Skip to main content
SpringerLink
Log in

Receiver selective opening security for identity-based encryption in the multi-challenge setting

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Receiver selective opening (RSO) security requires that in a situation where there are one sender and multiple receivers, even if an adversary has access to all ciphertexts and adaptively corrupts some fraction of the receivers to obtain their secret keys, the (potentially related) ciphertexts of the uncorrupted receivers remain secure. All of the existing works construct RSO secure identity-based encryption (IBE) in the single-challenge setting, where each identity is used only once for encryption. This restriction makes RSO security for IBE unrealistic in practice. It is preferable to have IBE schemes with RSO security in the multi-challenge setting in practice, where each identity can be used to encrypt multiple messages. In this paper, we initiate the study of RSO security in the multi-challenge setting (which we call \(\hbox {RSO}_k\) security) for IBE. Concretely, we show that the conclusion of lower bound, proposed by Yang et al. (in: ASIACRYPT 2020, Springer, 2020), on the secret key size of RSO secure public-key encryption also holds in the IBE setting (i.e., an IBE scheme cannot be \(\hbox {RSO}_k\) secure if the length of its secret key is not k times larger than the length of message). For construction, we propose a generic construction of IBE achieving \(\hbox {RSO}_k\) security. Through our generic construction, we can obtain \(\hbox {RSO}_k\) secure IBE schemes based on decisional linear (DLIN) assumption and learning with error (LWE) assumption. Furthermore, we show that the well-known Fujisaki–Okamoto transformation can be applied to construct a practical IBE scheme achieving \(\hbox {RSO}_k\) security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Data availibility

Data sharing not applicable to this article as no datasets were generated or analysed during the current study.

Notes

  1. Note that \((\textsf {id}_i)_{i\in [n]}\) are specified by \({\mathcal {A}}_1\), and they are required to satisfy that \(\{\textsf {id}_i\mid i\in [n]\}\cap {\mathcal {L}}_{\text {id}}=\emptyset \). So \({\mathcal {A}}_1\) cannot obtain secret keys for \((\textsf {id}_i)_{i\in [n]}\) via querying \({\mathcal {O}}_{\text {KGen}}\).

  2. Note that the case of \(\theta \ge {\widetilde{\theta }}\) has been discussed in (a).

References

  1. Agrawal S., Boneh D., Boyen X.: Efficient lattice (H)IBE in the standard model. In: EUROCRYPT 2010, pp. 553–572. Springer (2010).

  2. Bellare M., Dowsley R., Waters B., Yilek S.: Standard security does not imply security against selective-opening. In: EUROCRYPT 2012, pp. 645–662. Springer (2012).

  3. Bellare M., Hofheinz D., Yilek S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: EUROCRYPT 2009, pp. 1–35. Springer (2009).

  4. Bellare M., O’Neill A.: Semantically-secure functional encryption: possibility results, impossibility results and the quest for a general definition. In: CANS 2013, pp. 218–234. Springer (2013).

  5. Bellare M., Waters B., Yilek S.: Identity-based encryption secure against selective opening attack. In: TCC 2011, pp. 235–252. Springer (2011).

  6. Bellare M., Yilek S.: Encryption schemes secure under selective opening attack. Cryptology ePrint Archive, Report 2009/101 (2009). https://eprint.iacr.org/2009/101.

  7. Boneh D., Franklin M.: Identity-based encryption from the weil pairing. In: CRYPTO 2001, pp. 213–229. Springer (2001).

  8. Boyen X., Li Q.: All-but-many lossy trapdoor functions from lattices and applications. In: CRYPTO 2017, pp. 298–331. Springer (2017).

  9. Fehr S., Hofheinz D., Kiltz E., Wee H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: EUROCRYPT 2010, pp. 381–402. Springer (2010).

  10. Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. In: CRYPTO 1999, pp. 537–554. Springer (1999).

  11. Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013).

    Article  MathSciNet  MATH  Google Scholar 

  12. Groth J., Ostrovsky R., Sahai A.: Perfect non-interactive zero knowledge for np. In: EUROCRYPT 2006, pp. 339–358. Springer (2006).

  13. Hara K., Kitagawa F., Matsuda T., Hanaoka G., Tanaka K.: Simulation-based receiver selective opening CCA secure PKE from standard computational assumptions. In: Security and Cryptography for Networks 2018, pp. 140–159. Springer (2018).

  14. Hara K., Matsuda T., Tanaka K.: Receiver selective opening chosen ciphertext secure identity-based encryption. In: Proceedings of the 8th ACM on ASIA Public-Key Cryptography Workshop, pp. 51–59 (2021).

  15. Hazay C., Patra A., Warinschi B.: Selective opening security for receivers. In: ASIACRYPT 2015, pp. 443–469. Springer (2015).

  16. Hemenway B., Libert B., Ostrovsky R., Vergnaud D.: Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security. In: ASIACRYPT 2011, pp. 70–88. Springer (2011).

  17. Heuer F., Jager T., Kiltz E., Schäge S.: On the selective opening security of practical public-key encryption schemes. In: PKC 2015, 27–51 (2015).

  18. Heuer F., Poettering B.: Selective opening security from simulatable data encapsulation. In: ASIACRYPT 2016, pp. 248–277. Springer (2016).

  19. Hofheinz D.: All-but-many lossy trapdoor functions. In: EUROCRYPT 2012, pp. 209–227. Springer (2012).

  20. Hofheinz D., Rao V., Wichs D.: Standard security does not imply indistinguishability under selective opening. In: TCC 2016, pp. 121–145. Springer (2016).

  21. Hofheinz D., Rupp A.: Standard versus selective opening security: separation and equivalence results. In: TCC 2014, pp. 591–615. Springer (2014).

  22. Huang Z., Lai J., Chen W., Au M.H., Peng Z., Li J.: Simulation-based selective opening security for receivers under chosen-ciphertext attacks. Des. Codes Cryptogr. 87(6), 1345–1371 (2019).

    Article  MathSciNet  MATH  Google Scholar 

  23. Huang Z., Liu S., Mao X., Chen K.: Non-malleability under selective opening attacks: Implication and separation. In: ACNS 2015, pp. 87–104. Springer (2015).

  24. Huang Z., Liu S., Qin B.: Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited. In: PKC 2013, pp. 369–385. Springer (2013).

  25. Jia D., Libert B.: SO-CCA secure PKE from pairing based all-but-many lossy trapdoor functions. Des. Codes Cryptogr. 89(5), 895–923 (2021).

    Article  MathSciNet  MATH  Google Scholar 

  26. Jia D., Liu Y., Li B.: IBE with tight security against selective opening and chosen-ciphertext attacks. Des. Codes Cryptogr. 88, 1371–1400 (2020).

    Article  MathSciNet  MATH  Google Scholar 

  27. Jia D., Lu X., Li B.: Receiver selective opening security from indistinguishability obfuscation. In: INDOCRYPT 2016, pp. 393–410. Springer (2016).

  28. Jia D., Lu X., Li B.: Constructions secure against receiver selective opening and chosen ciphertext attacks. In: CT-RSA 2017, pp. 417–431. Springer (2017).

  29. Kitagawa F., Tanaka K.: Key dependent message security and receiver selective opening security for identity-based encryption. In: PKC 2018, pp. 32–61. Springer (2018).

  30. Lai J., Deng R.H., Liu S., Weng J., Zhao Y.: Identity-based encryption secure against selective opening chosen-ciphertext attack. In: EUROCRYPT 2014, pp. 77–92. Springer (2014).

  31. Lai J., Yang R., Huang Z., Weng J.: Simulation-based bi-selective opening security for public key encryption. In: ASIACRYPT 2021, pp. 456–482. Springer (2021).

  32. Libert B., Sakzad A., Stehlé D., Steinfeld R.: All-but-many lossy trapdoor functions and selective opening chosen-ciphertext security from LWE. In: CRYPTO 2017, pp. 332–364. Springer (2017).

  33. Liu S., Paterson K.G.: Simulation-based selective opening CCA security for PKE from key encapsulation mechanisms. In: PKC 2015, pp. 3–26. Springer (2015).

  34. Lu Y., Hara K., Tanaka K.: Receiver selective opening CCA secure public key encryption from various assumptions. In: Provable and Practical Security 2020, pp. 213–233. Springer (2020).

  35. Lyu L., Liu S., Han S., Gu D.: Tightly SIM-SO-CCA secure public key encryption from standard assumptions. In: PKC 2018, pp. 62–92. Springer (2018).

  36. Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp. 427–437. Citeseer (1990).

  37. Peikert C., Shiehian S.: Noninteractive zero knowledge for np from (plain) learning with errors. In: CRYPTO 2019, pp. 89–114. Springer (2019).

  38. Sahai A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS 1999, pp. 543–553. IEEE (1999).

  39. Sahai A.: Simulation-sound non-interactive zero knowledge (2001). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.7990 &rep=rep1 &type=pdf.

  40. Waters B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: CRYPTO 2009, pp. 619–636. Springer (2009).

  41. Yang P., Kitagawa T., Hanaoka G., Zhang R., Matsuura K., Imai H.: Applying Fujisaki-Okamoto to identity-based encryption. In: Applied Algebra. Algebraic Algorithms and Error-Correcting Codes - AAECC 2006, pp. 183–192. Springer, Berlin (2006).

    Google Scholar 

  42. Yang R., Lai J., Huang Z., Au M.H., Xu Q., Susilo W.: Possibility and impossibility results for receiver selective opening secure PKE in the multi-challenge setting. In: ASIACRYPT 2020, pp. 191–220. Springer (2020).

Download references

Acknowledgements

This work is supported by the National Natural Science Foundation of China (Grant Nos. 61922036, U2001205, 62106114), and Major Program of Guangdong Basic and Applied Research (Grant No. 2019B030302008).

Author information

Authors and Affiliations

  1. Peng Cheng Laboratory, Shenzhen, China

    Zhengan Huang, Gongxian Zeng & Xin Mu

  2. College of Information Science and Technology, Jinan University, Guangzhou, China

    Junzuo Lai

Authors
  1. Zhengan Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junzuo Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gongxian Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xin Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhengan Huang.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Communicated by K. Matsuura.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Huang, Z., Lai, J., Zeng, G. et al. Receiver selective opening security for identity-based encryption in the multi-challenge setting. Des. Codes Cryptogr. 91, 1233–1259 (2023). https://doi.org/10.1007/s10623-022-01147-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-022-01147-8

Keywords

Mathematics Subject Classification

Search

Navigation