Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging

Paul  Rösler; Daniel Slamanig; Christoph Striecks

doi:10.1007/978-3-031-30589-4_1

Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging

Paul Rösler (Speaker)
, Daniel Slamanig
, Christoph Striecks

Friedrich-Alexander University Erlangen-Nürnberg

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

Abstract

Hierarchical Identity Based Encryption (HIBE) is a well studied, versatile tool used in many cryptographic protocols. Yet, since the performance of all known HIBE constructions is broadly considered prohibitive, some real-world applications avoid relying on HIBE at the expense of security. A prominent example for this is secure messaging: Strongly secure messaging protocols are provably equivalent to Key-Updatable Key Encapsulation Mechanisms (KU-KEMs; Balli et al., Asiacrypt 2020); so far, all KU-KEM constructions rely on adaptive unbounded-depth HIBE (Poettering and Rösler, Jaeger and Stepanovs, both CRYPTO 2018). By weakening security requirements for better efficiency, many messaging protocols dispense with using HIBE.

In this work, we aim to gain better efficiency without sacrificing security. For this, we observe that applications like messaging only need a restricted variant of HIBE for strong security. This variant, that we call Unique-Path Identity Based Encryption (UPIBE), restricts HIBE by requiring that each secret key can delegate at most one subordinate secret key. However, in contrast to fixed secret key delegation in Forward-Secure Public Key Encryption, the delegation in UPIBE, as in HIBE, is uniquely determined by variable identity strings from an exponentially large space. We investigate this mild but surprisingly effective restriction and show that it offers substantial complexity and performance advantages.

More concretely, we generically build bounded-depth UPIBE from only bounded-collusion IBE in the standard model; and we generically build adaptive unbounded-depth UPIBE from only selective bounded-depth HIBE in the random oracle model. These results significantly extend the range of underlying assumptions and efficient instantiations. We conclude with a rigorous performance evaluation of our UPIBE design. Beyond solving challenging open problems by reducing complexity and improving efficiency of KU-KEM and strongly secure messaging protocols, we offer a new definitional perspective on the bounded-collusion setting.

Original language	English
Title of host publication	Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques
Editors	Elisa Bertino, Wen Gao, Bernhard Steffen, Moti Yung
Publisher	Springer
Pages	3-34
Number of pages	32
Volume	14008
Edition	LNCS
ISBN (Print)	9783031305887
DOIs	https://doi.org/10.1007/978-3-031-30589-4_1
Publication status	Published - 16 Apr 2023
Event	EUROCRYPT 2023 - Lyon, France, Lyon, France Duration: 23 Apr 2023 → 27 Apr 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14008 LNCS

Conference

Conference	EUROCRYPT 2023
Country/Territory	France
City	Lyon
Period	23/04/23 → 27/04/23

Research Field

Cyber Security

Access to Document

10.1007/978-3-031-30589-4_1

Cite this

Rösler, P., Slamanig, D., & Striecks, C. (2023). Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging. In E. Bertino, W. Gao, B. Steffen, & M. Yung (Eds.), Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques (LNCS ed., Vol. 14008, pp. 3-34). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14008 LNCS). Springer. https://doi.org/10.1007/978-3-031-30589-4_1

Rösler, Paul ; Slamanig, Daniel ; Striecks, Christoph. / Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging. Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. editor / Elisa Bertino ; Wen Gao ; Bernhard Steffen ; Moti Yung. Vol. 14008 LNCS. ed. Springer, 2023. pp. 3-34 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5f61c1d462f14e19af808ad3982ba91d,

title = "Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging",

abstract = "Hierarchical Identity Based Encryption (HIBE) is a well studied, versatile tool used in many cryptographic protocols. Yet, since the performance of all known HIBE constructions is broadly considered prohibitive, some real-world applications avoid relying on HIBE at the expense of security. A prominent example for this is secure messaging: Strongly secure messaging protocols are provably equivalent to Key-Updatable Key Encapsulation Mechanisms (KU-KEMs; Balli et al., Asiacrypt 2020); so far, all KU-KEM constructions rely on adaptive unbounded-depth HIBE (Poettering and R{\"o}sler, Jaeger and Stepanovs, both CRYPTO 2018). By weakening security requirements for better efficiency, many messaging protocols dispense with using HIBE. In this work, we aim to gain better efficiency without sacrificing security. For this, we observe that applications like messaging only need a restricted variant of HIBE for strong security. This variant, that we call Unique-Path Identity Based Encryption (UPIBE), restricts HIBE by requiring that each secret key can delegate at most one subordinate secret key. However, in contrast to fixed secret key delegation in Forward-Secure Public Key Encryption, the delegation in UPIBE, as in HIBE, is uniquely determined by variable identity strings from an exponentially large space. We investigate this mild but surprisingly effective restriction and show that it offers substantial complexity and performance advantages. More concretely, we generically build bounded-depth UPIBE from only bounded-collusion IBE in the standard model; and we generically build adaptive unbounded-depth UPIBE from only selective bounded-depth HIBE in the random oracle model. These results significantly extend the range of underlying assumptions and efficient instantiations. We conclude with a rigorous performance evaluation of our UPIBE design. Beyond solving challenging open problems by reducing complexity and improving efficiency of KU-KEM and strongly secure messaging protocols, we offer a new definitional perspective on the bounded-collusion setting.",

author = "Paul R{\"o}sler and Daniel Slamanig and Christoph Striecks",

year = "2023",

month = apr,

day = "16",

doi = "10.1007/978-3-031-30589-4\_1",

language = "English",

isbn = "9783031305887",

volume = "14008",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "3--34",

editor = "Bertino, \{Elisa \} and Gao, \{Wen \} and Bernhard Steffen and Yung, \{Moti \}",

booktitle = "Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques",

address = "Germany",

edition = "LNCS",

note = "EUROCRYPT 2023 ; Conference date: 23-04-2023 Through 27-04-2023",

}

Rösler, P, Slamanig, D & Striecks, C 2023, Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging. in E Bertino, W Gao, B Steffen & M Yung (eds), Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. LNCS edn, vol. 14008, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14008 LNCS, Springer, pp. 3-34, EUROCRYPT 2023, Lyon, France, 23/04/23. https://doi.org/10.1007/978-3-031-30589-4_1

Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging. / Rösler, Paul (Speaker); Slamanig, Daniel; Striecks, Christoph.
Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. ed. / Elisa Bertino; Wen Gao; Bernhard Steffen; Moti Yung. Vol. 14008 LNCS. ed. Springer, 2023. p. 3-34 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14008 LNCS).

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

TY - GEN

T1 - Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging

AU - Slamanig, Daniel

AU - Striecks, Christoph

A2 - Rösler, Paul

A2 - Bertino, Elisa

A2 - Gao, Wen

A2 - Steffen, Bernhard

A2 - Yung, Moti

PY - 2023/4/16

Y1 - 2023/4/16

N2 - Hierarchical Identity Based Encryption (HIBE) is a well studied, versatile tool used in many cryptographic protocols. Yet, since the performance of all known HIBE constructions is broadly considered prohibitive, some real-world applications avoid relying on HIBE at the expense of security. A prominent example for this is secure messaging: Strongly secure messaging protocols are provably equivalent to Key-Updatable Key Encapsulation Mechanisms (KU-KEMs; Balli et al., Asiacrypt 2020); so far, all KU-KEM constructions rely on adaptive unbounded-depth HIBE (Poettering and Rösler, Jaeger and Stepanovs, both CRYPTO 2018). By weakening security requirements for better efficiency, many messaging protocols dispense with using HIBE. In this work, we aim to gain better efficiency without sacrificing security. For this, we observe that applications like messaging only need a restricted variant of HIBE for strong security. This variant, that we call Unique-Path Identity Based Encryption (UPIBE), restricts HIBE by requiring that each secret key can delegate at most one subordinate secret key. However, in contrast to fixed secret key delegation in Forward-Secure Public Key Encryption, the delegation in UPIBE, as in HIBE, is uniquely determined by variable identity strings from an exponentially large space. We investigate this mild but surprisingly effective restriction and show that it offers substantial complexity and performance advantages. More concretely, we generically build bounded-depth UPIBE from only bounded-collusion IBE in the standard model; and we generically build adaptive unbounded-depth UPIBE from only selective bounded-depth HIBE in the random oracle model. These results significantly extend the range of underlying assumptions and efficient instantiations. We conclude with a rigorous performance evaluation of our UPIBE design. Beyond solving challenging open problems by reducing complexity and improving efficiency of KU-KEM and strongly secure messaging protocols, we offer a new definitional perspective on the bounded-collusion setting.

AB - Hierarchical Identity Based Encryption (HIBE) is a well studied, versatile tool used in many cryptographic protocols. Yet, since the performance of all known HIBE constructions is broadly considered prohibitive, some real-world applications avoid relying on HIBE at the expense of security. A prominent example for this is secure messaging: Strongly secure messaging protocols are provably equivalent to Key-Updatable Key Encapsulation Mechanisms (KU-KEMs; Balli et al., Asiacrypt 2020); so far, all KU-KEM constructions rely on adaptive unbounded-depth HIBE (Poettering and Rösler, Jaeger and Stepanovs, both CRYPTO 2018). By weakening security requirements for better efficiency, many messaging protocols dispense with using HIBE. In this work, we aim to gain better efficiency without sacrificing security. For this, we observe that applications like messaging only need a restricted variant of HIBE for strong security. This variant, that we call Unique-Path Identity Based Encryption (UPIBE), restricts HIBE by requiring that each secret key can delegate at most one subordinate secret key. However, in contrast to fixed secret key delegation in Forward-Secure Public Key Encryption, the delegation in UPIBE, as in HIBE, is uniquely determined by variable identity strings from an exponentially large space. We investigate this mild but surprisingly effective restriction and show that it offers substantial complexity and performance advantages. More concretely, we generically build bounded-depth UPIBE from only bounded-collusion IBE in the standard model; and we generically build adaptive unbounded-depth UPIBE from only selective bounded-depth HIBE in the random oracle model. These results significantly extend the range of underlying assumptions and efficient instantiations. We conclude with a rigorous performance evaluation of our UPIBE design. Beyond solving challenging open problems by reducing complexity and improving efficiency of KU-KEM and strongly secure messaging protocols, we offer a new definitional perspective on the bounded-collusion setting.

UR - https://eprint.iacr.org/2023/248

U2 - 10.1007/978-3-031-30589-4_1

DO - 10.1007/978-3-031-30589-4_1

M3 - Conference Proceedings with Oral Presentation

SN - 9783031305887

VL - 14008

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 34

BT - Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques

PB - Springer

T2 - EUROCRYPT 2023

Y2 - 23 April 2023 through 27 April 2023

ER -

Rösler P, Slamanig D, Striecks C. Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging. In Bertino E, Gao W, Steffen B, Yung M, editors, Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. LNCS ed. Vol. 14008. Springer. 2023. p. 3-34. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-30589-4_1

Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging

Abstract

Publication series

Conference

Research Field

Access to Document

Other files and links

Fingerprint

Cite this