Paper 2013/068

Why Proving HIBE Systems Secure is Difficult

Allison Lewko and Brent Waters


Proving security of Hierarchical Identity-Based Encryption (HIBE) and Attribution Based Encryption scheme is a challenging problem. There are multiple well-known schemes in the literature where the best known (adaptive) security proofs degrade exponentially in the maximum hierarchy depth. However, we do not have a rigorous understanding of why better proofs are not known. (For ABE, the analog of hierarchy depth is the maximum number of attributes used in a ciphertext.) In this work, we define a certain commonly found checkability property on ciphertexts and private keys. Roughly the property states that any two different private keys that are both ``supposed to'' decrypt a ciphertext will decrypt it to the same message. We show that any simple black box reduction to a non-interactive assumption for a HIBE or ABE system that contains this property will suffer an exponential degradation of security.

Available format(s)
Publication info
Published elsewhere. Unknown status
Contact author(s)
allibishop @ gmail com
2013-10-17: last of 3 revisions
2013-02-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Allison Lewko and Brent Waters},
      title = {Why Proving HIBE Systems Secure is Difficult},
      howpublished = {Cryptology ePrint Archive, Paper 2013/068},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.