IBE with tight security against selective opening and chosen-ciphertext attacks

The simulation-based, selective opening and chosen-ciphertext ( $$\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}$$ SIM - SO - CCA ) adversary runs in the multi-sender scenario, it may access to the decryption and user-secret key oracles, in addition to corrupt senders adaptively after seeing the ciphertext (hence it can obtain the encrypted messages together with the randomness). An $$\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}$$ SIM - SO - CCA secure $$\mathsf {IBE}$$ IBE scheme aims to provide privacy for uncorrupted senders against such adversaries. In this work we present the first tightly $$\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}$$ SIM - SO - CCA secure identity-based encryption ( $$\mathsf {IBE}$$ IBE ). Our $$\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}$$ SIM - SO - CCA secure $$\mathsf {IBE}$$ IBE employs an identity-based key encapsulation mechanism ( $$\mathsf {IBKEM}$$ IBKEM ) as a building block, concretely, Firstly, we define proper security requirements in the multi-challenge setting for an $$\mathsf {IBKEM}.$$ IBKEM . Then we transform an $$\mathsf {IBKEM}$$ IBKEM with such properties to a $$\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}$$ SIM - SO - CCA secure $$\mathsf {IBE}$$ IBE in a tight way. The security definitions and transformation can be seen as an extension of the framework in the public encryption (PKE) setting (given by Lyu et al. in PKC 2018). Finally, we propose an $$\mathsf {IBKEM}$$ IBKEM in prime order groups satisfying our requirements. The security of our $$\mathsf {IBKEM}$$ IBKEM can be tightly reduced to the standard matrix Diffie–Hellman assumption. Our $$\mathsf {IBKEM}$$ IBKEM leads to a tightly $$\mathsf {SIM}\text{- }\mathsf {SO}\text{- }\mathsf {CCA}$$ SIM - SO - CCA secure $$\mathsf {IBE}$$ IBE and of independent interest.

[1]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[2]  Eike Kiltz,et al.  Tightly CCA-Secure Encryption Without Pairings , 2016, EUROCRYPT.

[3]  Xavier Boyen,et al.  Towards Tightly Secure Lattice Short Signature and Id-Based Encryption , 2016, ASIACRYPT.

[4]  Rafail Ostrovsky,et al.  Lossy Encryption: Constructions from General Assumptions and Efficient Selective Opening Chosen Ciphertext Security , 2011, ASIACRYPT.

[5]  Tibor Jager,et al.  Public-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts , 2016, TCC.

[6]  Dennis Hofheinz,et al.  Identity-Based Encryption with (Almost) Tight Security in the Multi-instance, Multi-ciphertext Setting , 2015, Public Key Cryptography.

[7]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[8]  Goichiro Hanaoka,et al.  A Framework for Identity-Based Encryption with Almost Tight Security , 2015, ASIACRYPT.

[9]  Yunlei Zhao,et al.  Identity-Based Encryption Secure Against Selective Opening Chosen-Ciphertext Attack , 2014, IACR Cryptol. ePrint Arch..

[10]  Dennis Hofheinz,et al.  On definitions of selective opening security , 2012, IACR Cryptol. ePrint Arch..

[11]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[12]  Javier Herranz,et al.  Identity-Based Lossy Trapdoor Functions: New Definitions, Hierarchical Extensions, and Implications , 2014, Public Key Cryptography.

[13]  Dennis Hofheinz,et al.  All-But-Many Lossy Trapdoor Functions , 2012, EUROCRYPT.

[14]  Xiaolei Dong,et al.  Almost-Tight Identity Based Encryption Against Selective Opening Attack , 2016, Comput. J..

[15]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[16]  Brent Waters,et al.  Identity-Based (Lossy) Trapdoor Functions and Applications , 2012, EUROCRYPT.

[17]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[18]  Dingding Jia,et al.  Identity-based Encryption Tightly Secure under Chosen-ciphertext Attacks , 2018, IACR Cryptol. ePrint Arch..

[19]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[20]  Dingding Jia,et al.  Identity-Based Lossy Encryption from Learning with Errors , 2015, IWSEC.

[21]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[22]  Kefei Chen,et al.  Fixing the Sender-Equivocable Encryption Scheme in Eurocrypt 2010 , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[23]  Kenneth G. Paterson,et al.  Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms , 2015, Public Key Cryptography.

[24]  Jiaxin Pan,et al.  Tightly Secure Hierarchical Identity-Based Encryption , 2019, Journal of Cryptology.

[25]  Dawu Gu,et al.  Tightly SIM-SO-CCA Secure Public Key Encryption from Standard Assumptions , 2018, Public Key Cryptography.

[26]  Brent Waters,et al.  Identity-Based Encryption Secure against Selective Opening Attack , 2011, TCC.

[27]  Eike Kiltz,et al.  Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks , 2010, EUROCRYPT.

[28]  Ron Steinfeld,et al.  All-But-Many Lossy Trapdoor Functions and Selective Opening Chosen-Ciphertext Security from LWE , 2017, CRYPTO.

[29]  Kefei Chen,et al.  Sender-Equivocable Encryption Schemes Secure against Chosen-Ciphertext Attacks Revisited , 2015, Int. J. Appl. Math. Comput. Sci..

[30]  Dawu Gu,et al.  Tightly CCA-secure identity-based encryption with ciphertext pseudorandomness , 2018, Des. Codes Cryptogr..

[31]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[32]  Dennis Hofheinz,et al.  Standard Security Does Not Imply Indistinguishability Under Selective Opening , 2015, TCC.