Abstract
Receiver selective opening (RSO) security requires that in a situation where there are one sender and multiple receivers, even if an adversary has access to all ciphertexts and adaptively corrupts some fraction of the receivers to obtain their secret keys, the (potentially related) ciphertexts of the uncorrupted receivers remain secure. All of the existing works construct RSO secure identity-based encryption (IBE) in the single-challenge setting, where each identity is used only once for encryption. This restriction makes RSO security for IBE unrealistic in practice. It is preferable to have IBE schemes with RSO security in the multi-challenge setting in practice, where each identity can be used to encrypt multiple messages. In this paper, we initiate the study of RSO security in the multi-challenge setting (which we call \(\hbox {RSO}_k\) security) for IBE. Concretely, we show that the conclusion of lower bound, proposed by Yang et al. (in: ASIACRYPT 2020, Springer, 2020), on the secret key size of RSO secure public-key encryption also holds in the IBE setting (i.e., an IBE scheme cannot be \(\hbox {RSO}_k\) secure if the length of its secret key is not k times larger than the length of message). For construction, we propose a generic construction of IBE achieving \(\hbox {RSO}_k\) security. Through our generic construction, we can obtain \(\hbox {RSO}_k\) secure IBE schemes based on decisional linear (DLIN) assumption and learning with error (LWE) assumption. Furthermore, we show that the well-known Fujisaki–Okamoto transformation can be applied to construct a practical IBE scheme achieving \(\hbox {RSO}_k\) security.
Similar content being viewed by others
Data availibility
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
Notes
Note that \((\textsf {id}_i)_{i\in [n]}\) are specified by \({\mathcal {A}}_1\), and they are required to satisfy that \(\{\textsf {id}_i\mid i\in [n]\}\cap {\mathcal {L}}_{\text {id}}=\emptyset \). So \({\mathcal {A}}_1\) cannot obtain secret keys for \((\textsf {id}_i)_{i\in [n]}\) via querying \({\mathcal {O}}_{\text {KGen}}\).
Note that the case of \(\theta \ge {\widetilde{\theta }}\) has been discussed in (a).
References
Agrawal S., Boneh D., Boyen X.: Efficient lattice (H)IBE in the standard model. In: EUROCRYPT 2010, pp. 553–572. Springer (2010).
Bellare M., Dowsley R., Waters B., Yilek S.: Standard security does not imply security against selective-opening. In: EUROCRYPT 2012, pp. 645–662. Springer (2012).
Bellare M., Hofheinz D., Yilek S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: EUROCRYPT 2009, pp. 1–35. Springer (2009).
Bellare M., O’Neill A.: Semantically-secure functional encryption: possibility results, impossibility results and the quest for a general definition. In: CANS 2013, pp. 218–234. Springer (2013).
Bellare M., Waters B., Yilek S.: Identity-based encryption secure against selective opening attack. In: TCC 2011, pp. 235–252. Springer (2011).
Bellare M., Yilek S.: Encryption schemes secure under selective opening attack. Cryptology ePrint Archive, Report 2009/101 (2009). https://eprint.iacr.org/2009/101.
Boneh D., Franklin M.: Identity-based encryption from the weil pairing. In: CRYPTO 2001, pp. 213–229. Springer (2001).
Boyen X., Li Q.: All-but-many lossy trapdoor functions from lattices and applications. In: CRYPTO 2017, pp. 298–331. Springer (2017).
Fehr S., Hofheinz D., Kiltz E., Wee H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: EUROCRYPT 2010, pp. 381–402. Springer (2010).
Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. In: CRYPTO 1999, pp. 537–554. Springer (1999).
Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013).
Groth J., Ostrovsky R., Sahai A.: Perfect non-interactive zero knowledge for np. In: EUROCRYPT 2006, pp. 339–358. Springer (2006).
Hara K., Kitagawa F., Matsuda T., Hanaoka G., Tanaka K.: Simulation-based receiver selective opening CCA secure PKE from standard computational assumptions. In: Security and Cryptography for Networks 2018, pp. 140–159. Springer (2018).
Hara K., Matsuda T., Tanaka K.: Receiver selective opening chosen ciphertext secure identity-based encryption. In: Proceedings of the 8th ACM on ASIA Public-Key Cryptography Workshop, pp. 51–59 (2021).
Hazay C., Patra A., Warinschi B.: Selective opening security for receivers. In: ASIACRYPT 2015, pp. 443–469. Springer (2015).
Hemenway B., Libert B., Ostrovsky R., Vergnaud D.: Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security. In: ASIACRYPT 2011, pp. 70–88. Springer (2011).
Heuer F., Jager T., Kiltz E., Schäge S.: On the selective opening security of practical public-key encryption schemes. In: PKC 2015, 27–51 (2015).
Heuer F., Poettering B.: Selective opening security from simulatable data encapsulation. In: ASIACRYPT 2016, pp. 248–277. Springer (2016).
Hofheinz D.: All-but-many lossy trapdoor functions. In: EUROCRYPT 2012, pp. 209–227. Springer (2012).
Hofheinz D., Rao V., Wichs D.: Standard security does not imply indistinguishability under selective opening. In: TCC 2016, pp. 121–145. Springer (2016).
Hofheinz D., Rupp A.: Standard versus selective opening security: separation and equivalence results. In: TCC 2014, pp. 591–615. Springer (2014).
Huang Z., Lai J., Chen W., Au M.H., Peng Z., Li J.: Simulation-based selective opening security for receivers under chosen-ciphertext attacks. Des. Codes Cryptogr. 87(6), 1345–1371 (2019).
Huang Z., Liu S., Mao X., Chen K.: Non-malleability under selective opening attacks: Implication and separation. In: ACNS 2015, pp. 87–104. Springer (2015).
Huang Z., Liu S., Qin B.: Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited. In: PKC 2013, pp. 369–385. Springer (2013).
Jia D., Libert B.: SO-CCA secure PKE from pairing based all-but-many lossy trapdoor functions. Des. Codes Cryptogr. 89(5), 895–923 (2021).
Jia D., Liu Y., Li B.: IBE with tight security against selective opening and chosen-ciphertext attacks. Des. Codes Cryptogr. 88, 1371–1400 (2020).
Jia D., Lu X., Li B.: Receiver selective opening security from indistinguishability obfuscation. In: INDOCRYPT 2016, pp. 393–410. Springer (2016).
Jia D., Lu X., Li B.: Constructions secure against receiver selective opening and chosen ciphertext attacks. In: CT-RSA 2017, pp. 417–431. Springer (2017).
Kitagawa F., Tanaka K.: Key dependent message security and receiver selective opening security for identity-based encryption. In: PKC 2018, pp. 32–61. Springer (2018).
Lai J., Deng R.H., Liu S., Weng J., Zhao Y.: Identity-based encryption secure against selective opening chosen-ciphertext attack. In: EUROCRYPT 2014, pp. 77–92. Springer (2014).
Lai J., Yang R., Huang Z., Weng J.: Simulation-based bi-selective opening security for public key encryption. In: ASIACRYPT 2021, pp. 456–482. Springer (2021).
Libert B., Sakzad A., Stehlé D., Steinfeld R.: All-but-many lossy trapdoor functions and selective opening chosen-ciphertext security from LWE. In: CRYPTO 2017, pp. 332–364. Springer (2017).
Liu S., Paterson K.G.: Simulation-based selective opening CCA security for PKE from key encapsulation mechanisms. In: PKC 2015, pp. 3–26. Springer (2015).
Lu Y., Hara K., Tanaka K.: Receiver selective opening CCA secure public key encryption from various assumptions. In: Provable and Practical Security 2020, pp. 213–233. Springer (2020).
Lyu L., Liu S., Han S., Gu D.: Tightly SIM-SO-CCA secure public key encryption from standard assumptions. In: PKC 2018, pp. 62–92. Springer (2018).
Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp. 427–437. Citeseer (1990).
Peikert C., Shiehian S.: Noninteractive zero knowledge for np from (plain) learning with errors. In: CRYPTO 2019, pp. 89–114. Springer (2019).
Sahai A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS 1999, pp. 543–553. IEEE (1999).
Sahai A.: Simulation-sound non-interactive zero knowledge (2001). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.7990 &rep=rep1 &type=pdf.
Waters B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: CRYPTO 2009, pp. 619–636. Springer (2009).
Yang P., Kitagawa T., Hanaoka G., Zhang R., Matsuura K., Imai H.: Applying Fujisaki-Okamoto to identity-based encryption. In: Applied Algebra. Algebraic Algorithms and Error-Correcting Codes - AAECC 2006, pp. 183–192. Springer, Berlin (2006).
Yang R., Lai J., Huang Z., Au M.H., Xu Q., Susilo W.: Possibility and impossibility results for receiver selective opening secure PKE in the multi-challenge setting. In: ASIACRYPT 2020, pp. 191–220. Springer (2020).
Acknowledgements
This work is supported by the National Natural Science Foundation of China (Grant Nos. 61922036, U2001205, 62106114), and Major Program of Guangdong Basic and Applied Research (Grant No. 2019B030302008).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Communicated by K. Matsuura.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Huang, Z., Lai, J., Zeng, G. et al. Receiver selective opening security for identity-based encryption in the multi-challenge setting. Des. Codes Cryptogr. 91, 1233–1259 (2023). https://doi.org/10.1007/s10623-022-01147-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-022-01147-8