Revocable Identity-based Encryption Research Articles

Revocable Identity-Based Cryptosystem Revisited: Security Models and Constructions

Boneh and Franklin gave a naive revocation method in identity-based encryption (IBE) which imposes a huge overhead into the key generation center. Later, Boldyreva, Goyal, and Kumar proposed an elegant way of achieving an IBE with efficient revocation, called revocable IBE (RIBE). In this paper, we revisit RIBE from the viewpoint of both security models and constructions. First, we introduce a realistic threat, which we call decryption key exposure, and show that all prior RIBE constructions, except the Boneh-Franklin one, are vulnerable to decryption key exposure. Next, we propose the first scalable RIBE scheme with decryption key exposure resistance by combining the (adaptively secure) Waters IBE scheme and the (selectively secure) Boneh-Boyen IBE scheme, and show that our RIBE scheme is more efficient than all previous adaptively secure scalable RIBE schemes. In addition, we extend our interest into identity-based signatures; we introduce a new security definition of revocable identity-based signature (RIBS) with signing key exposure resistance, and propose the first scalable RIBS scheme based on the Paterson-Schuldt IBS. Finally, we provide implementation results of our schemes to adduce the feasibility of our schemes.

Revocable hierarchical identity-based encryption

In practice, revocation functionality is indispensable to the public key cryptosystems since there are threats of leaking a secret key by hacking or legal situation of expiration of contract for using system. In the public key infrastructure setting, numerous solutions have been proposed, and in the Identity Based Encryption (IBE) setting, a recent series of papers proposed revocable IBE schemes. Delegation of key generation is also an important functionality in cryptography from a practical standpoint since it allows reduction of excessive workload for a single key generation authority. Although efficient solutions for either revocation or delegation of key generation in IBE systems have been proposed, an important open problem is efficiently delegating both the key generation and revocation functionalities in IBE systems. Even if the goal is very natural, there are some obstacles to achieve both functionalities at the same time. Libert and Vergnaud, for instance, left this as an open problem in their CT-RSA 2009 paper. In this paper, we propose the first efficient solution for this problem. We prove the selective-ID security of our proposal under the Decisional Bilinear Diffie–Hellman assumption in the standard model.

Efficient Revocable ID-Based Encryption with a Public Channel

Over the last few years, identity (ID)-based encryption (IBE) without requiring certificate management offers a practical alternative to public key encryption. However, how to revoke misbehaving/compromised identities in ID-based public key setting becomes a new and critical issue. In the past, there was little work on studying this revocation problem. In 2008, Boldyreva et al. proposed a revocable IBE (RIBE) and its associated revocation solution that used a binary tree structure to reduce the authority's periodic workload in Boneh and Franklin's IBE. However, Boldyreva et al.'s RIBE raised enormous computation costs for encryption and decryption procedures. Both IBEs require a secure channel between each user and the authority to transmit user's periodic private keys, thus the authority and each user need to encrypt and decrypt the private keys for each period. In this article, we present an efficient RIBE with a public channel, which provides a practical alternative to the previously proposed revocation solutions, while it remains efficient for encryption and decryption. Under the bilinear Diffie–Hellman assumption, we demonstrate that our RIBE with a public channel is semantically secure against adaptive chosen plaintext attacks and adaptive chosen ciphertext attacks.