Paper 2014/581

(Hierarchical) Identity-Based Encryption from Affine Message Authentication

Olivier Blazy, Eike Kiltz, and Jiaxin Pan


We provide a generic transformation from any \emph{affine} message authentication code (MAC) to an identity-based encryption (IBE) scheme over pairing groups of prime order. If the MAC satisfies a security notion related to unforgeability against chosen-message attacks and, for example, the $k$-Linear assumption holds, then the resulting IBE scheme is adaptively secure. Our security reduction is tightness preserving, i.e., if the MAC has a tight security reduction so has the IBE scheme. Furthermore, the transformation also extends to hierarchical identity-based encryption (HIBE). We also show how to construct affine MACs with a tight security reduction to standard assumptions. This, among other things, provides a tightly secure IBE in the standard model.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in CRYPTO 2014
IBEHIBEstandard modeltight reduction
Contact author(s)
jiaxin pan @ rub de
2016-06-28: last of 2 revisions
2014-07-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Olivier Blazy and Eike Kiltz and Jiaxin Pan},
      title = {(Hierarchical) Identity-Based Encryption from Affine Message Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2014/581},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.