Hierarchical Identity Based Encryption with Constant Size Ciphertext

We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth. Encryption is as efficient as in other HIBE systems. We prove that the scheme is selective-ID secure in the standard model and fully secure in the random oracle model. Our system has a number of applications: it gives very efficient forward secure public key and identity based cryptosystems (with short ciphertexts), it converts the NNL broadcast encryption system into an efficient public key broadcast system, and it provides an efficient mechanism for encrypting to the future. The system also supports limited delegation where users can be given restricted private keys that only allow delegation to bounded depth. The HIBE system can be modified to support sublinear size private keys at the cost of some ciphertext expansion.

[1]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[2]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[3]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[4]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[5]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[6]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[7]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[8]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[9]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[10]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[11]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[12]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[13]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[14]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[15]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[16]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[17]  Marco Casassa Mont,et al.  The HP time vault service: exploiting IBE for timed release of confidential information , 2003, WWW '03.

[18]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[19]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[20]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[21]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[22]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[23]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[24]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[25]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[26]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.