Cryptology ePrint Archive: Report 2015/566

A Framework for Identity-Based Encryption with Almost Tight Security

Nuttapong Attrapadung, Goichiro Hanaoka, Shota Yamada

Abstract: We show a framework for constructing identity-based encryption (IBE) schemes that are (almost) tightly secure in the multi-challenge and multi-instance setting. In particular, we formalize a new notion called broadcast encoding, analogously to encoding notions by Attrapadung (Eurocrypt '14) and Wee (TCC '14). We then show that it can be converted into such an IBE. By instantiating the framework using several encoding schemes (new or known ones), we obtain the following:

- We obtain (almost) tightly secure IBE in the multi-challenge, multi-instance setting, both in composite and prime-order groups. The latter resolves the open problem posed by Hofheinz et al (PKC '15).

- We obtain the first (almost) tightly secure IBE with sub-linear size public parameters (master public keys). In particular, we can set the size of the public parameters to constant at the cost of longer ciphertexts. This gives a partial solution to the open problem posed by Chen and Wee (Crypto '13).

By applying (a variant of) the Canetti-Halevi-Katz transformation to our schemes, we obtain several CCA-secure PKE schemes with tight security in the multi-challenge, multi-instance setting. One of our schemes achieves very small ciphertext overhead, consisting of less than 12 group elements. This significantly improves the state-of-the-art construction by Libert et al.~(in ePrint Archive) which requires 47 group elements. Furthermore, by modifying one of our IBE schemes obtained above, we can make it anonymous. This gives the first anonymous IBE whose security is almost tightly shown in the multi-challenge setting.

Category / Keywords: public-key cryptography /

Date: received 9 Jun 2015, last revised 9 Jun 2015

Contact author: yamada-shota at aist go jp

Available format(s): PDF | BibTeX Citation

Version: 20150617:002310 (All versions of this report)

Short URL: ia.cr/2015/566

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]