Identity-Based Cryptosystems and Quadratic Residuosity

  • Marc Joye
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9614)


Three approaches are currently used for devising identity-based encryption schemes. They respectively build on pairings, quadratic residues (\(\mathsf {QR}\)), and lattices. Among them, the \(\mathsf {QR}\)-based scheme proposed by Cocks in 2001 is notable in that it works in standard RSA groups: its security relies on the standard quadratic residuosity assumption. But it has also a number of deficiencies, some of them have been subsequently addressed in follow-up works. Currently, one of the main limitations of Cocks’ scheme resides in its apparent lack of structure. This considerably restricts the range of possible applications. For example, given two Cocks ciphertexts, it is unknown how to evaluate of a function thereof.

Cocks’ scheme is believed to be non-homomorphic. This paper disproves this conjecture and proposes a constructive method for computing over Cocks ciphertexts. The discovery of the hidden algebraic structure behind Cocks encryption is at the core of the method. It offers a better understanding of Cocks’ scheme. As a further illustration of the importance of the knowledge of the underlying structure, this paper shows how to anonymize Cocks ciphertexts without increasing their size or sacrificing the security.

Finally and of independent interest, this paper presents a simplified version of the abstract identity-based cryptosystem with short ciphertexts of Boneh, Gentry, and Hamburg.


Public-key cryptography Identity-based encryption Cocks’ scheme Homomorphic encryption Anonymous encryption Public-key encryption with keyword search Quadratic residuosity 



I am grateful to Michael Clear for sending a copy of [11] and to Dan Boneh for useful discussions.


  1. 1.
    Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. J. Cryptology 21(3), 350–391 (2008)CrossRefMathSciNetzbMATHGoogle Scholar
  2. 2.
    Ateniese, G., Gasti, P.: Universally anonymous IBE based on the quadratic residuosity assumption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 32–47. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Barth, A., Boneh, D., Waters, B.: Privacy in encrypted content distribution using private broadcast encryption. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 52–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press (1993)Google Scholar
  6. 6.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)CrossRefMathSciNetzbMATHGoogle Scholar
  8. 8.
    Boneh, D., Gentry, C., Hamburg, M.: Space-efficient identity based encryption without pairings. In: 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2007), pp. 647–657. IEEE Computer Society (2007)Google Scholar
  9. 9.
    Boneh, D., LaVigne, R., Sabin, M.: Identity-based encryption with \(e^{\rm th}\) residuosity and its incompressibility. In: Autumn TRUST Conference, Washington DC, 9–10 October 2013, poster presentationGoogle Scholar
  10. 10.
    Clear, M., Hughes, A., Tewari, H.: Homomorphic encryption with access policies: characterization and new constructions. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 61–87. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Clear, M., Tewari, H., McGoldrick, C.: Anonymous IBE from quadratic residuosity with improved performance. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 377–397. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  12. 12.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Desmedt, Y.G., Quisquater, J.-J.: Public-key systems based on the difficulty of tampering. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 111–117. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  14. 14.
    Di Crescenzo, G., Saraswat, V.: Public key encryption with searchable keywords based on Jacobi symbols. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 282–296. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    van Dijk, M., Woodruff, D.P.: Asymptotically optimal communication for torus-based cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 157–178. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors from hard lattices and new cryptographic constructions. In: Dwork, C. (ed.) Proceedings of the 40th Annua ACM Symposium on Theory of Computing (STOC 2008). pp. 197–206. ACM Press (2008)Google Scholar
  17. 17.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)CrossRefMathSciNetzbMATHGoogle Scholar
  18. 18.
    Halevi, S.: A sufficient condition for key-privacy. IACR Cryptology ePrint Archive, Report 2005/005 (2005)Google Scholar
  19. 19.
    Jhanwar, M.P., Barua, R.: A variant of Boneh-Gentry-Hamburg’s pairing-free identity based encryption scheme. In: Yung, M., Liu, P., Lin, D. (eds.) Inscrypt 2008. LNCS, vol. 5487, pp. 314–331. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Joye, M., Neven, G. (eds.): Identity-Based Cryptography, Cryptology and Information Security Series, vol. 2. IOS Press, Amsterdam (2009)Google Scholar
  21. 21.
    Kiayias, A., Tsiounis, Y., Yung, M.: Group encryption. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 181–199. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Rubin, K., Silverberg, A.: Torus-based cryptography. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 349–365. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Rubin, K., Silverberg, A.: Compression in finite fields and torus-based cryptography. SIAM J. Comput. 37(5), 1401–1428 (2008)CrossRefMathSciNetzbMATHGoogle Scholar
  24. 24.
    Sakai, R., Kasahara, M.: ID based cryptosystems with pairing on elliptic curve. IACR Cryptology ePrint Archive, Report 2003/054 (2003)Google Scholar
  25. 25.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.TechnicolorLos AltosUSA

Personalised recommendations