Towards anonymous ciphertext indistinguishability with identity leakage

Tsz Hon Yuen, Cong Zhang, Sherman Sze-Ming Chow, Joseph K Liu

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Key escrow is a major drawback of identity-based encryption (IBE). The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user s identity. This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user s identity. Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009. An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret s shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide. The notion of ACI crucially relies on the privacy of user s identity in the eyes of the KGC. The only privacy leakage allowed in Chow s model is via querying an embedded-identity encryption oracle. In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient s identity. We also give a generic construction on how to achieve this notion when the identity has enough entropy.
Original languageEnglish
Title of host publication7th International Conference on Provable Security (ProvSec 2013)
EditorsWilly Susilo, Reza Reyhanitabar
Place of PublicationHeidelberg Germany
PublisherSpringer
Pages139 - 153
Number of pages15
Volume8209
ISBN (Print)9783642412264
DOIs
Publication statusPublished - 2013
Externally publishedYes
EventInternational Conference on Provable Security, 2013 - Melaka, Malaysia
Duration: 1 Jan 2013 → …

Conference

ConferenceInternational Conference on Provable Security, 2013
CountryMalaysia
CityMelaka
Period1/01/13 → …

Cite this

Yuen, T. H., Zhang, C., Chow, S. S-M., & Liu, J. K. (2013). Towards anonymous ciphertext indistinguishability with identity leakage. In W. Susilo, & R. Reyhanitabar (Eds.), 7th International Conference on Provable Security (ProvSec 2013) (Vol. 8209, pp. 139 - 153). Heidelberg Germany: Springer. https://doi.org/10.1007/978-3-642-41227-1_8
Yuen, Tsz Hon ; Zhang, Cong ; Chow, Sherman Sze-Ming ; Liu, Joseph K. / Towards anonymous ciphertext indistinguishability with identity leakage. 7th International Conference on Provable Security (ProvSec 2013). editor / Willy Susilo ; Reza Reyhanitabar. Vol. 8209 Heidelberg Germany : Springer, 2013. pp. 139 - 153
@inproceedings{0441c64501e34a76a815c9cc90de0b7d,
title = "Towards anonymous ciphertext indistinguishability with identity leakage",
abstract = "Key escrow is a major drawback of identity-based encryption (IBE). The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user s identity. This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user s identity. Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009. An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret s shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide. The notion of ACI crucially relies on the privacy of user s identity in the eyes of the KGC. The only privacy leakage allowed in Chow s model is via querying an embedded-identity encryption oracle. In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient s identity. We also give a generic construction on how to achieve this notion when the identity has enough entropy.",
author = "Yuen, {Tsz Hon} and Cong Zhang and Chow, {Sherman Sze-Ming} and Liu, {Joseph K}",
year = "2013",
doi = "10.1007/978-3-642-41227-1_8",
language = "English",
isbn = "9783642412264",
volume = "8209",
pages = "139 -- 153",
editor = "Willy Susilo and Reza Reyhanitabar",
booktitle = "7th International Conference on Provable Security (ProvSec 2013)",
publisher = "Springer",

}

Yuen, TH, Zhang, C, Chow, SS-M & Liu, JK 2013, Towards anonymous ciphertext indistinguishability with identity leakage. in W Susilo & R Reyhanitabar (eds), 7th International Conference on Provable Security (ProvSec 2013). vol. 8209, Springer, Heidelberg Germany, pp. 139 - 153, International Conference on Provable Security, 2013, Melaka, Malaysia, 1/01/13. https://doi.org/10.1007/978-3-642-41227-1_8

Towards anonymous ciphertext indistinguishability with identity leakage. / Yuen, Tsz Hon; Zhang, Cong; Chow, Sherman Sze-Ming; Liu, Joseph K.

7th International Conference on Provable Security (ProvSec 2013). ed. / Willy Susilo; Reza Reyhanitabar. Vol. 8209 Heidelberg Germany : Springer, 2013. p. 139 - 153.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - Towards anonymous ciphertext indistinguishability with identity leakage

AU - Yuen, Tsz Hon

AU - Zhang, Cong

AU - Chow, Sherman Sze-Ming

AU - Liu, Joseph K

PY - 2013

Y1 - 2013

N2 - Key escrow is a major drawback of identity-based encryption (IBE). The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user s identity. This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user s identity. Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009. An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret s shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide. The notion of ACI crucially relies on the privacy of user s identity in the eyes of the KGC. The only privacy leakage allowed in Chow s model is via querying an embedded-identity encryption oracle. In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient s identity. We also give a generic construction on how to achieve this notion when the identity has enough entropy.

AB - Key escrow is a major drawback of identity-based encryption (IBE). The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user s identity. This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user s identity. Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009. An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret s shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide. The notion of ACI crucially relies on the privacy of user s identity in the eyes of the KGC. The only privacy leakage allowed in Chow s model is via querying an embedded-identity encryption oracle. In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient s identity. We also give a generic construction on how to achieve this notion when the identity has enough entropy.

UR - http://goo.gl/tLwi9t

U2 - 10.1007/978-3-642-41227-1_8

DO - 10.1007/978-3-642-41227-1_8

M3 - Conference Paper

SN - 9783642412264

VL - 8209

SP - 139

EP - 153

BT - 7th International Conference on Provable Security (ProvSec 2013)

A2 - Susilo, Willy

A2 - Reyhanitabar, Reza

PB - Springer

CY - Heidelberg Germany

ER -

Yuen TH, Zhang C, Chow SS-M, Liu JK. Towards anonymous ciphertext indistinguishability with identity leakage. In Susilo W, Reyhanitabar R, editors, 7th International Conference on Provable Security (ProvSec 2013). Vol. 8209. Heidelberg Germany: Springer. 2013. p. 139 - 153 https://doi.org/10.1007/978-3-642-41227-1_8