Building Key-Private Public-Key Encryption Schemes

In the setting of identity-based encryption with multiple trusted authorities, TA anonymity formally models the inability of an adversary to distinguish two ciphertexts corresponding to the same message and identity, but generated using different TA master public-keys. This security property has applications in the prevention of traffic analysis in coalition networking environments. In this paper, we examine the implications of TA anonymity for key-privacy for normal public-key encryption (PKE) schemes. Key-privacy for PKE captures the requirement that ciphertexts should not leak any information about the public-keys used to perform encryptions. Thus key-privacy guarantees recipient anonymity for a PKE scheme. Canetti, Halevi and Katz (CHK) gave a generic transform which constructs an IND-CCA secure PKE scheme using an identity-based encryption (IBE) scheme that is selective-id IND-CPA secure and a strongly secure one-time signature scheme. Their transform works in the standard model (i.e. does not require the use of random oracles). Here, we prove that if the underlying IBE scheme in the CHK transform is TA anonymous, then the resulting PKE scheme enjoys key-privacy. Whilst IND-CCA secure, key-private PKE schemes are already known in the standard-model, our result gives the first generic method of constructing a key-private PKE scheme in the standard model. We then go on to investigate the TA anonymity of multi-TA versions of well-known standard model secure IBE schemes. In particular, we prove the TA anonymity and selective-id IND-CPA security of a multi-TA version of Gentry's IBE scheme. Applying the CHK transform, we obtain a new, efficient key- private, IND-CCA secure PKE scheme in the standard model.

[1]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[2]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[3]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[4]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[5]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[8]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[9]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[10]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[11]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[12]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[13]  K.D. Boklan,et al.  Flexible and secure communications in an identity-based coalition environment , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[14]  Kenneth G. Paterson,et al.  Security and Anonymity of Identity-Based Encryption with Multiple Trusted Authorities , 2008, Pairing.

[15]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[16]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[17]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[18]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[19]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[20]  Steven D. Galbraith,et al.  Pairing-Based Cryptography - Pairing 2008, Second International Conference, Egham, UK, September 1-3, 2008. Proceedings , 2008, Pairing.

[21]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[22]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[23]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[24]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[25]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[26]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[27]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[28]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[29]  David Naccache,et al.  Secure and Practical Identity-based Encryption , 2005 .

[30]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[31]  Jason E. Holt Key Privacy for Identity Based Encryption , 2006, IACR Cryptol. ePrint Arch..