Paper 2024/1575

Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications

Amit Agarwal, University of Illinois Urbana-Champaign
Rex Fernando, Aptos Labs
Benny Pinkas, Aptos Labs, Bar-Ilan University
Abstract

We propose a new cryptographic primitive called "batched identity-based encryption" (Batched IBE) and its thresholdized version. The new primitive allows encrypting messages with specific identities and batch labels, where the latter can represent, for example, a block number on a blockchain. Given an arbitrary subset of identities for a particular batch, our primitive enables efficient issuance of a single decryption key that can be used to decrypt all ciphertexts having identities that are included in the subset while preserving the privacy of all ciphertexts having identities that are excluded from the subset. At the heart of our construction is a new technique that enables public aggregation (i.e. without knowledge of any secrets) of any subset of identities, into a succinct digest. This digest is used to derive, via a master secret key, a single succinct decryption key for all the identities that were digested in this batch. In a threshold system, where the master key is distributed as secret shares among multiple authorities, our method significantly reduces the communication (and in some cases, computation) overhead for the authorities. It achieves this by making their costs for key issuance independent of the batch size. We present a concrete instantiation of a Batched IBE scheme based on the KZG polynomial commitment scheme by Kate et al. (Asiacrypt'10) and a modified form of the BLS signature scheme by Boneh et al. (Asiacrypt'01). The construction is proven secure in the generic group model (GGM). In a blockchain setting, the new construction can be used for achieving mempool privacy by encrypting transactions to a block, opening only the transactions included in a given block and hiding the transactions that are not included in it. With the thresholdized version, multiple authorities (validators) can collaboratively manage the decryption process. Other possible applications include scalable support via blockchain for fairness of dishonest majority MPC, and conditional batched threshold decryption that can be used for implementing secure Dutch auctions and privacy preserving options trading.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
identity based encryptionblockchainthreshold cryptography
Contact author(s)
amita2 @ illinois edu
rex1fernando @ gmail com
benny @ pinkas net
History
2024-10-24: revised
2024-10-06: received
See all versions
Short URL
https://ia.cr/2024/1575
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2024/1575,
      author = {Amit Agarwal and Rex Fernando and Benny Pinkas},
      title = {Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1575},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1575}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.