlei Zhao,et al.  Accountable Authority Identity-Based Encryption with Public Traceability , 2013, CT-RSA.

[8]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Spplications , 1989, CRYPTO.

[9]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[10]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[11]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[12]  Brent Waters,et al.  Black-box accountable authority identity-based encryption , 2008, CCS.

[13]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[14]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[15]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[16]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[17]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[18]  Benoît Libert,et al.  Towards Black-Box Accountable Authority IBE with Short Ciphertexts and Private Keys , 2008, Public Key Cryptography.

[19]  Moni Naor,et al.  Traitor tracing with constant size ciphertext , 2008, CCS.

[20]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[21]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[22]  Aggelos Kiayias,et al.  How to keep a secret: leakage deterring public-key cryptosystems , 2013, CCS.

[23]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[24]  Amit Sahai,et al.  Fully Secure Accountable-Authority Identity-Based Encryption , 2011, Public Key Cryptography.

[25]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[26]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[27]  Siu-Ming Yiu,et al.  Exponent-inversion Signatures and IBE under Static Assumptions , 2014, IACR Cryptol. ePrint Arch..

[28]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[29]  Joseph K. Liu,et al.  Traceable and Retrievable Identity-Based Encryption , 2008, ACNS.

[30]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[31]  Venkatesan Guruswami,et al.  Expander-based constructions of efficiently decodable codes , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[32]  Xavier Boyen,et al.  Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems , 2007, RFC.

[33]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.