Cryptology ePrint Archive: Report 2013/880

New Constructions of Revocable Identity-Based Encryption from Multilinear Maps

Seunghwan Park and Kwangsu Lee and Dong Hoon Lee

Abstract: A revocation mechanism in cryptosystems for a large number of users is absolutely necessary to maintain the security of whole systems. A revocable identity-based encryption (RIBE) provides an efficient revocation method in IBE that a trusted authority periodically broadcasts an update key for non-revoked users and a user can decrypt a ciphertext if he is not revoked in the update key. Boldyreva, Goyal, and Kumar (CCS 2008) defined RIBE and proposed an RIBE scheme that uses a tree-based revocation encryption scheme to revoke users. However, this approach has an inherent limitation that the number of private key elements and update key elements cannot be constant. In this paper, to overcome the previous limitation, we devise a new technique for RIBE and propose RIBE schemes with a constant number of private key elements. We achieve the following results:

- We first devise a new technique for RIBE that combines hierarchical IBE (HIBE) scheme and a public-key broadcast encryption (PKBE) scheme by using multilinear maps. In contrast to the previous technique for RIBE, our technique uses a PKBE scheme in bilinear maps for revocation to achieve short private keys and update keys.

- Following our new technique for RIBE, we propose an RIBE scheme in 3-leveled multilinear maps that combines the HIBE scheme of Boneh and Boyen (Eurocrypt 2004) and the PKBE scheme of Boneh, Gentry, and Waters (Crypto 2005). The private key and update key of our scheme have a constant number of group elements. We introduce a new complexity assumption in multilinear maps and prove the security of our scheme in the selective revocation list model.

- Next, we propose another RIBE scheme with short public parameters and short keys by combining the HIBE scheme of Boneh and Boyen and the PKBE scheme of Boneh, Waters, and Zhandry (Crypto 2014) that uses multilinear maps. Compared with our first RIBE scheme, our second RIBE scheme requires a high-leveled multilinear maps since the PKBE scheme of Boneh et al. based on the high-leveled multilinear maps.

Category / Keywords: public-key cryptography / Identity-based encryption, Key revocation, Broadcast encryption, Multilinear maps

Date: received 30 Dec 2013, last revised 29 Nov 2014

Contact author: sgusa at korea ac kr; guspin@korea ac kr

Available format(s): PDF | BibTeX Citation

Version: 20141130:030412 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]