Abstract
The simulation-based, selective opening and chosen-ciphertext (\(\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}\)) adversary runs in the multi-sender scenario, it may access to the decryption and user-secret key oracles, in addition to corrupt senders adaptively after seeing the ciphertext (hence it can obtain the encrypted messages together with the randomness). An \(\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}\) secure \(\mathsf {IBE}\) scheme aims to provide privacy for uncorrupted senders against such adversaries. In this work we present the first tightly \(\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}\) secure identity-based encryption (\(\mathsf {IBE}\)). Our \(\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}\) secure \(\mathsf {IBE}\) employs an identity-based key encapsulation mechanism (\(\mathsf {IBKEM}\)) as a building block, concretely,
Firstly, we define proper security requirements in the multi-challenge setting for an \(\mathsf {IBKEM}.\)
Then we transform an \(\mathsf {IBKEM}\) with such properties to a \(\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}\) secure \(\mathsf {IBE}\) in a tight way. The security definitions and transformation can be seen as an extension of the framework in the public encryption (PKE) setting (given by Lyu et al. in PKC 2018).
Finally, we propose an \(\mathsf {IBKEM}\) in prime order groups satisfying our requirements. The security of our \(\mathsf {IBKEM}\) can be tightly reduced to the standard matrix Diffie–Hellman assumption. Our \(\mathsf {IBKEM}\) leads to a tightly \(\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}\) secure \(\mathsf {IBE}\) and of independent interest.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Since there is only one instantiation of a tightly secure affine \(\mathsf {MAC},\) in this paper we give the construction based on the \(\mathsf {MDDH}\) assumption directly instead of via the primitive “affine \(\mathsf {MAC}\)”.
References
Attrapadung N., Hanaoka G., Yamada S.: A framework for identity-based encryption with almost tight security. In: Iwata T., Cheon J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 521–549. Springer, Heidelberg (2015).
Bellare M., Goldwasser S.: New paradigms for digital signatures and message authentication based on non-interactive zero knowledge proofs. In: Brassard G. (ed.) CRYPTO’89. LNCS, vol. 435, pp. 194–211. Springer, Heidelberg (1990).
Bellare M., Hofheinz D., Yilek S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009).
Bellare M., Kiltz E., Peikert C., Waters B.: Identity-based (lossy) trapdoor functions and applications. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 228–245. Springer, Heidelberg (2012).
Bellare M., Rogaway P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006).
Bellare M., Waters B., Yilek S.: Identity-based encryption secure against selective opening attack. In: Ishai Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 235–252. Springer, Heidelberg (2011).
Blazy O., Kiltz E., Pan J.: (Hierarchical) identity-based encryption from affine message authentication. In: Garay J.A., Gennaro R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 408–425. Springer, Heidelberg (2014).
Böhl F., Hofheinz D., Kraschewski D.: On definitions of selective opening security. In: Fischlin M., Buchmann J., Manulis M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 522–539. Springer, Heidelberg (2012).
Boyen X., Li Q.: Towards tightly secure lattice short signature and id-based encryption. In: Cheon J.H., Takagi T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 404–434. Springer, Heidelberg (2016).
Chen J., Wee H.: Fully, (almost) tightly secure IBE and dual system groups. In: Canetti R., Garay J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 435–460. Springer, Heidelberg (2013).
Escala A., Herold G., Kiltz E., Ràfols C., Villar J.: An algebraic framework for Diffie–Hellman assumptions. In: Canetti R., Garay J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013).
Escala A., Herranz J., Libert B., Ràfols C.: Identity-based lossy trapdoor functions: new definitions, hierarchical extensions, and implications. In: Krawczyk H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 239–256. Springer, Heidelberg (2014).
Fehr S., Hofheinz D., Kiltz E., Wee H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: Gilbert H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 381–402. Springer, Heidelberg (2010).
Gay R., Hofheinz D., Kiltz E., Wee H.: Tightly CCA-secure encryption without pairings. In: Fischlin M., Coron J.S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 1–27. Springer, Heidelberg (2016).
Gentry C.: Practical identity-based encryption without random oracles. In: Vaudenay S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006).
Gong J., Dong X., Cao Z., Chen J.: Almost-tight identity based encryption against selective opening attack. Comput. J. 59(11), 1669–1688 (2016).
Groth J., Sahai A.: Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput. 41(5), 1193–1232 (2012).
Han S., Liu S., Qin B., Gu D.: Tightly CCA-secure identity-based encryption with ciphertext pseudorandomness. Des. Codes Cryptogr. 86(3), 517–554 (2018).
He J., Li B., Lu X., Jia D., Xue H., Sun X.: Identity-based lossy encryption from learning with errors. In: Tanaka K., Suga Y. (eds.) IWSEC 15. LNCS, vol. 9241, pp. 3–20. Springer, Heidelberg (2015).
Hemenway B., Libert B., Ostrovsky R., Vergnaud D.: Lossy encryption: constructions from general assumptions and efficient selective opening chosen ciphertext security. In: Lee D.H., Wang X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70–88. Springer, Heidelberg (2011).
Hofheinz D.: All-but-many lossy trapdoor functions. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 209–227. Springer, Heidelberg (2012).
Hofheinz D., Jager T., Rupp A.: Public-key encryption with simulation-based selective-opening security and compact ciphertexts. In: Hirt M., Smith A.D. (eds.) TCC 2016-B, Part II. LNCS, vol. 9986, pp. 146–168. Springer, Heidelberg (2016).
Hofheinz D., Jia D., Pan J.: Identity-based encryption tightly secure under chosen-ciphertext attacks. In: Peyrin T., Galbraith S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 190–220. Springer, Heidelberg (2018).
Hofheinz D., Kiltz E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007).
Hofheinz D., Koch J., Striecks C.: Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting. In: Katz J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 799–822. Springer, Heidelberg (2015).
Hofheinz D., Rao V., Wichs D.: Standard security does not imply indistinguishability under selective opening. In: Hirt M., Smith A.D. (eds.) TCC 2016-B, Part II. LNCS, vol. 9986, pp. 121–145. Springer, Heidelberg (2016).
Huang Z., Liu S., Qin B.: Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited. In: Kurosawa K., Hanaoka G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 369–385. Springer, Heidelberg (2013).
Huang Z., Liu S., Qin B., Chen K.: Fixing the sender-equivocable encryption scheme in EUROCRYPT 2010. In: INCoS 2013, pp. 366–372. IEEE (2013).
Lai J., Deng R.H., Liu S., Weng J., Zhao Y.: Identity-based encryption secure against selective opening chosen-ciphertext attack. In: Nguyen P.Q., Oswald E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 77–92. Springer, Heidelberg (2014).
Langrehr R., Pan J.: Tightly secure hierarchical identity-based encryption.
Libert B., Sakzad A., Stehlé D., Steinfeld R.: All-but-many lossy trapdoor functions and selective opening chosen-ciphertext security from LWE. In: Katz J., Shacham H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 332–364. Springer, Heidelberg (2017).
Liu S., Paterson K.G.: Simulation-based selective opening CCA security for PKE from key encapsulation mechanisms. In: Katz J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 3–26. Springer, Heidelberg (2015).
Lyu L., Liu S., Han S., Gu D.: Tightly SIM-SO-CCA secure public key encryption from standard assumptions. In: Abdalla M., Dahab R. (eds.) PKC 2018, Part I. LNCS, vol. 10769, pp. 62–92. Springer, Heidelberg (2018).
Acknowledgements
We thank the anonymous reviewers for their helpful comments. We thank Dennis Hofheinz for pointing out a problem in an earlier version of the proof of Theorem 1. The authors were supported by the National Nature Science Foundation of China (Nos. 61502484, 61502480, 61572495, 61772515) and the National Cryptography Development Fund (No. MMJJ20170116). Part of this research was funded by the Indo-French Center for the Promotion of Advanced Research.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by R. Steinfeld.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jia, D., Liu, Y. & Li, B. IBE with tight security against selective opening and chosen-ciphertext attacks. Des. Codes Cryptogr. 88, 1371–1400 (2020). https://doi.org/10.1007/s10623-020-00755-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-020-00755-6
Keywords
- Identity-based encryption
- Tight security reduction
- Chosen-ciphertext security
- Selective opening security