Cryptology ePrint Archive: Report 2017/323

Lattice-based Revocable Identity-based Encryption with Bounded Decryption Key Exposure Resistance

Atsushi Takayasu and Yohei Watanabe

Abstract: A revocable identity-based encryption (RIBE) scheme, proposed by Boldyreva et al, provides a revocation functionality for managing a number of users dynamically and efficiently. To capture a realistic scenario, Seo and Emura introduced an additional important security notion, called decryption key exposure resistance (DKER), where an adversary is allowed to query short-term decryption keys. Although several RIBE schemes that satisfy DKER have been proposed, all the lattice-based RIBE schemes, e.g., Chen et al.'s scheme, do not achieve DKER, since they basically do not have the key re-randomization property, which is considered to be an essential requirement for achieving DKER. In particular, in every existing lattice-based RIBE scheme, an adversary can easily recover plaintexts if the adversary is allowed to issue even a single short-term decryption key query. In this paper, we propose a new lattice-based RIBE scheme secure against exposure of a-priori bounded number of decryption keys (for every identity). We believe that this bounded notion is still meaningful and useful from a practical perspective. Technically, to achieve the bounded security without the key re-randomization property, key updates in our scheme are short vectors whose corresponding syndrome vector changes in each time period. For this approach to work correctly and for the scheme to be secure, cover free families play a crucial role in our construction.

Category / Keywords: public-key cryptography /

Original Publication (in the same form): ACISP 2017

Date: received 12 Apr 2017, last revised 17 Apr 2017

Contact author: takayasu at mist i u-tokyo ac jp

Available format(s): PDF | BibTeX Citation

Version: 20170417:104603 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]