Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting

Dennis Hofheinz; Jessica Koch; Christoph Striecks

doi:10.1007/s00145-024-09496-4

Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting

Dennis Hofheinz
, Jessica Koch
, Christoph Striecks

ETH Zurich
Karlsruhe Institute of Technology (KIT)

Research output: Contribution to journal › Article › peer-review

Abstract

We construct an identity-based encryption (IBE) scheme that is tightly secure in a very strong sense. Specifically, we consider a setting with many instances of the scheme and many encryptions per instance. In this setting, we reduce the security of our scheme to a variant of a simple assumption used for a similar purpose by Chen and Wee (CRYPTO 2013, Springer, 2013). The security loss of our reduction is O(k)(where k is the security parameter). Our scheme is the first IBE scheme to achieve this strong flavor of tightness under a simple assumption. Technically, our scheme is a variation of the IBE scheme by Chen and Wee. However, in order to “lift” their results to the multi-instance, multi-ciphertext case, we need to develop new ideas. In particular, while we build on (and extend) their high-level proof strategy, we deviate significantly in the low-level proof steps.

Original language	English
Article number	12
Pages (from-to)	799-822
Number of pages	33
Journal	Journal of Cryptology
Volume	37
Issue number	2
DOIs	https://doi.org/10.1007/s00145-024-09496-4
Publication status	Published - 29 Feb 2024

Research Field

Cyber Security

Keywords

Dual-system groups
Identity-based encryption
Multi-challenge security
Public-key cryptography
Tightness

Access to Document

10.1007/s00145-024-09496-4

Cite this

@article{0694ed5b2bb64fd580e7c17203b57ea1,

title = "Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting",

abstract = "We construct an identity-based encryption (IBE) scheme that is tightly secure in a very strong sense. Specifically, we consider a setting with many instances of the scheme and many encryptions per instance. In this setting, we reduce the security of our scheme to a variant of a simple assumption used for a similar purpose by Chen and Wee (CRYPTO 2013, Springer, 2013). The security loss of our reduction is O(k)(where k is the security parameter). Our scheme is the first IBE scheme to achieve this strong flavor of tightness under a simple assumption. Technically, our scheme is a variation of the IBE scheme by Chen and Wee. However, in order to “lift” their results to the multi-instance, multi-ciphertext case, we need to develop new ideas. In particular, while we build on (and extend) their high-level proof strategy, we deviate significantly in the low-level proof steps.",

keywords = "Dual-system groups, Identity-based encryption, Multi-challenge security, Public-key cryptography, Tightness",

author = "Dennis Hofheinz and Jessica Koch and Christoph Striecks",

year = "2024",

month = feb,

day = "29",

doi = "10.1007/s00145-024-09496-4",

language = "English",

volume = "37",

pages = "799--822",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "2",

}

TY - JOUR

T1 - Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting

AU - Hofheinz, Dennis

AU - Koch, Jessica

AU - Striecks, Christoph

PY - 2024/2/29

Y1 - 2024/2/29

N2 - We construct an identity-based encryption (IBE) scheme that is tightly secure in a very strong sense. Specifically, we consider a setting with many instances of the scheme and many encryptions per instance. In this setting, we reduce the security of our scheme to a variant of a simple assumption used for a similar purpose by Chen and Wee (CRYPTO 2013, Springer, 2013). The security loss of our reduction is O(k)(where k is the security parameter). Our scheme is the first IBE scheme to achieve this strong flavor of tightness under a simple assumption. Technically, our scheme is a variation of the IBE scheme by Chen and Wee. However, in order to “lift” their results to the multi-instance, multi-ciphertext case, we need to develop new ideas. In particular, while we build on (and extend) their high-level proof strategy, we deviate significantly in the low-level proof steps.

AB - We construct an identity-based encryption (IBE) scheme that is tightly secure in a very strong sense. Specifically, we consider a setting with many instances of the scheme and many encryptions per instance. In this setting, we reduce the security of our scheme to a variant of a simple assumption used for a similar purpose by Chen and Wee (CRYPTO 2013, Springer, 2013). The security loss of our reduction is O(k)(where k is the security parameter). Our scheme is the first IBE scheme to achieve this strong flavor of tightness under a simple assumption. Technically, our scheme is a variation of the IBE scheme by Chen and Wee. However, in order to “lift” their results to the multi-instance, multi-ciphertext case, we need to develop new ideas. In particular, while we build on (and extend) their high-level proof strategy, we deviate significantly in the low-level proof steps.

KW - Dual-system groups

KW - Identity-based encryption

KW - Multi-challenge security

KW - Public-key cryptography

KW - Tightness

U2 - 10.1007/s00145-024-09496-4

DO - 10.1007/s00145-024-09496-4

M3 - Article

SN - 0933-2790

VL - 37

SP - 799

EP - 822

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 2

M1 - 12

ER -

Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting

Abstract

Research Field

Keywords

Access to Document

Fingerprint

Cite this