Identity-Based Encryption Tightly Secure Under Chosen-Ciphertext Attacks
We propose the first identity-based encryption (IBE) scheme that is (almost) tightly secure against chosen-ciphertext attacks. Our scheme is efficient, in the sense that its ciphertext overhead is only seven group elements, three group elements more than that of the state-of-the-art passively (almost) tightly secure IBE scheme. Our scheme is secure in a multi-challenge setting, i.e., in face of an arbitrary number of challenge ciphertexts. The security of our scheme is based upon the standard symmetric external Diffie-Hellman assumption in pairing-friendly groups, but we also consider (less efficient) generalizations under weaker assumptions.
KeywordsIdentity-based encryption Chosen-ciphertext security Tight security reductions
We thank the anonymous reviewers for their comments and, in particular, for pointing a problem in our definition of unbounded simulation soundness, and one in the proof of Theorem 4 in a previous version of this paper. The first author was supported by ERC Project PREP-CRYPTO (724307) and DFG grants (HO 4534/4-1, HO 4534/2-2), the second author was supported by the National Nature Science Foundation of China (Nos. 61502484, 61572495, 61772515), the Fundamental theory and cutting edge technology Research Program of Institute of Information Engineering, CAS (Grant No. Y7Z0291103) and the National Cryptography Development Fund (No. MMJJ20170116), and the third author was supported by the DFG grant (HO 4534/4-1). This work was done while the second author was visiting KIT. The visit was supported by China Scholarship Council.
- 22.Gong, J., Dong, X., Chen, J., Cao, Z.: Efficient IBE with tight reduction to standard assumption in the multi-challenge setting. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 624–654. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_21CrossRefGoogle Scholar
- 37.Libert, B., Joye, M., Yung, M., Peters, T.: Concise multi-challenge CCA-secure encryption and signatures with almost tight security. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 1–21. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_1CrossRefGoogle Scholar
- 40.Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th FOCS, pp. 458–467. IEEE Computer Society Press, October 1997Google Scholar
- 41.Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427–437. ACM Press, May 1990Google Scholar
- 42.Shoup, V., Shoup, V.: Why chosen ciphertext security matters. IBM research report RZ 3076 (1998)Google Scholar