Hierarchical Identity-based Encryption Research Articles

A unified framework of identity-based sequential aggregate signatures from 2-level HIBE schemes

Identity-based sequential aggregate signature (IBSAS for short) schemes, introduced by Boldyreva et al. [CCS 2007], allow a large quantity of signers to generate one signature sequentially, in which these messages as well as their order can be attested by employing their identities. In such a scheme, storage space and bandwidth overhead can be reduced. To our best knowledge, though many concrete IBSAS schemes have been constructed in literature, none of them is constructed under a standard computational hardness assumption and unforgeable under the standard model. The problem of how to construct such schemes is still open. Latterly, Gentry et al. [PKC 2018] proposed a unified construction of SAS (i.e., abbreviated form of sequential aggregate signature) schemes by employing trapdoor permutation and ideal ciphers. Motivated by the above problem and hints, here we study how to construct IBSAS schemes in a new unified perspective. By employing 2-level HIBE (i.e., abbreviated form of hierarchical identity-based encryption) schemes, we present unified construction of IBSAS schemes and give a rigorous proof of their unforgeability. The unified construction is then instantiated to get a concrete IBSAS scheme, which has existential unforgeability under the standard model using a standard computational hardness assumption (i.e., the CDH assumption). An extra fruit is that it can be used to construct an existentially unforgeable IBSAS scheme using the Learning with Errors problem, which is constructed under a lattice hardness assumption for the first time. In the end, we show a detailed performance comparison among our schemes and previous ones.

Public key encryption with equality test in the standard model

Public key encryption with equality test (PKEET) is a cryptosystem that allows a tester who has trapdoors issued by one or more users Ui to perform equality tests on ciphertexts encrypted using public key(s) of Ui. Since this feature has a lot of practical applications including search on encrypted data, several PKEET schemes have been proposed so far. However, to the best of our knowledge, all the existing proposals are proven secure only under the hardness of number-theoretic problems and/or the random oracle heuristics.In this paper, we show that this primitive can be achieved not only generically from well-established other primitives but also even without relying on the random oracle heuristics. More precisely, our generic construction for PKEET employs a two-level hierarchical identity-based encryption scheme, which is selectively secure against chosen plaintext attacks, a strongly unforgeable one-time signature scheme and a cryptographic hash function. Our generic approach toward PKEET has several advantages over all the previous works; it directly leads the first standard model construction and also directly implies the first lattice-based construction. Finally, we show how to extend our approach to the identity-based setting.

Lattice-based revocable (hierarchical) IBE with decryption key exposure resistance

Revocable identity-based encryption (RIBE) is an extension of IBE that supports a key revocation mechanism, which is an indispensable feature for practical cryptographic schemes. Due to this extra feature, RIBE is often required to satisfy a strong security notion unique to the revocation setting called decryption key exposure resistance (DKER). Additionally, hierarchal IBE (HIBE) is another orthogonal extension of IBE that supports key delegation functionalities allowing for scalable deployments of cryptographic schemes. So far, R(H)IBE constructions with DKER are only known from bilinear maps, where all constructions rely heavily on the so-called key re-randomization property to achieve the DKER and/or hierarchal feature. Since lattice-based schemes seem to be inherently ill-fit with the key re-randomization property, no construction of lattice-based R(H)IBE schemes with DKER are known.In this paper, we propose the first lattice-based RHIBE scheme with DKER without relying on the key re-randomization property, departing from all the previously known methods. We start our work by providing a generic construction of RIBE schemes with DKER, which uses as building blocks any two-level standard HIBE scheme and (weak) RIBE scheme without DKER. Based on previous lattice-based RIBE constructions without DKER, our result implies the first lattice-based RIBE scheme with DKER. Then, building on top of our generic construction, we construct the first lattice-based RHIBE scheme with DKER, by further exploiting the algebraic structure of lattices. To this end, we prepare a new tool called the level conversion keys, which enables us to achieve the hierarchal feature without relying on the key re-randomization property. In this full version, we give the formal proofs of our proposed schemes.

Efficient Hierarchical Identity-Based Encryption System for Internet of Things Infrastructure

Security is a main concern for the Internet of Things (IoT) infrastructure as large volumes of data are collected and processed in the systems. Due to the limited resources of interconnected sensors and devices in the IoT systems, efficiency is one of the key considerations when deploying security solutions (e.g., symmetric/asymmetric encryption, authentication, etc.) in IoT. In this paper, we present an efficient Hierarchical Identity-Based Encryption (HIBE) system with short parameters for protecting data confidentiality in distributed IoT infrastructure. Our proposed HIBE system has the public parameters, private key, and ciphertext, each consisting of a constant number of group elements. We prove the full security of the HIBE system in the standard model using the dual system encryption technique. We also implement the proposed scheme and compare the performance with the original Lewko–Waters HIBE. To the best of our knowledge, our construction is the first HIBE system that achieves both full security in the standard model and short parameters in terms of the public parameters, private key, and ciphertext.

Leakage-Resilient Hierarchical Identity-Based Encryption with Recipient Anonymity

As a promising public key cryptographic primitive, hierarchical identity-based encryption (HIBE) introduces key delegation mechanisms into identity-based encryption. However, key leakage and recipient anonymity issues have not been adequately addressed in HIBE. Hence, direct applications of traditional HIBE schemes will violate data security and abuse users’ privacy in practice. In this paper, we propose an anonymous unbounded hierarchical identity-based encryption scheme, which achieves bounded leakage resilience and the hierarchy depth is not limited. Our security proofs based on the dual system encryption technique show that the proposed scheme is capable of resisting key leakage and it realizes recipient anonymity in the standard model. In addition, leakage resilience analysis indicates that our scheme allows the leakage rate of approximate 1/3 no matter the hierarchy depth of identities. Finally, performance comparisons show the practicability of our scheme. In particular, the secret key of our construction is of a fixed-length.

Public key encryption with equality test from generic assumptions in the random oracle model

Public key encryption with equality test (PKEET) is a variant of classical public key encryption (PKE) with the special functionality of an equality test, and can be used in many applications such as in keyword search on encrypted data and for efficient management by partitioning encrypted data in the cloud. Since the original proposal of Yang et al. (CT-RSA, 2010), several subsequent proposals to improve the efficiency or functionality of PKEET have been reported.We present a PKEET construction from generic assumptions in the random oracle model. In particular, whereas previous results require number-theoretic assumptions or strictly stronger generic assumptions such as the existence of secure hierarchical identity-based encryption, our proposal requires only the existence of cryptographic hash functions and secure PKE schemes satisfying a special property, called randomness extractability. Informally, randomness extractability means that one can recover the randomness used in a ciphertext when given a secret key corresponding to a public key for the ciphertext. We investigate the fact that PKE schemes satisfying this property can be designed by the Fujisaki-Okamoto (FO) transformation, which is the widely utilized method to obtain secure PKE schemes from basic cryptographic primitives in the random oracle model. As a result, in combination with the FO transformation, we obtain a PKEET construction in the random oracle model if there exist a one-way PKE scheme, a one-time secure symmetric key encryption scheme, collision-resistant and one-way hash functions, and a pseudorandom function. In this sense, we remark that our PKEET construction is derived from fundamental generic assumptions only.

Enhanced TBAHIBE-LBKQS techniques for privacy preservation in cloud

In recent days, providing security to the data stored in cloud is an important and challenging task. The existing works have some drawbacks such as, high cost, required more amount of time for execution and low level security. So, this paper proposes novel techniques such as, tiered blind and anonymous hierarchical identity-based encryption (TBAHIBE) and location-based keyword query search (LBKQS) for privacy preservation. In this work, the privacy is provided to the medical data stored in the electronic health record (EHR). Here, the medical data of the egg and sperm donor, receptor, doctor and lab technician are stored in an encrypted format by using the proposed TBAHIBE technique. Then, the location-based search is enabled based on the keyword and query. The experimental results evaluate the performance in terms of computation cost, communication cost, query evaluation, encryption time, decryption time and key generation time.

Time and Attribute Based Dual Access Control and Data Integrity Verifiable Scheme in Cloud Computing Applications

In the era of big data, cloud-based industrial applications can provide available and convenient data access for resource-constrained smart devices. Attribute-based encryption can be used to ensure data security while providing fine-grained data access. However, current attribute-based encryption schemes rarely consider the access control of time, and the integrity verification of data simultaneously. In response to the above two problems, we propose a time and attribute based dual access control and data integrity verifiable scheme in cloud computing applications (DCDV). Firstly, a hierarchical time tree is introduced in the attribute-based encryption technology by using of hierarchical identity-based encryption technology to set an effective access time period and a specified decryptable time period for the user’s attributes key and encrypted data separately. The decryption operation can only be performed if the attribute set of user satisfies the data owner’s access policy and the effective access time period of the user’s attributes key completely covered the decryption time period set by the data owner. In this way, the data is dual controlled with time and attributes to solve the problem of privacy data leakage caused by private key leakage. Secondly, by using of the inverted index and Merkle hash tree, the data verification tree is designed. The data user can verify the integrity of the ciphertext data returned by the cloud server without decryption, which solves the problem that the cloud server may delete or modify the data. Finally, the security proof and efficiency analysis show that our scheme is secure and practical.

Enhanced TBAHIBE-LBKQS techniques for privacy preservation in cloud

In recent days, providing security to the data stored in cloud is an important and challenging task. The existing works have some drawbacks such as, high cost, required more amount of time for execution and low level security. So, this paper proposes novel techniques such as, tiered blind and anonymous hierarchical identity-based encryption (TBAHIBE) and location-based keyword query search (LBKQS) for privacy preservation. In this work, the privacy is provided to the medical data stored in the electronic health record (EHR). Here, the medical data of the egg and sperm donor, receptor, doctor and lab technician are stored in an encrypted format by using the proposed TBAHIBE technique. Then, the location-based search is enabled based on the keyword and query. The experimental results evaluate the performance in terms of computation cost, communication cost, query evaluation, encryption time, decryption time and key generation time.

Implementation of Algorithms for Identity Based Encryption and Decryption

Identity-based cryptosystems were introduced to overcome one of the main problems in public key encryption, the generation of public and private keys. In the identity-based cryptosystem, an identifier such as an e-mail address of a user can be used to generate public and private keys by a trusted third party. The trusted third party uses a system-wide master secret to provide private keys to a user. Identity-based cryptosystems can be constructed using the idea of pairings. This article discusses four different identity-based cryptosystems: the Boneh-Franklin scheme, the Cock's scheme, the Authenticated IBE scheme and the Hierarchical IBE scheme. This article also discusses the security notions considered for the identity-based cryptosystem. The security notions considered are: one-wayness, indistinguishability, semantic security and non-malleability. An architecture consisting of a public parameter server and private key generator for the implementation of the identity-based cryptosystems is also discussed.

Cryptanalysis of a Compact Anonymous HIBE with Constant Size Private Keys

AbstractRecently, Zhang et al. proposed a new anonymous hierarchical identity-based encryption (anonymous HIBE) over prime order groups to achieve both constant size private key and constant size ciphertext. Moreover, a double exponent technique was used to provide anonymity. They proved that their scheme is secure and anonymous against chosen plaintext attacks in the standard model. In this paper, we point out that their scheme is insecure.

Efficient public key encryption with equality test in the standard model

Public key encryption with equality test (PKEET) is a special kind of public encryption scheme (PKE) that allows a tester to perform equality tests on ciphertexts generated by different public keys as well as the same public key. This feature enables us to apply PKEET to various scenarios in practice, such as efficient data management on encrypted databases and spam filtering in encrypted email systems. From these reasons, since Yang et al. [1] first proposed the concept of PKEET, there have been proposed many PKEET schemes to improve efficiency or to enhance functionalities. However, to the best of our knowledge, almost all existing schemes were presented under assuming the existence of random oracles, except for generic construction proposed by Lee et al. On the other hand, their generic approach for PKEET employs a 2-level hierarchical identity-based encryption and a strongly unforgeable one-time signature, which suffers from low efficiency.In this paper, we propose an efficient PKEET scheme under a specific cryptographic assumption in the standard model. To this end, we first encrypt a message and its hash value in a parallel way by following the recently proposed strategy. Then, to prevent adaptive chosen ciphertext attacks (CCA2), we give a link between them by adapting the technique which was originally proposed for identity-based encryption and previously exploited to design efficient CCA2-secure PKE schemes. We show that our proposed construction satisfies formal security requirements for PKEET under the decisional bilinear Diffie–Hellman (DBDH) assumption in the standard model. As a result, we obtain a new PKEET scheme which has shorter ciphertext and trapdoor sizes, and improves computational costs for encryption, decryption, and test algorithms, by about 60%, 77%, and 66%, respectively, compared to a PKEET instantiation obtained by the prior generic framework.

A Secure and Privacy-Aware Smart Health System with Secret Key Leakage Resilience

With the development of the smart health (s-health), data security and patient privacy are becoming more and more important. However, some traditional cryptographic schemes can not guarantee data security and patient privacy under various forms of leakage attacks. To prevent the adversary from capturing the part of private keys by leakage attacks, we propose a secure leakage-resilient s-health system which realizes privacy protection and the safe transmission of medical information in the case of leakage attacks. The key technique is a promising public key cryptographic primitive called leakage-resilient anonymous Hierarchical Identity-Based Encryption. Our construction is proved to be secure against chosen plaintext attacks in the standard model under the Diffie-Hellman exponent assumption and decisional linear assumption. We also blind the public parameters and ciphertexts by using double exponent technique to achieve the recipient anonymity. Finally, the performance analysis shows the practicability of our scheme, and the leakage rate of the private key approximates to 1/6.

Unbounded and revocable hierarchical identity-based encryption with adaptive security, decryption key exposure resistant, and short public parameters.

Revocation functionality and hierarchy key delegation are two necessary and crucial requirements to identity-based cryptosystems. Revocable hierarchical identity-based encryption (RHIBE) has attracted a lot of attention in recent years, many RHIBE schemes have been proposed but shown to be either insecure or bounded where they have to fix the maximum hierarchical depth of RHIBE at setup. In this paper, we propose a new unbounded RHIBE scheme with decryption key exposure resilience and with short public system parameters, and prove our RHIBE scheme to be adaptively secure. Our system model is scalable inherently to accommodate more levels of user adaptively with no adding workload or restarting the system. By carefully designing the hybrid games, we overcome the subtle obstacle in applying the dual system encryption methodology for the unbounded and revocable HIBE. To the best of our knowledge, this is the first construction of adaptively secure unbounded RHIBE scheme.

Identifier discrimination: realizing selective-ID HIBE with authorized delegation and dedicated encryption privacy

It has been almost one and a half decades since the introduction of the concept of hierarchical identity-based encryption (HIBE) systems, and many pairing-based HIBE systems have been proposed; however, how to achieve independent private key delegation in HIBE systems is still open. Independent private key delegation in HIBE systems requires that the following three conditions are satisfied: (1) private keys are not valid delegation credentials for deriving descendants’ private keys, (2) any entity intending to derive a private key for any one of its descendants should own a valid delegation credential distributed by the root private key generator (PKG), and (3) a credential is only valid for deriving private keys for a given descendant. We present a new technique for composing private keys for entities in HIBE systems that we call identifier discrimination, aiming at resolving the problem of independent private key delegation. With the technique, we construct a selective identity secure HIBE system under the decisional bilinear Diffie–Hellman (DBDH) assumption in the standard model with the following properties. (1) Every entity in the HIBE system is prevented from deriving private keys for its descendants with the only use of its private key and the public parameters. (2) The root PKG can delegate the privilege (if needed) of generating private keys for each individual entity to any of its ancestors through authorization that we call authorized delegation, by distributing a specifically crafted secret (delegation credential) to the ancestor. (3) The encryption privacy of each ciphertext for its intended recipient is achieved, that is, ciphertexts encrypted on identity of any entity cannot be decrypted by any of its ancestors that we call dedicated encryption privacy.

Revocable hierarchical identity-based encryption with shorter private keys and update keys

Revocable hierarchical identity-based encryption (RHIBE) is an extension of HIBE that supports the revocation of user’s private keys to manage the dynamic credentials of users in a system. Many different RHIBE schemes were proposed previously, but they are not efficient in terms of the private key size and the update key size since the depth of a hierarchical identity is included as a multiplicative factor. In this paper, we propose efficient RHIBE schemes with shorter private keys and update keys and small public parameters by removing this multiplicative factor. To achieve our goals, we first present a new HIBE scheme with the different generation of private keys such that a private key can be simply derived from a short intermediate private key. Next, we show that two efficient RHIBE schemes can be built by combining our HIBE scheme, an IBE scheme, and a tree based broadcast encryption scheme in a modular way.

Analysis of hierarchical identity based encryption schemes and its applicability to computing environments

Hierarchical Identity Based Encryption (HIBE) enhances the scalability of Identity based encryption scheme, by sharing the workload of the root Private Key Generator (PKG) among multiple lower-level PKGs, facilitating intermediate key escrows and private key delegation. Owing to its structure, HIBE can be deployed to provide access control in cloud, pervasive computing systems, wireless sensor networks and Massively Multiplayer Online Role-Playing Games (MMORPGs). Additionally, HIBE can be used to perform search on encrypted data, forward secure encryption, fully private communication, limited delegation and damage control. This paper evaluates different approaches in the construction of HIBE protocols to determine practical frameworks. Specific criterions like cryptographic proof models, tightness of the reduction, recipient anonymity, hardness assumptions, bounded depth, revocability, types of pairing and ciphertext indistinguishability properties, were used as benchmarks for assessing each scheme. The efficiency in terms of storage and computation overhead, was estimated to identify suitable protocols for securing different computing environments. The future prospective applications of HIBE protocols were also investigated.

Efficient revocable hierarchical identity-based encryption using cryptographic accumulators

Hierarchical identity-based encryption is an important extension from IBE and has found many applications in the network world. Private key revocation is a crucial requirement for any public key system. In this paper, we propose a novel revocation method for the hierarchical identity-based encryption. Existing revocable hierarchical identity-based encryption schemes have several disadvantages: the key update size increases logarithmically with the number of users in the system, the public information of key update received by each user is different and always related to the level of the identity hierarchy and the security proof of the revocable scheme is very complex. In our scheme, cryptographic accumulators are used to compress hierarchical levels and revoked users’ information into constant values. So we achieve almost constant size of private key update which is irrelevant with the user number in the system. Because of the compression of hierarchical information we can use simple dual system encryption techniques to prove our scheme to be fully secure under several common assumptions without resorting to complex nested dual system encryption techniques.

Tightly CCA-secure identity-based encryption with ciphertext pseudorandomness

Affine message authentication code (MAC) and delegatable affine MAC turn out to be useful tools for constructing identity-based encryption (IBE) and hierarchical IBE (HIBE), as shown in Blazy, Kiltz and Pan’s (BKP) creative work in CRYPTO (2014). An important result obtained by BKP is IBE of tight PR-ID-CPA security, i.e., tight IND-ID-CPA security together with ciphertext pseudorandomness (PR). However, the problem of designing tightly PR-ID-CCA2 secure IBE remains open. We note that the CHK transformation does not preserve ciphertext pseudorandomness when converting IND-ID-CPA secure 2-level HIBE to IND-ID-CCA2 secure IBE. In this paper, we solve this problem with a new approach. We introduce a new concept called De-randomized delegatable affine MAC and define for it weak APR-CMA security. We construct such a MAC with a tight security reduction to the Matrix DDH assumption, which includes the k-Linear and DDH assumptions. We present a paradigm for constructing PR-ID-CCA2 secure IBE, which enjoys both ciphertext pseudorandomness and IND-ID-CCA2 security, from De-randomized delegatable affine MAC and Chameleon hashing. The security reduction is tightness preserving. It provides another approach to IND-ID-CCA2 security besides the CHK transformation. By instantiating the paradigm with our specific De-randomized delegatable affine MAC, we obtain the first IBE of tight PR-ID-CCA2 security from the Matrix DDH assumption over pairing groups of prime order. Our IBE also serves as the first tightly IND-ID-CCA2 secure IBE with anonymous recipient (ANON-ID-CCA2) from the Matrix DDH assumption. Our IBE further implies the first tightly IND-ID-CCA2 secure extractable IBE based on the Matrix DDH assumption. The latter can be used to get IBE of simulation-based selective opening CCA2 (SIM-SO-CCA2) security (due to Lai et al. in EUROCRYPT, 2014). The tight security of our IBE leads to a tighter reduction of the SIM-SO-CCA2 security.

Anonymous hierarchical identity-based encryption with bounded leakage resilience and its application

Hierarchical identity-based encryption can be used to protect the sensitive data in cloud system. However, as the traditional security model does not capture side-channel attacks, many hierarchical identity-based encryption schemes do not resist this kind of attack, which can exploit various forms of unintended information leakage. Inspired by these, leakage-resilience cryptography formalises some models of side-channel attacks. In this paper, we consider the memory leakage resilience in anonymous hierarchical identity-based encryption schemes. By applying Lewko et al.'s tools, we construct a master key leakage-resilient anonymous hierarchical identity-based encryption scheme based on dual system encryption techniques. As an interesting application of our scheme, we consider security for public-key encryption with multi-keyword ranked search (PEMKRS) in the presence of secret key leakage in the trapdoor generation algorithm, and provide a generic construction of leakage-resilient secure PEMKRS from a master key leakage-resilient anonymous hierarchical identity-based encryption scheme.