Cryptology ePrint Archive: Report 2016/1020

KDM Security for Identity-Based Encryption: Constructions and Separations

Yu Chen and Jiang Zhang and Yi Deng and Jinyong Chang

Abstract: For encryption schemes, key dependent message (KDM) security requires that ciphertexts preserve secrecy even when the encrypt messages may depend on the secret keys. While KDM security has been extensively studied for public-key encryption (PKE), it receives much less attention in the setting of identity-based encryption (IBE). In this work, we focus on the KDM security for IBE. Our results are threefold.

We give a simple structure-mirroring PKE-to-IBE transformation via indistinguisha- bility obfuscation and puncturable PRFs. This transformation establishes a connec- tion between PKE and IBE in general. Particularly, it provides a liberal interface for transferring the KDM security results (both positive and negative) from PKE to IBE, though in the selective-identity sense.

On the positive side, we present two constructions that achieve KDM security in the adaptive-identity sense for the first time. One is generically built from identity-based hash proof system (IB-HPS) with homomorphic property, which indicates that the IBE schemes of Gentry (Eurocrypt 2006), Coron (DCC 2009), Chow et al. (CCS 2010) are actually KDM-secure in the single-key setting. The other is built from indistinguishability obfuscation and a new notion named puncturable unique signature, which is bounded KDM-secure in the single-key setting.

On the negative side, we separate n-circular security (which is a prototypical case of KDM security) from the standard IND-CPA/CCA security for IBE by giving a coun- terexample based on differing-inputs obfuscation and a new notion named puncturable IBE.

Category / Keywords: public-key cryptography / KDM security, IBE, IB-HPS, Obfuscation, Counterexample

Date: received 26 Oct 2016, last revised 9 Feb 2017

Contact author: yuchen prc at gmail com; jiangzhang09@gmail com

Available format(s): PDF | BibTeX Citation

Note: We revised the security result of KDM-secure IBE from homomorphic IB-HPS.

Version: 20170210:031137 (All versions of this report)

Short URL: ia.cr/2016/1020

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]