Identity-Based Encryption with Master Key-Dependent Message Security and Leakage-Resilience

  • David Galindo
  • Javier Herranz
  • Jorge Villar
Conference paper

DOI: 10.1007/978-3-642-33167-1_36

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)
Cite this paper as:
Galindo D., Herranz J., Villar J. (2012) Identity-Based Encryption with Master Key-Dependent Message Security and Leakage-Resilience. In: Foresti S., Yung M., Martinelli F. (eds) Computer Security – ESORICS 2012. ESORICS 2012. Lecture Notes in Computer Science, vol 7459. Springer, Berlin, Heidelberg

Abstract

We introduce the concept of identity-based encryption (IBE) with master key-dependent chosen-plaintext (mKDM-sID-CPA) security. These are IBE schemes that remain secure even after the adversary sees encryptions, under some initially selected identities, of functions of the master secret keys. We then show that the Canetti, Halevi and Katz (Eurocrypt 2004) transformation delivers chosen-ciphertext secure key-dependent encryption (KDM-CCA) schemes when applied to mKDM-sID-CPA secure IBE schemes. Previously only one generic construction of KDM-CCA secure public key schemes was known, due to Camenisch, Chandran and Shoup (Eurocrypt 2009), and it required non-interactive zero knowledge proofs (NIZKs). Thus we show that NIZKs are not intrinsic to KDM-CCA public key encryption. As a proof of concept, we are able to instantiate our new concept under the Rank assumption on pairing groups and for affine functions of the secret keys. The scheme is inspired by the work by Boneh, Halevi, Hamburg and Ostrovsky (Crypto 2008). Our instantiation is only able to provide security against single encryption queries, or alternatively, against a bounded number of encryption queries. Secondly, we show that a special parameters setting of our main scheme provides master-key leakage-resilient identity-based encryption against chosen-plaintext attacks. This recently proposed security notion aims at taking into account security against side-channel attacks that only decrease the entropy of the master-key up to a certain threshold. Thirdly, we give new and better reductions between the Rank problem (previously named as Matrix-DDH or Matrix d-Linear problem) and the Decisional Linear problem.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • David Galindo
    • 1
  • Javier Herranz
    • 2
  • Jorge Villar
    • 2
  1. 1.University of LuxembourgLuxembourg
  2. 2.Dept. Matemàtica Aplicada IVUniversitat Politècnica de CatalunyaSpain

Personalised recommendations