Additively Homomorphic IBE from Higher Residuosity

  • Michael ClearEmail author
  • Ciaran McGoldrick
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11442)


We present an identity-Based encryption (IBE) scheme that is group homomorphic for addition modulo a “large” (i.e. superpolynomial) integer, the first such group homomorphic IBE. Our first result is the construction of an IBE scheme supporting homomorphic addition modulo a poly-sized prime e. Our construction builds upon the IBE scheme of Boneh, LaVigne and Sabin (BLS). BLS relies on a hash function that maps identities to \(e^{\text {th}}\) residues. However there is no known way to securely instantiate such a function. Our construction extends BLS so that it can use a hash function that can be securely instantiated. We prove our scheme Open image in new window secure under the (slightly modified) \(e^{\text {th}}\) residuosity assumption in the random oracle model and show that it supports a (modular) additive homomorphism. By using multiple instances of the scheme with distinct primes and leveraging the Chinese Remainder Theorem, we can support homomorphic addition modulo a “large” (i.e. superpolynomial) integer. We also show that our scheme for \(e > 2\) is anonymous by additionally assuming the hardness of deciding solvability of a special system of multivariate polynomial equations. We provide a justification for this assumption by considering known attacks.


  1. 1.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). Scholar
  2. 2.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  3. 3.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). Scholar
  4. 4.
    Armknecht, F., Katzenbeisser, S., Peter, A.: Group homomorphic encryption: characterizations, impossibility results, and applications. Des. Codes Cryptogr. 67, 1–24 (2012)MathSciNetzbMATHGoogle Scholar
  5. 5.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 364–373. IEEE Computer Society, Washington, DC (1997)Google Scholar
  6. 6.
    Benaloh, J.D.C.: Verifiable secret-ballot elections. Ph.D. thesis, Yale University, New Haven, CT, USA (1987). AAI8809191Google Scholar
  7. 7.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: Proceedings of the 26th Annual Symposium on Foundations of Computer Science, pp. 372–382. IEEE Computer Society, Washington, DC (1985)Google Scholar
  8. 8.
    Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996). Scholar
  9. 9.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). Scholar
  10. 10.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001). Scholar
  11. 11.
    Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35, 1254–1281 (2006)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Sander, T., Young, A.L., Yung, M.: Non-interactive cryptocomputing for nc\(^{\text{1}}\). In: FOCS, pp. 554–567. IEEE Computer Society (1999)Google Scholar
  13. 13.
    Fischlin, M.: A cost-effective pay-per-multiplication comparison method for millionaires. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 457–471. Springer, Heidelberg (2001). Scholar
  14. 14.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984). See also preliminary version in 14th STOC, 1982MathSciNetCrossRefGoogle Scholar
  15. 15.
    Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: Gong, L., Reiter, M.K., (eds.) ACM Conference on Computer and Communications Security, pp. 59–66. ACM (1998)Google Scholar
  16. 16.
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998). Scholar
  17. 17.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). Scholar
  18. 18.
    Gjøsteen, K.: Homomorphic cryptosystems based on subgroup membership problems. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 314–327. Springer, Heidelberg (2005). Scholar
  19. 19.
    Gjøsteen, K.: Symmetric subgroup membership problems. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 104–119. Springer, Heidelberg (2005). Scholar
  20. 20.
    Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992). Scholar
  21. 21.
    Clear, M., Hughes, A., Tewari, H.: Homomorphic encryption with access policies: characterization and new constructions. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 61–87. Springer, Heidelberg (2013). Scholar
  22. 22.
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. Assoc. Comput. Mach. 45, 965–981 (1998)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Oliveira, L., Scott, M., Lopez, J., Dahab, R.: TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks. In: 5th International Conference on Networked Sensing Systems, INSS 2008, pp. 173–180 (2008)Google Scholar
  24. 24.
    Liu, A., Ning, P.: TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: IPSN 2008: Proceedings of the 7th International Conference on Information Processing in Sensor Networks, pp. 245–256. IEEE Computer Society, Washington, DC (2008)Google Scholar
  25. 25.
    Oliveira, L.B., Aranha, D.F., Morais, E., Daguano, F., López, J., Dahab, R.: TinyTate: computing the tate pairing in resource-constrained sensor nodes. In: IEEE International Symposium on Network Computing and Applications, pp. 318–323 (2007)Google Scholar
  26. 26.
    Szczechowiak, P., Kargl, A., Scott, M., Collier, M.: On the application of pairing based cryptography to wireless sensor networks. In: WiSec 2009: Proceedings of the Second ACM Conference on Wireless Network Security, pp. 1–12. ACM, New York (2009)Google Scholar
  27. 27.
    Günther, F., Manulis, M., Peter, A.: Privacy-enhanced participatory sensing with collusion resistance and data aggregation. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 321–336. Springer, Cham (2014). Scholar
  28. 28.
    Boneh, D., LaVigne, R., Sabin, M.: Identity-based encryption with \(e\)th residuosity and its incompressibility. (TRUST Conference, poster presentation).
  29. 29.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, pp. 197–206. ACM, New York (2008)Google Scholar
  30. 30.
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9, 169–203 (2015)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Joye, M.: On Identity-Based Cryptosystems from Quadratic Residuosity.
  32. 32.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. J. Cryptol. 26, 39–74 (2013)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Squirrel, D.: Computing reciprocity symbols in number fields. Thesis (B.A.) Reed College (1997)Google Scholar
  34. 34.
    Boneh, D., Gentry, C., Hamburg, M.: Space-efficient identity based encryption without pairings. In: FOCS, pp. 647–657. IEEE Computer Society (2007)Google Scholar
  35. 35.
    Clear, M., Tewari, H., McGoldrick, C.: Anonymous IBE from quadratic residuosity with improved performance. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 377–397. Springer, Cham (2014). Scholar
  36. 36.
    Buchberger, B.: An algorithmic criterion for the solvability of a system of algebraic equations. In: Buchberger, B., Winkler, F. (eds.) Gröbner Bases and Applications. London Mathematical Society Lecture Notes Series, vol. 251, pp. 535–545. Cambridge University Press (1998)Google Scholar
  37. 37.
    Buchberger, B.: Introduction to Gröbner bases. In: Buchberger, B., Winkler, F. (eds.) Gröbner Bases and Applications. London Mathematical Society Lecture Notes Series, vol. 251, pp. 3–31. Cambridge University Press (1998)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Georgetown UniversityWashington, D.C.USA
  2. 2.Trinity College DublinDublinIreland

Personalised recommendations