Paper 2013/806

Efficient (Anonymous) Compact HIBE From Standard Assumptions

Somindu C. Ramanna and Palash Sarkar

Abstract

We present two hierarchical identity-based encryption (HIBE) schemes, denoted as $\ahibe$ and $\hibe$, from Type-3 pairings with constant sized ciphertexts. Scheme $\ahibe$ achieves anonymity while $\hibe$ is non-anonymous. The constructions are obtained by extending the IBE scheme recently proposed by Jutla and Roy (Asiacrypt 2013). Security is based on the standard decisional Symmetric eXternal Diffie-Hellman (SXDH) assumption. In terms of provable security properties, previous direct constructions of constant-size ciphertext HIBE had one or more of the following drawbacks: security in the weaker model of selective-identity attacks; exponential security degradation in the depth of the HIBE; and use of non-standard assumptions. The security arguments for $\ahibe$ and $\hibe$ avoid all of these drawbacks. These drawbacks can also be avoided by obtaining HIBE schemes by specialising schemes for hierarchical inner product encryption; the downside is that the resulting efficiencies are inferior to those of the schemes reported here. Currently, there is no known anonymous HIBE scheme having the security properties of $\ahibe$ and comparable efficiency. An independent work by Chen and Wee describes a non-anonymous HIBE scheme with security claims and efficiency similar to that of $\hibe$; we note though that in comparison to $\hibe$, the Chen-Wee HIBE scheme has larger ciphertexts and less efficient encryption and decryption algorithms. Based on the current state-of-the-art, $\ahibe$ and $\hibe$ are the schemes of choice for efficient implementation of (anonymous) HIBE constructions.