Cryptology ePrint Archive: Report 2016/1020

KDM Security for Identity-Based Encryption: Constructions and Separations

Yu Chen and Jiang Zhang and Yi Deng and Jinyong Chang

Abstract: For encryption schemes, key dependent message (KDM) security requires that ciphertexts preserve secrecy even when the messages to be encrypted depend on the secret keys. While KDM security has been extensively studied for public-key encryption (PKE), it receives much less attention in the setting of identity-based encryption (IBE). In this work, we focus on the KDM security for IBE. Our results are threefold.

We first propose a generic approach to transfer the KDM security results (both positive and negative) from PKE to IBE. At the heart of our approach is a neat structure-mirroring PKE-to-IBE transformation based on indistinguishability obfuscation and puncturable PRFs, which establishes a connection between PKE and IBE in general. However, the obtained results are restricted to selective-identity sense. We then concentrate on results in adaptive-identity sense.

On the positive side, we present two constructions that achieve KDM security in the adaptive-identity sense for the first time. One is built from identity-based hash proof system (IB-HPS) with homomorphic property, which indicates that the IBE schemes of Gentry (Eurocrypt 2006), Coron (DCC 2009), Chow et al. (CCS 2010) are actually KDM-secure in the single-key setting. The other is built from indistinguishability obfuscation and a new notion named puncturable unique signature, which is bounded KDM-secure in the single-key setting. On the negative side, we separate CPA/CCA security from $n$-circular security (which is a prototypical case of KDM security) for IBE by giving a counterexample based on differing-inputs obfuscation and a new notion named puncturable IBE. We further propose a general framework for generating $n$-circular security counterexamples in identity-based setting, which might be of independent interest.

Category / Keywords: public-key cryptography / KDM security, IBE, IB-HPS, Obfuscation, Counterexample

Date: received 26 Oct 2016, last revised 15 Dec 2017

Contact author: yuchen prc at gmail com; jiangzhang09@gmail com

Available format(s): PDF | BibTeX Citation

Note: We revised the security result of KDM-secure IBE from homomorphic IB-HPS.

Version: 20171216:061333 (All versions of this report)

Short URL: ia.cr/2016/1020


[ Cryptology ePrint archive ]