Revocable Identity-Based Encryption from Codes with Rank Metric

In this paper, we present an identity-based encryption scheme from codes with efficient key revocation. Recently, in Crypto 2017, Gaborit et al. proposed a first identity-based encryption scheme from codes with rank metric, called RankIBE. To extract the decryption key from any public identity, they constructed a trapdoor function which relies on RankSign, a signature scheme proposed by Gaborit et al. in PQCrypto 2014. We adopt the same trapdoor function to add efficient key revocation functionality in the RankIBE scheme. Our revocable IBE scheme from codes with rank metric makes use of a binary tree data structure to reduce the amount of work in terms of key updates for the key authority. The total size of key updates requires logarithmic complexity in the maximum number of users and linear in the number of revoked users. We prove that our revocable IBE scheme is selective-ID secure in the random oracle model, under the hardness of three problems: the Rank Syndrome Decoding (RSD) problem, the Augmented Low Rank Parity Check Code (\(\textsf {LRPC}^+\)) problem, and the Rank Support Learning (RSL) problem.

[1]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[2]  Jean-Charles Faugère,et al.  Computing loci of rank defects of linear matrices using Gröbner bases and applications to cryptology , 2010, ISSAC.

[3]  Rafail Ostrovsky,et al.  Fast digital identity revocation , 1998 .

[4]  Ludovic Perret,et al.  Cryptanalysis of MinRank , 2008, CRYPTO.

[5]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[6]  Daniel Smith-Tone,et al.  Report on Post-Quantum Cryptography , 2016 .

[7]  Gilles Zémor,et al.  RankSign: An Efficient Signature Algorithm Based on the Rank Metric , 2014, PQCrypto.

[8]  Gilles Zémor,et al.  Low Rank Parity Check codes and their application to cryptography , 2013 .

[9]  Pierre Loidreau,et al.  Asymptotic behaviour of codes in rank metric over finite fields , 2012, Designs, Codes and Cryptography.

[10]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[11]  Huaxiong Wang,et al.  Revocable Identity-Based Encryption from Lattices , 2012, ACISP.

[12]  Adrien Hauteville,et al.  Identity-Based Encryption from Codes with Rank Metric , 2017, CRYPTO.

[13]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[14]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Philippe Gaborit,et al.  Shorter keys for code-based cryptography , 2005 .

[17]  Marco Baldi,et al.  A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes , 2008, SCN.

[18]  F. Chiaraluce,et al.  On the Usage of Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2006, 2006 First International Conference on Communications and Electronics.

[19]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[20]  J. Rosenthal,et al.  Using low density parity check codes in the McEliece cryptosystem , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[21]  Peter W. Shor,et al.  Polynominal time algorithms for discrete logarithms and factoring on a quantum computer , 1994, ANTS.

[22]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[23]  Adrien Hauteville,et al.  New algorithms for decoding in the rank metric and an attack on the LRPC cryptosystem , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[24]  Roberto Garello,et al.  Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2007, 2007 IEEE International Conference on Communications.

[25]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[26]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[27]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[28]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[29]  Philippe Gaborit,et al.  On the Complexity of the Rank Syndrome Decoding Problem , 2013, IEEE Transactions on Information Theory.

[30]  Jin Wang,et al.  Lattice-based Identity-Based Broadcast Encryption Scheme , 2010, IACR Cryptol. ePrint Arch..

[31]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[32]  Benoît Libert,et al.  Adaptive-ID Secure Revocable Identity-Based Encryption , 2009, CT-RSA.