In this paper, we introduce bounded decryption key exposure resistance (B-DKER), where an adversary is allowed to get a-priori bounded number of short-term decryption keys in the security game.B-DKER is a weak version of DKER, but it seems to be sufficient for practical use. We obtain the following results: (1) We propose a lattice-based (anonymous) RIBE scheme with B-DKER, which is the first lattice-based construction resilient to decryption key exposure. Our lattice-based construction is secure under the LWE assumption. A previous lattice-based construction satisfies anonymity but is vulnerable even with a single decryption key exposure. (2) We propose the first pairing-based RIBE scheme that simultaneously realizes anonymity and B-DKER. Our pairing-based construction is secure under the SXDH assumption.
Our two constructions rely on cover free families to satisfy B-DKER, whereas all the existing works rely on the key re-randomization property to achieve DKER.
Category / Keywords: public-key cryptography / Original Publication (with major differences): ACISP2017 Date: received 12 Apr 2017, last revised 23 Aug 2018 Contact author: takayasu at mist i u-tokyo ac jp Available format(s): PDF | BibTeX Citation Note: This paper is the full version of the paper presented in ACISP 2017 titled ``Lattice-based Revocable Identity-based Encryption with Bounded Decryption Key Exposure Resistance’’. We added a pairing-based anonymous RIBE scheme with bounded DKER. Version: 20180823:075202 (All versions of this report) Short URL: ia.cr/2017/323