Paper 2022/1196

Embedded Identity Traceable Identity-Based IPFE from Pairings and Lattices

Subhranil Dutta, Indian Institute of Technology Kharagpur
Tapas Pal, NTT (Japan)
Amit Kumar Singh, Indian Institute of Technology Kharagpur
Sourav Mukhopadhyay, Indian Institute of Technology Kharagpur

We present the first fully collusion resistant traitor tracing (TT) scheme for identity-based inner product functional encryption (IBIPFE) that directly traces user identities through an efficient tracing procedure. We name such a scheme as embedded identity traceable IBIPFE (EI-TIBIPFE), where secret keys and ciphertexts are computed for vectors u and v respectively. Additionally, each secret key is associated with a user identification information tuple (i , id, gid) that specifies user index i , user identity id and an identity gid of a group to which the user belongs. The ciphertexts are generated under a group identity gid′ so that decryption recovers the inner product between the vectors u and v if the user is a member of the group gid′, i.e., gid = gid′. Suppose some users linked to a particular group team up and create a pirate decoder that is capable of decrypting the content of the group, then the tracing algorithm extracts at least one id from the team given black-box access to the decoder. In prior works, such TT schemes are built for usual public key encryptions. The only existing TIPFE scheme proposed by Do, Phan, and Pointcheval [CT-RSA’20] can trace user indices but not the actual identities. Moreover, their scheme achieves selective security and private traceability, meaning that it is only the trusted authority that is able to trace user indices. In this work, we present the following TT schemes with varying parameters and levels of security: (1) We generically construct EI-TIBIPFE assuming the existence of IBIPFE. The scheme preserves the security level of the underlying IBIPFE. (2) We build an adaptively secure EI-TIPFE scheme from bilinear maps. Note that EI-TIPFE is a particular case of EI-TIBIPFE, which does not consider group identities. (3) Next, we construct a selectively secure EI-TIBIPFE from bilinear maps. As an intermediate step, we design the first IBIPFE scheme based on a target group assumption in the standard model. (4) Finally, we provide a generic construction of selectively secure EI-TIBIPFE from lattices, namely under the standard Learning With Errors assumption. Our pairing-based schemes support public traceability and the ciphertext size grows with $\sqrt{n}$, whereas in the IBIPFE and lattice-based ones, it grows linearly with n. The main technical difficulty is designing such an advanced TT scheme for an IBIPFE that is beyond IPFE and more suitable for real-life applications.

Available format(s)
Public-key cryptography
Publication info
embedded identity traitor tracing inner product functional encryption identity-based inner product functional encryption
Contact author(s)
subhranildutta @ iitkgp ac in
tapas pal wh @ hco ntt co jp
amitsingh @ iitkgp ac in
sourav @ maths iitkgp ac in
2022-11-10: revised
2022-09-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Subhranil Dutta and Tapas Pal and Amit Kumar Singh and Sourav Mukhopadhyay},
      title = {Embedded Identity Traceable Identity-Based IPFE from Pairings and Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1196},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.