Universally Composable Identity-Based Encryption

Lecture Notes in Computer Science, 2006

Identity based encryption (IBE) schemes have been flourishing since the very beginning of this century. In IBE it is widely believed that proving the security of a scheme in the sense of IND-ID-CCA2 is sufficient to claim the scheme is also secure in the senses of both SS-ID-CCA2 and NM-ID-CCA2. The justification for this belief is the relations among indistinguishability (IND), semantic security (SS) and non-malleability (NM). But these relations are proved only for conventional public key encryption (PKE) schemes in historical works. The fact is that between IBE and PKE, there exists a difference of special importance, i.e. only in IBE the adversaries can perform a particular attack, namely the chosen identity attack. This paper shows that security proved in the sense of IND-ID-CCA2 is validly sufficient for implying security in any other sense in IBE. This is to say the security notion, IND-ID-CCA2, captures the essence of security for all IBE schemes. To achieve this intention, we first describe formal definitions of the notions of security for IBE, and then present the relations among IND, SS and NM in IBE, along with rigorous proofs. All of these results are proposed with the consideration of the chosen identity attack.

In this paper, we show how to construct an Identity Based Signcryption Scheme (IBSC) using an Identity Based Encryption (IBE) and an Identity Based Signature (IBS) schemes. This we obtain by first extending the An-Dodis-Rabin construction to the Identity Based setting and then instantiating. We then further modify the construction to obtain an efficient construction. We show that the security of the IBSC scheme–indistinguishability as well as unforgeablity–is derived from the security of the underlying IBE and IBS schemes. Moreover, we show that under mild (reasonable) assumptions, the scheme is both space and time efficient compared to the Sign-then-Encrypt approach.

Lecture Notes in Computer Science, 2005

This paper presents a first example of secure identity based encryption scheme (IBE) without redundancy in the sense of Phan and Pointcheval. This modification of the Boneh-Franklin IBE is an hybrid construction that is proved to be secure (using proof techniques borrowed from those for KEM-DEM constructions) in the random oracle model under a slightly stronger assumption than the original IBE and turns out to be more efficient at decryption than the latter. A second contribution of this work is to show how to shorten ciphertexts in a recently proposed multiple-recipient IBE scheme. Our modification of the latter scheme spares about 1180 bits from a bandwidth point of view as, somewhat surprisingly, redundancies are not needed although all elements of the ciphertext space are not reachable by the encryption mapping. This shows that in public key encryption schemes, redundancies may be useless even when the encryption mapping is not a surjection.

2006

It has been demonstrated by Bellare, Neven, and Namprempre (Eurocrypt 2004) that identity-based signature schemes can be constructed from any PKI-based signature scheme. In this paper we consider the following natural extension: is there a generic construction of “identity-based signature schemes with additional properties” (such as identity-based blind signatures, verifiably encrypted signatures, ...) from PKI-based signature schemes with the same properties? Our results show that this is possible for great number of properties including proxy signatures; (partially) blind signatures; verifiably encrypted signatures; undeniable signatures; forward-secure signatures; (strongly) key insulated signatures; online/offline signatures; threshold signatures; and (with some limitations) aggregate signatures. Using well-known results for PKI-based schemes, we conclude that such identity-based signature schemes with additional properties can be constructed, enjoying some better properties than specific schemes proposed until know. In particular, our work implies the existence of identity-based signatures with additional properties that are provably secure in the standard model, do not need bilinear pairings, or can be based on general assumptions.

Public-Key Cryptography – PKC 2018, 2018

Recently, Döttling and Garg (CRYPTO 2017) showed how to build identity-based encryption (IBE) from a novel primitive termed Chameleon Encryption, which can in turn be realized from simple number theoretic hardness assumptions such as the computational Diffie-Hellman assumption (in groups without pairings) or the factoring assumption. In a follow-up work (TCC 2017), the same authors showed that IBE can also be constructed from a slightly weaker primitive called One-Time Signatures with Encryption (OTSE). In this work, we show that OTSE can be instantiated from hard learning problems such as the Learning With Errors (LWE) and the Learning Parity with Noise (LPN) problems. This immediately yields the first IBE construction from the LPN problem and a construction based on a weaker LWE assumption compared to previous works. Finally, we show that the notion of one-time signatures with encryption is also useful for the construction of key-dependent-message (KDM) secure public-key encryption. In particular, our results imply that a KDM-secure public key encryption can be constructed from any KDMsecure secret-key encryption scheme and any public-key encryption scheme.

DEStech Transactions on Engineering and Technology Research, 2017

In this paper, we propose a new assumption, i.e., computation linear assumption, then we provide a new identity-based signature algorithm based on this assumption, use the bilinear pairings technique. We proof the security of this scheme based on the computation linear assumption. The scheme is proposed under the standard model. as well, the task is to output 1 2 3 ( ) 1 CLIN can be view as a computation "version" of decisional Linear assumption (DLIN) proposed by Boneh, Boyen, and Shacham [5]. DLIN can be briefly described as: given 1 2 , , , , c c g f v g f , where , , g f v is a group generator of prime order group  . The task is to distinguish the value 1 2 c c v  from a random element in  . Identity-Based Encryption (IBE), which has been firstly presented by Shamir [6], is an influential paradigm for embedding identity information into the encrypted data. In IBE, a message can be encrypted in terms of one's identity, and only the user who retain the private key corresponded to the very identity the message encrypted on can recover the ciphertext correctly. However, Shamir did not give out a practical scheme about IBE. An efficient and secure IBE construction leaves to be an open problem until the emergence of the work from Boneh and Franklin [2] and Cock . After that, many types of IBEs are proposed to adapt all kinds of scenarios: such as IBE that without random oracle [8][9]. IBE gives rise to the appearance of a brand new cryptography primitive: which is called identitybased signature (IBS). IBS enables the user, who holds a private key corresponded with a special identity, to generate a valid signature based on a message that, everyone who knows the public parameter, can verify the correctness of the signature. Boneh and Franklin proposed the first '

2019

1330 Published By: Blue Eyes Intelligence Engineering & Sciences Publication Retrieval Number: F12700486S419/19©BEIESP DOI: 10.35940/ijitee.F1270.0486S419 Abstract— In computer based system, key for the problem of identification, authentication and secrecy can be found in the field of cryptography. Dependence on public key infrastructure and to receive certificates signed by Certificate Authority (CA) to authenticate oneself for exchange of encrypted messages is one of the most significant limitation for the widespread adoption of Public Key Cryptography (PKC) as this process is time engrossing and error prone. Identity based cryptography (IBC) aspires to reduce the certificate and key management overhead of PKC. IBC’s important primordial is Identity-based Encryption (IBE). IBE provided emergent for perception of Identity based signature (IBS) schemes. In this paper, overview of IBE and IBS schemes has been given. Also, a survey on various IBE and IBS schemes has been performed to ...

Siam Journal on Computing, 2007

We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes secure against adaptive chosen-ciphertext attacks) based on any identity-based encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCA-security; this paradigm avoids "proofs of well-formedness" that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCA-secure encryption schemes whose performance is competitive with the most efficient CCA-secure schemes to date.

IACR Cryptology ePrint Archive, 2016

BasicIBE and AnonIBE are two space-efficient identity-based encryption (IBE) schemes based on quadratic residues, proposed by Boneh, Gentry, and Hamburg, and closely related to Cocks' IBE scheme. BasicIBE is secure in the random oracle model under the quadratic residuosity assumption, while AnonIBE is secure in the standard model under the interactive quadratic residuosity assumption. In this paper we revise the BasicIBE scheme and we show that if the requirements for the deterministic algorithms used to output encryption and decryption polynomials are slightly changed, then the scheme's security margin can be slightly improved.

2004

This paper first positively answers the previously open question of whether it was possible to obtain an optimal security reduction for an identity based signature (IBS) under a reasonable computational assumption. We revisit the Sakai-Ogishi-Kasahara IBS that was recently proven secure by Bellare, Namprempre and Neven through a general framework applying to a large family of schemes. We show that