Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model

Yang Lu; Jiguo Li

doi:10.3934/amc.2017010

Article Contents

2017, Volume 11, Issue 1: 161-177. Doi: 10.3934/amc.2017010

This issue Previous Article Frequency hopping sequences with optimal aperiodic Hamming correlation by interleaving techniques Next Article Codes from hall planes of odd order

Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model

Yang Lu and
Jiguo Li

College of Computer and Information, Hohai University, No.8, Focheng Xi Road, Jiangning District, Nanjing, Jiangsu 211100, China

Received: July 31, 2015

Revised: November 30, 2015

Published: May 2017

This work is supported by the Nature Science Foundation of China under Grant Nos. 61272542 and 61672207, the Natural Science Foundation of Jiangsu Province Grant No. BK20161511, the Fundamental Research Funds for the Central Universities Grant No. 2016B10114, a Project Funded by the Priority Academic Program Development of Jiangsu Higher Education Institutions and Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology

Abstract Full Text(HTML) Figure(2) / Table(4) Related Papers Cited by

Abstract

The paradigm of forward security provides a promising approach to deal with the key exposure problem as it can effectively minimize the damage caused by the key exposure. In this paper, we develop a new forward-secure identity-based encryption scheme without random oracles. We formally prove that the proposed scheme is secure against adaptive chosen-ciphertext attacks in the standard model. In the proposed scheme, the running time of the private key extraction and decryption algorithms and the sizes of the user's initial private key and the ciphertext are independent on the total number of time periods, and any other performance parameter has at most log-squared complexity in terms of the total number of time periods. Compared with the previous forward-secure identity-based encryption schemes, the proposed scheme enjoys obvious advantage in the overall performance. To the best of our knowledge, it is the first forward-secure identity-based encryption scheme that achieves direct chosen-ciphertext security in the standard model.

Keywords:

Mathematics Subject Classification: Primary: 94A60; Secondary: 11T71.

Citation:

Full Text(HTML)

Figure 1. An example of how to associate the time periods $\{0, 1, \dots, 13\}$ with the nodes in a full binary tree with level 3

Download: Full-size image PowerPoint slide

Figure 2. An example to show which node secret keys are included in the private key of a user with identity $ID$ in each time period $i (0 \le i \le 13)$

Download: Full-size image PowerPoint slide

Table 1. Security of the compared forward-secure identity-based encryption schemes

Compared items	*Yao et al.'s* [45]	*Yu et al.'s* [47]	Ours
Standard model?	No	Yes	Yes
Security level	$\textit{fs}$-ID-CCA2	$\textit{fs}$-ID-CPA	$\textit{fs}$-ID-CCA2

| Show Table

DownLoad: CSV

Table 2. Storage costs of the compared forward-secure identity-based encryption schemes

Compared item	*Yao et al.'s* [45]	*Yu et al.'s* [47]	Ours
Private key size	$O(l')$	$O(l'^2)$	$O(l^2)$

| Show Table

DownLoad: CSV

Table 3. Computation costs of the compared forward-secure identity-based encryption schemes

Compared items	*Yao et al.'s* [45]	*Yu et al.'s* [47]	Ours
Key extraction time	$O(l')$	$O(l'^2)$	$O(1)$
Key update time	$O(l')$	$O(l'^2)$	$O(l)$
Encryption time	$O(l')$	$O(l')$	$O(l)$
Decryption time	$O(l')$	$O(1)$	$O(1)$

| Show Table

DownLoad: CSV

Table 4. Communication costs of the compared forward-secure identity-based encryption

Compared items	*Yao et al.'s* [45]	*Yu et al.'s* [47]	Ours
Public parameters size	$O(l')$	$O(l')$	$O(l)$
Initial private key size	$O(l')$	$O(l'^2)$	$O(1)$
Ciphertext size	$O(l')$	$O(1)$	$O(1)$

| Show Table

DownLoad: CSV

Related Papers

Cited by

References

[1]	M. Abdalla, S. K. Miner and C. Namprempre, Forward-secure threshold signature schemes, in Proc. CT-RSA 2001, Springer-Verlag, 2001,441-456. doi: 10.1007/3-540-45353-9_32.
[2]	M. Abdalla and L. Reyzin, A new forward-secure digital signature scheme, in Proc. Asiacrypt. 2000, Springer-Verlag, 2000,116-129. doi: 10.1007/3-540-44448-3_10.
[3]	R. Anderson, Two Remarks on public key cryptology, in 4th ACM Conf. Comp. Commun. Secur. , 1997.
[4]	M. Bellare and S. K. Miner, A forward-secure digital signature scheme, in Proc. Crypt. 1999, Springer-Verlag, 1999,431-448. doi: 10.1007/3-540-48405-1_28.
[5]	M. Bellare and A. Palacio, Protecting against key-exposure: strongly key-insulated encryption with optimal threshold, Appl. Algebra Engin. Commun. Comp., 16 (2006), 379-396. doi: 10.1007/s00200-005-0183-y.
[6]	M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in Proc. ACM CCS 1993, ACM, 1993, 62-73. doi: 10.1145/168588.168596.
[7]	M. Bellare and B. Yee, Forward security in private-key cryptography, in Proc. CT-RSA 2003, Springer-Verlag, 2003, 1-18. doi: 10.1007/3-540-36563-X_1.
[8]	D. Boneh and X. Boyen, Efficient selective-id identity based encryption without random oracles, in Proc. Eurocrypt. 2004, Springer-Verlag, 2004,223-238. doi: 10.1007/978-3-540-24676-3_14.
[9]	D. Boneh, X. Boyen and E. J. Goh, Hierarchical identity based encryption with constant size ciphertext, in Proc. Eurocrypt. 2005, Springer-Verlag, 2005,440-456. doi: 10.1007/11426639_26.
[10]	D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, in Proc. Crypt. 2001, Springer-Verlag, 2001,213-229. doi: 10.1007/3-540-44647-8_13.
[11]	X. Boyen, H. Shacham, E. Shen and B. Waters, Forward-secure signatures with untrusted update, in Proc. ACM CCS 2006, ACM, 2006,191-200. doi: 10.1145/1180405.1180430.
[12]	R. Canetti, O. Goldreich and S. Halevi, The random oracle methodology, revisited, ACM J., 51 (2004), 209-218. doi: 10.1145/1008731.1008734.
[13]	R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme, in Proc. Eurocrypt. 2003, Springer-Verlag, 2003,255-271. doi: 10.1007/3-540-39200-9_16.
[14]	R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme, Cryptology J., 30 (2007), 265-294. doi: 10.1007/s00145-006-0442-5.
[15]	L. Chen and Z. Cheng, Security proof of Sakai-Kasahar's identity-based encryption scheme, in Proc. Crypt. Coding 2005, Springer-Verlag, 2005,442-459. doi: 10.1007/11586821_29.
[16]	C. Cocks, An identity based encryption scheme based on quadratic residues, in Proc. Crypt. Coding 2001, Springer-Verlag, 2001,360-363. doi: 10.1007/3-540-45325-3_32.
[17]	W. Diffie, P. C. Van-Oorschot and M. J. Weiner, Authentication and authenticated key exchanges, Des. Codes Crypt., 2 (1992), 107-125. doi: 10.1007/BF00124891.
[18]	Y. Dodis, M. Franklin, J. Katz, A. Miyaji and M. Yung, Intrusion-resilient public-key encryption, in Proc. CT-RSA 2003, Springer-Verlag, 2003, 19-32. doi: 10.1007/3-540-36563-X_2.
[19]	Y. Dodis, J. Katz, S. Xu and M. Yung, Key-insulated public-key cryptosystems, in Proc. Eurocrypt. 2002, Springer-Verlag, 2002, 65-82. doi: 10.1007/3-540-46035-7_5.
[20]	C. Gentry, Practical identity-based encryption without random oracles, in Proc. Eurocrypt. 2006, Springer-Verlag, 2006,445-464. doi: 10.1007/11761679_27.
[21]	C. Gentry and A. Silverberg, Hierarchical ID-based cryptography, in Proc. Asiacrypt. 2002, Springer-Verlag, 2002,548-566. doi: 10.1007/3-540-36178-2_34.
[22]	C. G. Günther, An identity-based key-exchange protocol, in Proc. Eurocrypt. 1989, SpringerVerlag, 1990, 29-37.
[23]	G. Hanaoka, Y. Hanaoka and H. Imai, Parallel key-insulated public key encryption, in Proc. PKC 2006, Springer-Verlag, 2006,105-122. doi: 10.1007/11745853_8.
[24]	J. Horwitz and B. Lynn, Toward hierarchical identity-based encryption, in Proc. Eurocrypt. 2002, Springer-Verlag, 2002,466-481. doi: 10.1007/3-540-46035-7_31.
[25]	G. Itkis and L. Reyzin, Forward-secure signatures with optimal signing and verifying, in Proc. Crypt. 2001, Springer-Verlag, 2001,499-514. doi: 10.1007/3-540-44647-8_20.
[26]	G. Itkis and L. Reyzin, SiBIR: Signer-base intrusion-resilient signatures, in Proc. Crypt. 2002, Springer-Verlag, 2002,499-514. doi: 10.1007/3-540-45708-9_32.
[27]	E. Kiltz and Y. Vahlis, CCA2 secure IBE: standard model efficiency through authenticated symmetric encryption, in Proc. CT-RSA 2008, Springer-Verlag, 2008,221-238. doi: 10.1007/978-3-540-79263-5_14.
[28]	A. Kozlov and L. Reyzin, Forward-secure signatures with fast key update, in Proc. SCN 2002, Springer-Verlag, 2002,247-262. doi: 10.1007/3-540-36413-7_18.
[29]	H. Krawczyk, Simple forward-secure signatures from any signature scheme, in Proc. ACM CCS 2000, ACM, 2000,108-115. doi: 10.1145/352600.352617.
[30]	J. Li, F. Zhang and Y. Wang, A strong identity-based key-insulated cryptosystem, in Proc. EUC Workshops 2006, Springer-Verlag, 2006,352-361. doi: 10.1007/11807964_36.
[31]	B. Libert, J. Quisquater and M. Yung, Forward-secure signatures in untrusted update environments, in Proc. ACM CCS 2007, ACM, 2007,266-275. doi: 10.1145/1315245.1315279.
[32]	Y. Lu and J. G. Li, A practical forward-secure public-key encryption scheme, Networks J., 6 (2011), 1254-1261. doi: 10.4304/jnw.6.9.1254-1261.
[33]	Y. Lu and J. G. Li, Generic construction of forward-secure identity-based encryption, Computers J., 7 (2012), 3068-3074. doi: 10.4304/jcp.7.12.3068-3074.
[34]	Y. Lu and J. G. Li, New forward-secure public-key encryption without random oracles, Int. J. Comp. Math. , 90 (2013), 2603-2613. doi: 10.1080/00207160.2013.807915.
[35]	Y. Lu and J. G. Li, An improved certificateless strong key-insulated signature scheme in the standard model, Adv. Math. Commun., 9 (2015), 353-373. doi: 10.3934/amc.2015.9.353.
[36]	T. Malkin, D. Micciancio and S. K. Miner, Efficient generic forward-secure signatures with an unbounded number of time periods, in Proc. Eurocrypt. 2002, Springer-Verlag, 2002,400-417. doi: 10.1007/3-540-46035-7_27.
[37]	A. Shamir, Identity-based cryptosystems and signature schemes, in Proc. Crypt. 1984, Springer-Verlag, 1984, 47-53. doi: 10.1007/3-540-39568-7_5.
[38]	K. Singh and N. Trichy, Lattice forward-secure identity based encryption scheme, J. Internet Serv. Inf. Sec., 2 (2012), 118-128.
[39]	Z. Wan, X. Lai, J. Weng, S. Liu, Y. Long and X. Hong, Certificateless key-insulated signature without random oracles, J. Zhejiang Univ. Sci. A, 10 (2009), 1790-1800. doi: 10.1631/jzus.A0820714.
[40]	Z. Wan, X. Meng and X. Hong, Certificateless strong key-insulated signature without random oracles, J. Shanghai Jiaotong Univ. (Sci), 16 (2011), 571-576. doi: 10.1007/s12204-011-1191-7.
[41]	B. Waters, Efficient identity-based encryption without random oracles, in Proc. Eurocrypt. 2005, Springer-Verlag, 2005,114-127. doi: 10.1007/11426639_7.
[42]	J. Weng, X. Li, K. F. Chen and S. L. Liu, Identity-based parallel key-insulated encryption without random oracles, in Proc. Indocrypt. 2006, Springer-Verlag, 2006,409-423. doi: 10.1007/11941378_29.
[43]	J. Weng, S. L. Liu, K. F. Chen, D. Zheng and W. D. Qiu, Identity-based threshold keyinsulated encryption without random oracles, in Proc. CT-RSA 2008, Springer-Verlag, 2008,203-220. doi: 10.1007/978-3-540-79263-5_13.
[44]	H. Yang, S. Sun and H. Li, Forward-secure identity-based encryption scheme (in Chinese), J. Univ. Electr. Sci. Techn. China, 36 (2007), 534-537.
[45]	D. Yao, N. Fazio, Y. Dodis and A. Lysyanskaya, ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption, in Proc. ACM CCS 2004, ACM, 2004,354-363. doi: 10.1145/1030083.1030130.
[46]	J. Yu, R. Hao, H. Zhao, M. Shu and J. Fan, IRIBE: Intrusion-resilient identity-based encryption, Inf. Sci. , 329 (2016), 90-104. doi: 10.1016/j.ins.2015.09.020.
[47]	J. Yu, F. Y. Kong, X. G. Cheng, R. Hao and J. X. Fan, Forward-secure identity-based publickey encryption without random oracles, Fundam. Inf., 111 (2011), 241-256.
[48]	J. Yu, F. Y. Kong, X. G. Cheng, R. Hao and J. X. Fan, intrusion-resilient identity-based signature: security definition and construction, J. Syst. Softw., 85 (2012), 382-391. doi: 10.1016/j.jss.2011.08.034.
[49]	J. Yu, F. Y. Kong, X. G. Cheng, R. Hao and G. W. Li, Construction of yet another forwardsecure signature scheme using bilinear maps, in Proc. ProvSec 2008, Springer-Verlag, 2008, 83-97. doi: 10.1007/978-3-540-88733-1_6.