Receiver Selective Opening Chosen Ciphertext Secure Identity-Based Encryption

Abstract

In the situation where there are one sender and multiple receivers, a receiver selective opening (RSO) attack for an identity-based encryption (IBE) scheme considers adversaries that can corrupt some of the receivers and get their user secret keys and plaintexts. Security against RSO attacks for an IBE scheme ensures confidentiality of ciphertexts of uncorrupted receivers. In this paper, we formalize a definition of RSO security against chosen ciphertext attacks (RSO-CCA security) for IBE and propose the first RSO-CCA secure IBE schemes. More specifically, we construct an RSO-CCA secure IBE scheme based on an IND-ID-CPA secure IBE scheme and a non-interactive zero-knowledge proof system with unbounded simulation soundness and multi-theorem zero-knowledge. Through our generic construction, we obtain the first pairing-based and lattice-based RSO-CCA secure IBE schemes.