Efficient Adaptively Secure IBBE from Standard Assumptions

This paper describes the first construction of efficient identity-based broadcast encryption (IBBE) schemes which can be proved secure against adaptive-identity attacks based on standard assumptions. The constructions are obtained by extending the currently known most efficient identity-based encryption scheme proposed by Jutla and Roy in 2013. Ciphertext size and user storage compare favourably to previously known constructions. The new constructions fill both a practical and a theoretical gap in the literature on efficient IBBE schemes

Unbounded Non-Zero Inner Product Encryption

In a non-zero inner product encryption (NIPE) scheme, ciphertexts and keys are associated with vectors from some inner-product space. Decryption of a ciphertext for $\vec{x}$ is allowed by a key for $\vec{y}$ if and only if the inner product $\langle{\vec{x}},{\vec{y}}\rangle \neq 0$. Existing constructions of NIPE assume the length of the vectors are fixed apriori. We present the first constructions of $unbounded$ non-zero inner product encryption (UNIPE) with constant sized keys. Unbounded here refers to the size of vectors not being pre-fixed during setup. Both constructions, based on bilinear maps, are proven selectively secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Our constructions are obtained by transforming the unbounded inner product functional encryption (IPFE) schemes of Dufour-Sans and Pointcheval (ACNS 2019), one in the $strict ~ domain$ setting and the other in the $permissive ~ domain$ setting. Interestingly, in the latter case, we prove security from DBDH, a static assumption while the original IPE scheme relied on an interactive parameterised assumption. In terms of efficiency, features of the IPE constructions are retrained after transformation to NIPE. Notably, the public key and decryption keys have constant size

Variants of Waters\u27 Dual-System Primitives Using Asymmetric Pairings

Waters, in 2009, introduced an important technique, called dual-system encryption, to construct identity-based encryption (IBE) and related schemes. The resulting IBE scheme was described in the setting of symmetric pairing. A key feature of the construction is the presence of random tags in the ciphertext and decryption key. Later work by Lewko and Waters has removed the tags and proceeding through composite-order pairings has led to a more efficient dual-system IBE scheme using asymmetric pairings whose security is based on non-standard but static assumptions. In this work, we have systematically simplified Waters 2009 IBE scheme in the setting of asymmetric pairing. The simplifications retain tags used in the original description. This leads to several variants, the first one of which is based on standard assumptions and in comparison to Waters original scheme reduces ciphertexts and keys by two elements each. Going through several stages of simplifications, we finally obtain a simple scheme whose security can be based on two standard assumptions and a natural and minimal extension of the decision Diffie-Hellman problem for asymmetric pairing groups. The scheme itself is also minimal in the sense that apart from the tags, both encryption and key generation use exactly one randomiser each. This final scheme is more efficient than both the previous dual-system IBE scheme in the asymmetric setting due to Lewko and Waters and the more recent dual-system IBE scheme due to Lewko. We extend the IBE scheme to hierarchical IBE (HIBE) and broadcast encryption (BE) schemes. Both primitives are secure in their respective full models and have better efficiencies compared to previously known schemes offering the same level and type of security

DFA-Based Functional Encryption: Adaptive Security from Dual System Encryption

We present an adaptively secure functional encryption (FE) scheme based on deterministic finite automata (DFA). The construction uses composite-order bilinear pairings and is built upon the selectively secure DFA-based FE scheme of Waters (Crypto 2012). The scheme is proven secure using the dual system methodology under static subgroup decision assumptions. A dual system proof requires generating of semi-functional components from the instance. In addition, these components must be shown to be properly distributed in an attacker’s view. This can be ensured by imposing a restriction on the automata and strings over which the scheme is built i.e., every symbol can appear at most once in a string and in the set of transition tuples of an automata. First a basic construction with the restrictions is obtained and proved to be adaptively secure. We then show how to extend this basic scheme to a full scheme where the restrictions can be relaxed by placing a bound on the number of occurrences of any symbol in a string and in the set of transitions. With the relaxed restrictions, our system supports functionality defined by a larger class of regular languages.

On Quantifying the Resistance of Concrete Hash Functions to Generic Multi-Collision Attacks

Bellare and Kohno (2004) introduced the notion of balance to quantify the resistance of a hash function h to a generic collision attack. Motivated by their work, we consider the problem of quantifying the resistance of h to a generic multi-collision attack. To this end, we introduce the notion of r-balance µr(h) of h and obtain bounds on the success probability of finding an r-collision in terms( of µr(h). These r−1 bounds show that for a hash function with m image points, if the number of trials q is Θ rm ( r)µr(h)) then it is possible to find r-collisions with a significant probability of success. It is further shown that compared to regular functions, random functions offer somewhat lesser resistance to a generic multicollision attack. These results extend and complete the earlier results obtained by Bellare and Kohno (2004) for collisions (i.e., r = 2).

Anonymous HIBE from Standard Assumptions over Type-3 Pairings using Dual System Encryption

We present the first anonymous hierarchical identity based encryption (HIBE) scheme using Type-3 pairings with adaptive security based on standard assumptions. Previous constructions of anonymous HIBE schemes did not simultaneously achieve all these features. The new construction uses dual pairing vector spaces using an identity hash earlier used by Boneh, Boyen and Goh. The proof of security follows dual system approach based on decisional subspace assumptions which are implied by Symmetric eXternal Diffie-Hellman (SXDH) assumption in Type-3 pairing groups

Anonymous Constant-Size Ciphertext HIBE From Asymmetric Pairings

Abstract. We present a new hierarchical identity based encryption (HIBE) scheme with constant-size ciphertext that can be implemented using the most efficient bilinear pairings, namely, Type-3 pairings. In addition to being fully secure, our scheme is anonymous. The HIBE is obtained by extending an asymmetric pairing based IBE scheme due to Lewko and Waters. The extension uses the approach of Boneh-Boyen-Goh to obtain constant-size ciphertexts and that of Boyen-Waters for anonymity. Security argument is based on the dual-system technique of Waters. The resulting HIBE is the only known scheme using Type-3 pairings achieving constant-size ciphertext, security against adaptive-identity attacks and anonymity under static assumptions without random oracles

Applied

This paper describes the first construction of efficient identity-based broadcast encryption (IBBE) schemes which can be proved secure against adaptive-identity attacks based on standard assumptions. The constructions are obtained by extending the currently known most efficient identity-based encryption scheme proposed by Jutla and Roy in 2013. Ciphertext size and user storage compare favourably to previously known constructions. The new constructions fill both a practical and a theoretical gap in the literature on efficient IBBE schemes