Efficient CCA-Secure PKE from Identity-Based Techniques

Boneh, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure public key encryption (PKE) from any selective-ID CPA-secure identity-based encryption (IBE) schemes. Their approach treated IBE as a black box. Subsequently, Boyen, Mei, and Waters demonstrated how to build a direct CCA-secure PKE scheme from the Waters IBE scheme, which is adaptive-ID CPA secure. They made direct use of the underlying IBE structure, and required no cryptographic primitive other than the IBE scheme itself. However, their scheme requires long public key and the security reduction is loose. In this paper, we propose an efficient PKE scheme employing identity-based techniques. Our scheme requires short public key and is proven CCA-secure in the standard model (without random oracles) with a tight security reduction, under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. In addition, we show how to use our scheme to construct an efficient threshold public key encryption scheme and a public key encryption with non-interactive opening (PKENO) scheme.

[1]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[2]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[3]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[4]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[5]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[6]  Dan Boneh,et al.  Chosen Ciphertext Secure Public Key Threshold Encryption Without Random Oracles , 2006, CT-RSA.

[7]  David Galindo,et al.  Breaking and Repairing Damgård et al. Public Key Encryption Scheme with Non-interactive Opening , 2009, CT-RSA.

[8]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[9]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[10]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[11]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[12]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[13]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[14]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[15]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[16]  Mihir Bellare,et al.  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem , 2004, EUROCRYPT.

[17]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[18]  Brent Waters,et al.  Realizing Hash-and-Sign Signatures under Standard Assumptions , 2009, EUROCRYPT.

[19]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[20]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[21]  Eike Kiltz,et al.  On the Limitations of the Spread of an IBE-to-PKE Transformation , 2006, Public Key Cryptography.

[22]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[23]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[24]  David Cash,et al.  The Twin Diffie-Hellman Problem and Applications , 2008, EUROCRYPT.

[25]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, EUROCRYPT.

[26]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[27]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[28]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[29]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[30]  Amit Sahai,et al.  A Unified Methodology For Constructing Public-Key Encryption Schemes Secure Against Adaptive Chosen-Ciphertext Attack , 2002, IACR Cryptol. ePrint Arch..

[31]  Kaoru Kurosawa,et al.  Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption , 2008, IACR Cryptol. ePrint Arch..

[32]  Victor Shoup,et al.  Using Hash Functions as a Hedge against Chosen Ciphertext Attack , 2000, EUROCRYPT.

[33]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[34]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[35]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[36]  Ivan Damgård,et al.  Public-Key Encryption with Non-interactive Opening , 2008, CT-RSA.

[37]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[38]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[39]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[40]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[41]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[42]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[43]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[44]  Ivan Damgård,et al.  Non-interactive Proofs for Integer Multiplication , 2007, EUROCRYPT.

[45]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[46]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[47]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[48]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[49]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[50]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[51]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.