TY - JOUR
T1 - Revocable identity-based encryption and server-aided revocable ibe from the computational diffie-hellman assumption
AU - Hu, Ziyuan
AU - Liu, Shengli
AU - Chen, Kefei
AU - Liu, Joseph K.
N1 - Funding Information:
Ziyuan Hu and Shengli Liu were supported by the National Natural Science Foundation of China (NSFC Grant No. 61672346). Kefei Chen was supported by National Key R&D Program of China (Grant No. 2017YFB0802000), NSFC (Grant No. U1705264) and (Grant No. 61472114).
Publisher Copyright:
© 2018 by the authors. Licensee MDPI, Basel, Switzerland.
PY - 2018/10/23
Y1 - 2018/10/23
N2 - An Identity-based encryption (IBE) simplifies key management by taking users’ identities as public keys. However, how to dynamically revoke users in an IBE scheme is not a trivial problem. To solve this problem, IBE scheme with revocation (namely revocable IBE scheme) has been proposed. Apart from those lattice-based IBE, most of the existing schemes are based on decisional assumptions over pairing-groups. In this paper, we propose a revocable IBE scheme based on a weaker assumption, namely Computational Diffie-Hellman (CDH) assumption over non-pairing groups. Our revocable IBE scheme is inspired by the IBE scheme proposed by Döttling and Garg in Crypto2017. Like Döttling and Garg’s IBE scheme, the key authority maintains a complete binary tree where every user is assigned to a leaf node. To adapt such an IBE scheme to a revocable IBE, we update the nodes along the paths of the revoked users in each time slot. Upon this updating, all revoked users are forced to be equipped with new encryption keys but without decryption keys, thus they are unable to perform decryption any more. We prove that our revocable IBE is adaptive IND-ID-CPA secure in the standard model. Our scheme serves as the first revocable IBE scheme from the CDH assumption. Moreover, we extend our scheme to support Decryption Key Exposure Resistance (DKER) and also propose a server-aided revocable IBE to decrease the decryption workload of the receiver. In our schemes, the size of updating key in each time slot is only related to the number of newly revoked users in the past time slot.
AB - An Identity-based encryption (IBE) simplifies key management by taking users’ identities as public keys. However, how to dynamically revoke users in an IBE scheme is not a trivial problem. To solve this problem, IBE scheme with revocation (namely revocable IBE scheme) has been proposed. Apart from those lattice-based IBE, most of the existing schemes are based on decisional assumptions over pairing-groups. In this paper, we propose a revocable IBE scheme based on a weaker assumption, namely Computational Diffie-Hellman (CDH) assumption over non-pairing groups. Our revocable IBE scheme is inspired by the IBE scheme proposed by Döttling and Garg in Crypto2017. Like Döttling and Garg’s IBE scheme, the key authority maintains a complete binary tree where every user is assigned to a leaf node. To adapt such an IBE scheme to a revocable IBE, we update the nodes along the paths of the revoked users in each time slot. Upon this updating, all revoked users are forced to be equipped with new encryption keys but without decryption keys, thus they are unable to perform decryption any more. We prove that our revocable IBE is adaptive IND-ID-CPA secure in the standard model. Our scheme serves as the first revocable IBE scheme from the CDH assumption. Moreover, we extend our scheme to support Decryption Key Exposure Resistance (DKER) and also propose a server-aided revocable IBE to decrease the decryption workload of the receiver. In our schemes, the size of updating key in each time slot is only related to the number of newly revoked users in the past time slot.
KW - CDH assumption
KW - Revocable identity-based encryption
KW - Server-aided revocable identity-based encryption
UR - http://www.scopus.com/inward/record.url?scp=85076949109&partnerID=8YFLogxK
U2 - 10.3390/cryptography2040033
DO - 10.3390/cryptography2040033
M3 - Article
AN - SCOPUS:85076949109
SN - 2410-387X
VL - 2
SP - 1
EP - 35
JO - Cryptography
JF - Cryptography
IS - 4
M1 - 33
ER -