Security and Anonymity of Identity-Based Encryption with Multiple Trusted Authorities

We consider the security of Identity-Based Encryption (IBE) in the setting of multiple Trusted Authorities (TAs). In this multi-TA setting, we envisage multiple TAs sharing some common parameters, but each TA generating its own master secrets and master public keys. We provide security notions and security models for the multi-TA setting which can be seen as natural extensions of existing notions and models for the single-TA setting. In addition, we study the concept of TA anonymity, which formally models the inability of an adversary to distinguish two ciphertexts corresponding to the same message and identity but generated using different TA master public keys. We argue that this anonymity property is a natural one of importance in enhancing privacy and limiting traffic analysis in multi-TA environments. We study a modified version of a Fujisaki-Okamoto conversion in the multi-TA setting, proving that our modification lifts security and anonymity properties from the CPA to the CCA setting. Finally, we apply these results to study the security of the Boneh-Franklin and Sakai-Kasahara IBE schemes in the multi-TA setting.

[1]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[2]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[3]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[4]  Liqun Chen,et al.  An Efficient ID-KEM Based On The Sakai-Kasahara Key Construction , 2006, IACR Cryptol. ePrint Arch..

[5]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[6]  Shu Lin,et al.  Applied Algebra, Algebraic Algorithms and Error-Correcting Codes , 1999, Lecture Notes in Computer Science.

[7]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[8]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[9]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[10]  Hideki Imai,et al.  Applying Fujisaki-Okamoto to Identity-Based Encryption , 2006, AAECC.

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[13]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[14]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[15]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[16]  Manuel Barbosa,et al.  Efficient Identity-Based Key Encapsulation to Multiple Parties , 2005, IMACC.

[17]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[18]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[19]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[20]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[21]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[22]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[23]  Shai Halevi A sufficient condition for key-privacy , 2005, IACR Cryptol. ePrint Arch..

[24]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[25]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[26]  Jason E. Holt Key Privacy for Identity Based Encryption , 2006, IACR Cryptol. ePrint Arch..

[27]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[28]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[29]  Hideki Imai,et al.  Generic Transforms to Acquire CCA-Security for Identity Based Encryption: The Cases of FOpkc and REACT , 2006, ACISP.

[30]  Shengbao Wang,et al.  Practical Identity-Based Encryption (IBE) in Multiple PKG Environments and Its Applications , 2007, IACR Cryptol. ePrint Arch..

[31]  Xavier Boyen,et al.  The BF Identity-Based Encryption System , 2006 .

[32]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.