The k-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions
Over the past decade bilinear maps have been used to build a large variety of cryptosystems. In addition to new functionality, we have concurrently seen the emergence of many strong assumptions. In this work, we explore how to build bilinear map cryptosystems under progressively weaker assumptions.
We propose k-BDH, a new family of progressively weaker assumptions that generalizes the decisional bilinear Diffie-Hellman (DBDH) assumption. We give evidence in the generic group model that each assumption in our family is strictly weaker than the assumptions before it. DBDH has been used for proving many schemes secure, notably identity-based and functional encryption schemes; we expect that our k-BDH will lead to generalizations of many such schemes.
To illustrate the usefulness of our k-BDH family, we construct a family of selectively secure Identity-Based Encryption (IBE) systems based on it. Our system can be viewed as a generalization of the Boneh-Boyen IBE, however, the construction and proof require new ideas to fit the family. Our methods can be extended to produce hierarchical IBEs and CCA security; and give a fully secure variant. In addition, we discuss the opportunities and challenges of building new systems under our weaker assumption family.
Unable to display preview. Download preview PDF.
- 10.Shacham, H.: A Cramer-Shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptology ePrint Archive, Report 2007/074 (2007), http://eprint.iacr.org/
- 12.Lewko, A.B., Waters, B.: Efficient pseudorandom functions from the decisional linear assumption and weaker variants. In: ACM Conference on Computer and Communications Security, pp. 112–120. ACM (November 2009)Google Scholar
- 13.Boneh, D., Montgomery, H., Raghunathan, A.: Algebraic pseudorandom functions with improved efficiency from the augmented cascade. In: Keromytis, A., Shmatikov, V. (eds.) Proceedings of CCS 2010, pp. 131–140. ACM Press (October 2010)Google Scholar
- 17.Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: Trevisan, L. (ed.) Proceedings of FOCS 2010, pp. 511–520. IEEE Computer Society (October 2010)Google Scholar
- 23.Benson, K., Shacham, H., Waters, B.: The k-bdh assumption family: Bilinear map cryptography from progressively weaker assumptions. Cryptology ePrint Archive, Report 2012 (2012), http://eprint.iacr.org/
- 25.Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: Atluri, V., Meadows, C., Juels, A. (eds.) Proceedings of CCS 2005, pp. 320–329. ACM Press (November 2005)Google Scholar
- 27.Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM Conference on Computer and Communications Security 2006, pp. 89–98. ACM (November 2006)Google Scholar
- 29.Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Dwork, C. (ed.) Proceedings of STOC 2008, pp. 187–196. ACM (May 2008)Google Scholar
- 31.Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Proceedings of STOC 1989, pp. 25–32. ACM (1989)Google Scholar
- 35.Babai, L., Szemerédi, E.: On the complexity of matrix group problems I. In: Proceedings of FOCS 1984, pp. 229–240. IEEE Computer Society (October 1984)Google Scholar
- 36.Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. In: Topics in Algebraic and Noncommutative Geometry: Proceedings in Memory of Ruth Michler. Contemporary Mathematics, vol. 324, pp. 71–90. American Mathematical Society (2003)Google Scholar
- 37.Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices and applications. Cryptology ePrint Archive, Report 2012/610 (2012)Google Scholar