Skip to main content
SpringerLink
Log in

Efficient hybrid encryption from ID-based encryption

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

This paper deals with generic transformations from ID-based key encapsulation mechanisms (IBKEM) to hybrid public-key encryption (PKE). The best generic transformation known until now is by Boneh and Katz and requires roughly 704-bit overhead in the ciphertext. We present new generic transformations that are applicable to partitioned IBKEMs. A partitioned IBKEM is an IBKEM that provides some extra structure. Such IBKEMs are quite natural and in fact nearly all known IBKEMs have this additional property. Our first transformation yields chosen-ciphertext secure PKE schemes from selective-ID secure partitioned IBKEMs with a 256-bit overhead in ciphertext size plus one extra exponentiation in encryption/decryption. As the central tool a Chameleon Hash function is used to map the identities. We also propose other methods to remove the use of Chameleon Hash, which may be of independent technical interest. Applying our transformations to existing IBKEMs we propose a number of novel PKE schemes with different trade-offs. In some concrete instantiations the Chameleon Hash can be made “implicit” which results in improved efficiency by eliminating the additional exponentiation. Since our transformations preserve the public verifiability property of the IBE schemes it is possible to extend our results to build threshold hybrid PKE schemes. We show an analogue generic transformation in the threshold setting and present a concrete scheme which results in the most efficient threshold PKE scheme in the standard model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abe M.: Robust distributed multiplication without interaction. In: Wiener M.J. (ed.) Advances in Cryptology—CRYPTO’99. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 15–19, vol. 1666, pp. 130–147. Springer, Berlin, Germany (1999).

  2. Abe M., Fehr S.: Adaptively secure feldman VSS and applications to universally-composable threshold cryptography. In: Franklin M. (ed.) Advances in Cryptology—CRYPTO 2004. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 15–19, vol. 3152, pp. 317–334. Springer, Berlin, Germany (2004).

  3. Abe M., Gennaro R., Kurosawa K.: Tag-KEM/DEM: a new framework for hybrid encryption. J. Cryptol. 21(1), 97–130 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  4. Bellare M., Rogaway P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM CCS 93: 1st Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3–5, pp. 62–73. ACM Press (1993).

  5. Bellare M., Rogaway P.: Collision-resistant hashing: towards making UOWHFs practical. In: Kaliski B.S., Jr. (ed.) Advances in Cryptology—CRYPTO’97. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 17–21, vol. 1294, pp. 470–484. Springer, Berlin, Germany (1997).

  6. Bernstein D.J.: Pippenger’s Exponentiation Algorithm. http://cr.yp.to/papers.html (2001).

  7. Boneh D., Boyen X.: Efficient selective-ID secure identity based encryption without random oracles. In: Cachin C., Camenisch J. (eds.) Advances in Cryptology—EU-ROCRYPT 2004. Lecture Notes in Computer Science, Interlaken, Switzerland, May 2–6, vol. 3027, pp. 223–238. Springer, Berlin, Germany (2004).

  8. Boneh D., Boyen X.: Short signatures without random oracles. In: Cachin C., Camenisch J. (eds.) Advances in Cryptology—EUROCRYPT 2004. Lecture Notes in Computer Science, Interlaken, Switzerland, May 2–6, vol. 3027, pp. 56–73. Springer, Berlin, Germany (2004).

  9. Boneh D., Boyen X., Halevi S.: Chosen ciphertext secure public key threshold encryption without random oracles. In: Pointcheval D. (ed.) Topics in Cryptology—CT-RSA 2006. Lecture Notes in Computer Science, San Jose, CA, USA, February 13–17, vol. 3860, pp. 226–243. Springer, Berlin, Germany (2006).

  10. Boneh D., Canetti R., Halevi S., Katz J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007)

    Article  MathSciNet  Google Scholar 

  11. Boneh D., Franklin M.K.: Identity-based encryption from the Weil pairing. In: Kilian J. (ed.) Advances in Cryptology—CRYPTO 2001. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 19–23, vol. 2139, pp. 213–229. Springer, Berlin, Germany (2001).

  12. Boneh D., Franklin M.K.: Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  13. Boneh D., Katz J.: Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In: Menezes A. (ed.) Topics in Cryptology—CT-RSA 2005. Lecture Notes in Computer Science, San Francisco, CA, USA, February 14–18, vol. 3376, pp. 87–103. Springer, Berlin, Germany (2005).

  14. Boyen X., Mei Q., Waters B.: Direct chosen ciphertext security from identity-based techniques. In: ACM CCS 05: 12th Conference on Computer and Communications Security, Alexandria, Virginia, USA, November 7–11, pp. 320–329. ACM Press (2005).

  15. Canetti R., Goldreich O., Halevi S.: The random oracle methodology, revisited. In: 30th Annual ACM Symposium on Theory of Computing, Dallas, Texas, USA, May 23–26, pp. 209–218. ACM Press (1998).

  16. Canetti R., Goldwasser S.: An effcient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Stern J. (ed.) Advances in Cryptology—EURO-CRYPT’99. Lecture Notes in Computer Science, Prague, Czech Republic, May 2–6, vol. 1592, pp. 90–106. Springer, Berlin, Germany (1999).

  17. Canetti R., Halevi S., Katz J.: A forward-secure public-key encryption scheme. In: Biham E. (ed.) Advances in Cryptology—EUROCRYPT 2003. Lecture Notes in Computer Science, Warsaw, Poland, May 4–8, vol. 2656, pp. 255–271, Springer, Berlin, Germany (2003).

  18. Canetti R., Halevi S., Katz J.: Chosen-ciphertext security from identity-based encryption. In: Cachin C., Camenisch J. (eds.) Advances in Cryptology—EURO-CRYPT 2004. Lecture Notes in Computer Science, Interlaken, Switzerland, May 2–6, vol. 3027, pp. 207–222, Springer, Berlin, Germany (2004).

  19. Canetti R., Halevi S., Katz J.: Adaptively-secure, non-interactive public-key encryption. In: kilian J. (ed.) TCC 2005: 2nd Theory of Cryptography Conference. Lecture Notes in Computer Science, Cambridge, MA, USA, February 10–12, vol. 3378, pp. 150–168. Springer, Berlin, Germany (2005).

  20. Chatterjee S., Sarkar P.: Trading time for space: towards an effcient ibe scheme with short(er) public parameters in the standard model. Proceedings of ICISC 2005 (2005).

  21. Cramer R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk H. (ed.) Advances in Cryptology—CRYPTO’98. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 23–27, vol. 1462, pp. 13–25. Springer, Berlin, Germany (1998).

  22. Cramer R., Shoup V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  23. Damgård I.: Collision free hash functions and public key signature schemes. In: Chaum D., Price W.L. (eds.) Advances in Cryptology—EUROCRYPT’87. Lecture Notes in Computer Science, Amsterdam, The Netherlands, April 13–15, vol. 304, pp. 203–216. Springer, Berlin, Germany (1988).

  24. Dolev D., Dwork C., Naor M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  25. Even S., Goldreich O., Micali S.: On-line/off-line digital signatures. J. Crypt. 9(1), 35–67 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  26. Galindo D., Kiltz E.: Threshold chosen-ciphertext secure identity-based key encapsulation without random oracles. In: SCN 2006, vol. 4116, pp. 173–185. Springer (2006).

  27. Gennaro R., Jarecki S., Krawczyk H., Rabin T.: Secure distributed key gener- ation for discrete-log based cryptosystems. In: Stern J. (ed.) Advances in Cryptology—EU-ROCRYPT’99. Lecture Notes in Computer Science, Prague, Czech Republic, May 2–6, vol. 1592, pp. 295–310. Springer, Berlin, Germany (1999).

  28. Gentry G.: Practical identity-based encryption without random oracles. In: Vaudenay S. (ed.) Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, St. Petersburg, Russia, May 28 to June 1, vol. 4004, pp. 445–464. Springer, Berlin, Germany (2006).

  29. Gentry C., Silverberg A.: Hierarchical ID-based cryptography. In: Zheng Y. (ed.) Advances in Cryptology—ASIACRYPT 2002. Lecture Notes in Computer Science, Queenstown, New Zealand, December 1–5, vol. 2501, pp. 548–566. Springer, Berlin, Germany (2002).

  30. Kiltz E.: Chosen-ciphertext security from tag-based encryption. In: Halevi S., Rabin T. (eds.) TCC 2006: 3rd Theory of Cryptography Conference. Lecture Notes in Computer Science, New York, NY, USA, March 4–7, vol. 3876, pp. 581–600. Springer, Berlin, Germany (2006).

  31. Kiltz E.: On the limitations of the spread of an IBE-to-PKE transformation. In: Yung M., Dodis Y., Kiayias A., Malkin T. (eds.) PKC 2006: 9th International Conference on Theory and Practice of Public Key Cryptography. Lecture Notes in Computer Science, New York, NY, USA, April 24–26, vol. 3958, pp. 274–289, Springer, Berlin, Germany (2006).

  32. Kiltz E.: From selective-ID to full security: the case of the inversion-based Boneh-Boyen IBE scheme. Cryptology ePrint Archive, Report 2007/033, http://eprint.iacr.org/ (2007).

  33. Kiltz E., Galindo D.: Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. In: ACISP 2006, vo. 4058, pp. 336–347. Springer (2006).

  34. Krawczyk H., Rabin T.: Chameleon signatures. In: ISOC Network and Distributed System Security Symposium NDSS 2000, San Diego, California, USA, February 2–4. The Internet Society (2000).

  35. Malkin T., Moriarty R., Yakovenko N.: Generalized environmental security from number theoretic assumptions. In: Halevi S., Rabin T. (eds.) TCC 2006: 3rd Theory of Cryptography Conference. Lecture Notes in Computer Science, New York, NY, USA, March 4–7, vol. 3876, pp. 343–359. Springer, Berlin, Germany (2006).

  36. Naor M.: Bit commitment using pseudo-randomness. J. Crypt. 4(2), 151–158 (1991)

    MATH  Google Scholar 

  37. Naor M., Yung M.: Universal one-way hash functions and their cryptographic applications. In: 21st Annual ACM Symposium on Theory of Computing, Seattle, Washington, USA, May 15–17, pp. 33–43. ACM Press (1989).

  38. Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, USA, May 14–16, ACM Press (1990).

  39. Page D., Smart N.P., Vercauteren F.: A comparison of MNT curves and supersingular curves. Cryptology ePrint Archive, Report 2004/165, http://eprint.iacr.org/ (2004).

  40. Pedersen T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum J. (ed.) Advances in Cryptology—CRYPTO’91. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 11–15, vol. 576, pp. 129–140. Springer, Berlin, Germany (1992).

  41. Prabhakaran M., Sahai A.: New notions of security: Achieving universal composability without trusted setup. In: STOC’04, pp. 242–251. ACM (2004).

  42. Rackoff C., Simon D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum J. (ed.) Advances in Cryptology—CRYPTO’91. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 11–15, vol. 576, pp. 433–444. Springer, Berlin, Germany (1992).

  43. Sahai A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS, pp. 543–553 (1999).

  44. Sakai R., Ohgishi K., Kasahara M.: Cryptosystems based on pairing. In: SCIS 2000, Okinawa, Japan, January (2000).

  45. Shamir A.: Identity-based cryptosystems and signature schemes. In: Blakley G.R., Chaum D. (eds.) Advances in Cryptology—CRYPTO’84. Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 19–23, vol. 196. Springer, Berlin, Germany (1985).

  46. Shoup V., Gennaro R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg K. (ed.) Advances in Cryptology—EUROCRYPT’98. Lecture Notes in Computer Science, Espoo, Finland, May 31 to June 4, vol. 1403, pp. 1–16. Springer, Berlin, Germany (1998).

  47. Waters B.R.: Efficient identity-based encryption without random oracles. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, Aarhus, Denmark, May 22–26, vol. 3494, pp. 114–127. Springer, Berlin, Germany (2005).

  48. Zhang R.: Tweaking TBE/IBE to PKE transforms with chameleon hash functions. ACNS 2007 (2007).

Download references

Author information

Authors and Affiliations

  1. Information Sharing Platform Laboratories, NTT, 3-9-11 Midori-cho, Musashino-shi, Tokyo, 180-8585, Japan

    Masayuki Abe

  2. Research Center for Information Security (RCIS), AIST, 1-18-13 Sotokanda, Chiyoda-ku, Tokyo, 101-0021, Japan

    Yang Cui

  3. Chuo University, 1-13-27 Kasuga, Bunkyo-ku, Tokyo, 112-8551, Japan

    Hideki Imai

  4. CWI Amsterdam, P.O. Box 94079, 1090 GB, Amsterdam, The Netherlands

    Eike Kiltz

Authors
  1. Masayuki Abe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hideki Imai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eike Kiltz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masayuki Abe.

Additional information

Communicated by P. Wild.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Abe, M., Cui, Y., Imai, H. et al. Efficient hybrid encryption from ID-based encryption. Des. Codes Cryptogr. 54, 205–240 (2010). https://doi.org/10.1007/s10623-009-9320-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-009-9320-0

Keywords

Mathematics Subject Classification (2000)

Search

Navigation