Cryptology ePrint Archive: Report 2013/016

Revocable Identity-Based Encryption Revisited: Security Model and Construction

Jae Hong Seo and Keita Emura

Abstract: In ACM CCS 2008, Boldyreva et al. proposed an elegant way of achieving an Identity-based Encryption (IBE) with {\em efficient} revocation, which we call revocable IBE (RIBE). One of the significant benefit of their construction is scalability, where the overhead of the trusted authority is logarithmically increased in the number of users, whereas that in the Boneh-Franklin naive revocation way is linearly increased. All subsequent RIBE schemes follow the Boldyreva et al. security model and syntax. In this paper, we first revisit the Boldyreva et al. security model, and aim at capturing the exact notion for the security of the naive but non-scalable Boneh-Franklin RIBE scheme. To this end, we consider a realistic threat, which we call {\em decryption key exposure}. We also show that all prior RIBE constructions except for the Boneh-Franklin one are vulnerable to decryption key exposure. As the second contribution, we revisit approaches to achieve (efficient and adaptively secure) scalable RIBE schemes, and propose a simple RIBE scheme, which is the first scalable RIBE scheme with decryption key exposure resistance, and is more efficient than previous (adaptively secure) scalable RIBE schemes. In particular, our construction has the shortest ciphertext size and the fastest decryption algorithm even compared with all scalable RIBE schemes without decryption key exposure resistance.

Category / Keywords: public-key cryptography / identity-based encryption, revocation, decryption key exposure

Publication Info: An extended abstract will appear at PKC 2013. This is the full version.

Date: received 9 Jan 2013

Contact author: jhsbhs at gmail com

Available formats: PDF | BibTeX Citation

Version: 20130118:124028 (All versions of this report)

Discussion forum: Show discussion | Start new discussion