Towards Anonymous Ciphertext Indistinguishability with Identity Leakage

Key escrow is a major drawback of identity-based encryption (IBE). The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user's identity. This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user's identity. Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009. An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret's shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide. The notion of ACI crucially relies on the privacy of user's identity in the eyes of the KGC. The only privacy leakage allowed in Chow's model is via querying an embedded-identity encryption oracle. In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient's identity. We also give a generic construction on how to achieve this notion when the identity has enough entropy.

[1]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[2]  Allison Bishop,et al.  Storing Secrets on Continually Leaky Devices , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[3]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[4]  Allison Bishop,et al.  Achieving Leakage Resilience through Dual System Encryption , 2011, TCC.

[5]  Joseph K. Liu,et al.  Traceable and Retrievable Identity-Based Encryption , 2008, ACNS.

[6]  Siu-Ming Yiu,et al.  Identity-Based Encryption Resilient to Continual Auxiliary Leakage , 2012, EUROCRYPT.

[7]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[8]  Yi Mu,et al.  How to construct identity-based signatures without the key escrow problem , 2009, International Journal of Information Security.

[9]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[10]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[11]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[12]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[13]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[16]  Sherman S. M. Chow Removing Escrow from Identity-Based Encryption , 2009, Public Key Cryptography.

[17]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[18]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[19]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[20]  Yevgeniy Dodis,et al.  New Privacy-Preserving Architectures for Identity-/Attribute-based Encryption , 2010 .

[21]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[22]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[23]  Stanislaw Jarecki,et al.  Public Key Cryptography – PKC 2009 , 2009, Lecture Notes in Computer Science.

[24]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[25]  Colin Boyd,et al.  Security-Mediated Certificateless Cryptography , 2006, Public Key Cryptography.

[26]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[27]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[28]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[29]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[30]  Brent Waters,et al.  Black-box accountable authority identity-based encryption , 2008, CCS.