## Cryptology ePrint Archive: Report 2017/323

Revocable Identity-based Encryption with Bounded Decryption Key Exposure Resistance: Lattice-based Construction and More

Atsushi Takayasu and Yohei Watanabe

Abstract: In general, identity-based encryption (IBE) does not support an efficient revocation procedure. In ACM CCS'08, Boldyreva et al. proposed revocable identity-based encryption (RIBE), which enables us to efficiently revoke (malicious) users in IBE. In PKC 2013, Seo and Emura introduced an additional security notion for RIBE, called decryption key exposure resistance (DKER). Roughly speaking, RIBE with DKER guarantees that the security is not compromised even if an adversary gets (a number of) short-term decryption keys. Therefore, DKER captures realistic scenarios and is an important notion.

In this paper, we introduce bounded decryption key exposure resistance (B-DKER), where an adversary is allowed to get a-priori bounded number of short-term decryption keys in the security game.B-DKER is a weak version of DKER, but it seems to be sufficient for practical use. We obtain the following results: (1) We propose a lattice-based (anonymous) RIBE scheme with B-DKER, which is the first lattice-based construction resilient to decryption key exposure. Our lattice-based construction is secure under the LWE assumption. A previous lattice-based construction satisfies anonymity but is vulnerable even with a single decryption key exposure. (2) We propose the first pairing-based RIBE scheme that simultaneously realizes anonymity and B-DKER. Our pairing-based construction is secure under the SXDH assumption.

Our two constructions rely on cover free families to satisfy B-DKER, whereas all the existing works rely on the key re-randomization property to achieve DKER.

Category / Keywords: public-key cryptography /

Original Publication (with major differences): ACISP2017

Date: received 12 Apr 2017, last revised 23 Aug 2018

Contact author: takayasu at mist i u-tokyo ac jp

Available format(s): PDF | BibTeX Citation

Note: This paper is the full version of the paper presented in ACISP 2017 titled Lattice-based Revocable Identity-based Encryption with Bounded Decryption Key Exposure Resistance’’. We added a pairing-based anonymous RIBE scheme with bounded DKER.

Short URL: ia.cr/2017/323

[ Cryptology ePrint archive ]