Revocable Identity-Based Encryption from the Computational Diffie-Hellman Problem

Abstract

An Identity-based encryption (IBE) simplifies key management by taking users’ identities as public keys. However, how to dynamically revoke users in an IBE scheme is not a trivial problem. To solve this problem, IBE scheme with revocation (namely revocable IBE scheme) has been proposed. Apart from those lattice-based IBE, most of the existing schemes are based on decisional assumptions over pairing-groups. In this paper, we propose a revocable IBE scheme based on a weaker assumption, namely Computational Diffie-Hellman (CDH) assumption over non-pairing groups. Our revocable IBE scheme was inspired by the IBE scheme proposed by Dottling and Garg in Crypto2017. Like Dottling and Garg’s IBE scheme, the key authority maintains a complete binary tree where every user is assigned to a leaf node. To adapt such an IBE scheme to a revocable IBE, we update the nodes along the paths of the revoked users in each time slot. Upon this updating, all revoked users are forced to be equipped with new encryption keys but without decryption keys, thus they are unable to perform decryption any more. We proved that our revocable IBE is adaptive IND-ID-CPA secure in the standard model. Our scheme serves as the first revocable IBE scheme from the CDH assumption. Moreover, the size of updating key in each time slot is only related to the number of newly revoked users in the past time slot.