Paper 2012/142

Identity-Based Encryption with Master Key-Dependent Message Security and Applications

David Galindo, Javier Herranz, and Jorge Villar


We introduce the concept of identity-based encryption (IBE) with master key-dependent chosen-plaintext (mKDM-sID-CPA) security. These are IBE schemes that remain secure even after the adversary sees encryptions, under some initially selected identities, of functions of the master secret key(s). We then propose a generic construction of chosen-ciphertext secure key-dependent encryption (KDM-CCA) schemes in the public key setting starting from mKDM-sID-CPA secure IBE schemes. This is reminiscent to the celebrated work by Canetti, Halevi and Katz (Eurocrypt 2004) on the traditional key-oblivious setting. Previously only one generic construction of KDM-CCA secure public key schemes was known, due to Camenisch, Chandran and Shoup (Eurocrypt 2009), and it required non-interactive zero knowledge proofs (NIZKs). Our transformation shows that NIZKs are not intrinsic to KDM-CCA public key encryption. Additionally, we are able to instantiate our new concept under the Rank assumption on pairing groups and for affine functions of the secret keys. The scheme builds on previous work by Boneh, Halevi, Hamburg and Ostrovsky (Crypto 2008). Our concrete schemes are only able to provide security against a bounded number of encryption queries, which is enough in some practical scenarios. As a corollary we obtain a KDM-CCA secure public key encryption scheme, in the standard model, whose security reduction to a static assumption is independent of the number of challenge queries. As an independent contribution, we give new and better reductions between the Rank problem (previously named as Matrix DDH problem) and the Decisional Linear and the Decisional 3-Party Diffie-Hellman problems.

Note: switched to multiplicative notation; new references to concurrent work

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
identity-based encryptionkey-dependent message security
Contact author(s)
jherranz @ ma4 upc edu
2012-04-26: revised
2012-03-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Galindo and Javier Herranz and Jorge Villar},
      title = {Identity-Based Encryption with Master Key-Dependent Message Security and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2012/142},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.