Key Dependent Message Security for Revocable Identity-Based Encryption and Identity-Based Encryption

Abstract

In a revocable identity-based encryption (RIBE) system, the private key and update key are generated separately and combined together to obtain the decryption key. Since the update key is distributed in a public channel, for each user, the private key and the decryption key are essential to his information security. Careless key management, e.g. full disk encryption may leak the encryption of the private key or decryption key, which actually needs to consider the key dependent message (KDM) security. However, previous research mainly focus on the KDM security of IBE and revocability separately and the KDM security for RIBE scheme is still unclear. In this paper, we consider the KDM security for RIBE schemes for the first time and investigate two KDM security models with respect to the private key and decryption key respectively. First, we present a generic construction of KDM-secure RIBE with the private key from any KDM-secure IBE and RIBE in the selective/adaptive chosen-identity model. Second, we construct a concrete KDM-secure RIBE scheme with the decryption key in the selective chosen-identity model from lattices under the polynomial modulus. As an independent interest, we also present an efficient lattice-based KDM-secure IBE scheme in the random oracle model. However, it is only secure in the single key setting in the quantum random oracle model.