Blind Identity-Based Encryption and Simulatable Oblivious Transfer

  • Matthew Green
  • Susan Hohenberger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4833)

Abstract

In an identity-based encryption (IBE) scheme, there is a key extraction protocol where a user submits an identity string to a master authority who then returns the corresponding secret key for that identity. In this work, we describe how this protocol can be performed efficiently and in a blind fashion for several known IBE schemes; that is, a user can obtain a secret key for an identity without the master authority learning anything about this identity.

We formalize this notion as blind IBE and discuss its many practical applications. In particular, we build upon the recent work of Camenisch, Neven, and shelat [12] to construct oblivious transfer (OT) schemes which achieve full simulatability for both sender and receiver. OT constructions with comparable efficiency prior to Camenisch et al. were proven secure in the weaker half-simulation model. Our OT schemes are constructed from the blind IBE schemes we propose, which require only static complexity assumptions (e.g., DBDH) whereas prior comparable schemes require dynamic assumptions (e.g., q-PDDH).

References

  1. 1.
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)Google Scholar
  2. 2.
    Boldyreva, A.: Threshold, Multisignature and Blind Signature Schemes Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Boyen, X.: Efficient selective-ID secure Identity-Based Encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)Google Scholar
  7. 7.
    Boneh, D., Gentry, C., Hamburg, M.: Space-efficient identity based encryption without pairings. In: FOCS (to appear, 2007)Google Scholar
  8. 8.
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Brassard, G., Crépeau, C., Robert, J.-M.: All-or-nothing disclosure of secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)Google Scholar
  11. 11.
    Camenisch, J., Michels, M.: Proving in zero-knowledge that a number n is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Camenisch, J., Neven, G., shelat, A.: Simulatable adaptive oblivious transfer. In: EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  14. 14.
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp. 639–648 (1996)Google Scholar
  15. 15.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from Identity Based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy come – easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Chatterjee, S., Sarkar, P.: Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 424–440. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Chatterjee, S., Sarkar, P.: HIBE with Short Public Parameters without Random Oracle. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 145–160. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO 1982, pp. 199–203. Plenum Press (1982)Google Scholar
  20. 20.
    Chen, L., Cheng, Z., Smart, N.: Identity-based key agreement protocols from pairings. International Journal of Information Security 6, 213–241 (2007)CrossRefGoogle Scholar
  21. 21.
    Cheon, J.H.: Security analysis of the strong Diffie-Hellman problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Cocks, C.: An identity based encryption scheme based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  24. 24.
    Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant-round oblivious transfer in the bounded storage model. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 446–472. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: CRYPTO 1982, pp. 205–210 (1982)Google Scholar
  26. 26.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  27. 27.
    Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)Google Scholar
  29. 29.
    Goyal, V.: Reducing trust in the PKG in identity based cryptosystems. In: CRYPTO 2007. LNCS, vol. 4622, pp. 430–447. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Green, M., Hohenberger, S.: Blind identity-based encryption and simulatable oblivious transfer. Cryptology ePrint Archive, Report 2007/235 (2007)Google Scholar
  31. 31.
    Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005)Google Scholar
  32. 32.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC, pp. 20–31 (1988)Google Scholar
  33. 33.
    Miyazaki, S., Sakurai, K.: A more efficient untraceable e-cash system with partially blind signatures based on the discrete logarithm problem. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 296–308. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  34. 34.
    Naccache, D.: Secure and practical identity-based encryption. Cryptology ePrint Archive, Report 2005/369 (2005), http://eprint.iacr.org/
  35. 35.
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: STOC 1999, pp. 245–254 (1999)Google Scholar
  36. 36.
    Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999)Google Scholar
  37. 37.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA 2001, pp. 448–457 (2001)Google Scholar
  38. 38.
    Ogata, W., Kurosawa, K.: Oblivious keyword search. Special issue on coding and cryptography Journal of Complexity 20(2-3), 356–371 (2004)MATHMathSciNetGoogle Scholar
  39. 39.
    Okamoto, T.: Efficient blind and partially blind signatures without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  40. 40.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  41. 41.
    Rabin, M.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Laboratory, Harvard University (1981)Google Scholar
  42. 42.
    Schnorr, C.-P.: Efficient signature generation for smart cards. Journal of Cryptology 4(3), 239–252 (1991)CrossRefMathSciNetGoogle Scholar
  43. 43.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  44. 44.
    Waters, B.: Efficient Identity-Based Encryption without random oracles. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)Google Scholar
  45. 45.
    Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: NDSS 2004 (2004)Google Scholar
  46. 46.
    Yao, A.: How to generate and exchange secrets. In: FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Matthew Green
    • 1
  • Susan Hohenberger
    • 1
  1. 1.The Johns Hopkins University, Information Security Institute, 3400 N. Charles Street; Baltimore, MD 21218USA

Personalised recommendations