Key Dependent Message Security and Receiver Selective Opening Security for Identity-Based Encryption

We construct two identity-based encryption (IBE) schemes. The first one is IBE satisfying key dependent message (KDM) security for user secret keys. The second one is IBE satisfying simulation-based receiver selective opening (RSO) security. Both schemes are secure against adaptive-ID attacks and do not have any a-priori bound on the number of challenge identities queried by adversaries in the security games. They are the first constructions of IBE satisfying such levels of security.

[1]  Chris Peikert,et al.  Circular and KDM Security for Identity-Based Encryption , 2012, Public Key Cryptography.

[2]  Carmit Hazay,et al.  Selective Opening Security for Receivers , 2015, ASIACRYPT.

[3]  Allison Bishop,et al.  New Circular Security Counterexamples from Decision Linear and Learning with Errors , 2015, ASIACRYPT.

[4]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..

[5]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[6]  Jonathan Katz,et al.  Adaptively-Secure, Non-interactive Public-Key Encryption , 2005, TCC.

[7]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[8]  Jorge Luis Villar,et al.  Identity-Based Encryption with Master Key-Dependent Message Security and Leakage-Resilience , 2012, ESORICS.

[9]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[10]  Matthew Green,et al.  New Definitions and Separations for Circular Security , 2012, Public Key Cryptography.

[11]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[12]  Brent Waters,et al.  Circular Security Separations for Arbitrary Length Cycles from LWE , 2016, CRYPTO.

[13]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[14]  David Cash,et al.  Cryptographic Agility and Its Relation to Circular Encryption , 2010, EUROCRYPT.

[15]  Brent Waters,et al.  Identity-Based Encryption Secure against Selective Opening Attack , 2011, TCC.

[16]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[17]  Brent Waters,et al.  Standard Security Does Not Imply Security against Selective-Opening , 2012, EUROCRYPT.

[18]  Dennis Hofheinz,et al.  Standard versus Selective Opening Security: Separation and Equivalence Results , 2014, TCC.

[19]  Benny Applebaum,et al.  Key-Dependent Message Security: Generic Amplification and Completeness , 2011, Journal of Cryptology.

[20]  Nico Döttling,et al.  From Selective IBE to Full IBE and Selective HIBE , 2017, TCC.

[21]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[22]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[23]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[24]  Brent Waters,et al.  Semi-adaptive Security and Bundling Functionalities Made Generic and Easy , 2016, TCC.

[25]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[26]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[27]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, Annual International Cryptology Conference.

[28]  Dennis Hofheinz,et al.  Standard Security Does Not Imply Indistinguishability Under Selective Opening , 2015, TCC.

[29]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[30]  Nico Döttling,et al.  Identity-Based Encryption from the Diffie-Hellman Assumption , 2017, CRYPTO.