On the Limitations of the Spread of an IBE-to-PKE Transformation

By a generic transformation by Canetti, Halevi, and Katz (CHK) every Identity-based encryption (IBE) scheme implies a chosen-ciphertext secure public-key encryption (PKE) scheme. In the same work it is claimed that this transformation maps the two existing IBE schemes to two new and different chosen-ciphertext secure encryption schemes, each with individual advantages over the other. In this work we reconsider one of the two specific instantiations of the CHK transformation (when applied to the “second Boneh/Boyen IBE scheme”). We demonstrate that by applying further simplifications the resulting scheme can be proven secure under a weaker assumption than the underlying IBE scheme. Surprisingly, our simplified scheme nearly converges to a recent encryption scheme due to Boyen, Mei, and Waters which itself was obtained from the other specific instantiation of the CHK transformation (when applied to the “first Boneh/Boyen IBE scheme”). We find this particularly interesting since the two underlying IBE schemes are completely different. The bottom line of this paper is that the claim made by Canetti, Halevi, and Katz needs to be reformulated to: the CHK transformation maps the two known IBE schemes to nearly one single encryption scheme.

[1]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[2]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[3]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[4]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[5]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[6]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[7]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[8]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[9]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[10]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[11]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[12]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[13]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[16]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[17]  F. Schlenk Proof of Theorem 4 , 2005 .

[18]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[19]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[20]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.