2014 | OriginalPaper | Buchkapitel
Bounded-Collusion Identity-Based Encryption from Semantically-Secure Public-Key Encryption: Generic Constructions with Short Ciphertexts
verfasst von : Stefano Tessaro, David A. Wilson
Erschienen in: Public-Key Cryptography – PKC 2014
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
To circumvent the lack of generic constructions of identity-based encryption (IBE), Dodis
et al.
(EUROCRYPT ’02) introduced the notion of
bounded-collusion IBE
(BC-IBE), where attackers only learn secret keys of an a-priori bounded number
t
of identities. They provided a
generic
BC-IBE construction from any semantically-secure encryption scheme which, however, suffers from a
ω
(
t
) blow-up in ciphertext size. Goldwasser
et al.
(TCC 2012) recently presented a generic construction with no ciphertext-length blow-up. Their construction requires an underlying public-key scheme with a key homomorphism, as well as a hash-proof-style security definition that is strictly stronger than semantic security. This latter requirement in particular reduces the applicability of their construction to existing schemes.
In this paper, we present the
first
generic constructions of BC-IBE from
semantically-secure
encryption schemes with no ciphertext-length blow-up. Our constructions require different degrees of key-homomorphism and malleability properties that are usually easy to verify. We provide concrete instantiations based on the DDH, QR, NTRU, and LWE assumptions. For all of these assumptions, our schemes present the smallest BC-IBE ciphertext size known to date. Our NTRU-based construction is particularly interesting, due to the lack of NTRU-based IBE constructions as well as the fact that it supports fully-homomorphic evaluation.
Our results also yield new constructions of bounded CCA-secure cryptosystems