Adaptively Secure Efficient (H)IBE over Ideal Lattice with Short Parameters
Abstract
:1. Introduction
2. Preliminaries
2.1. IBE and Hierarchical IBE
2.2. Integer Lattice and Ideal Lattice
2.3. Trapdoors on Lattice
2.4. Sampling Algorithms
Algorithm 1 SampleLeft. |
|
Algorithm 2 SampleRight. |
|
3. Adaptively Secure IBE
3.1. The IBE Construction
- Run , , where is a vector in with a trapdoor ;
- Select uniformly random vectors , and these vectors are used to form the public parameters;
- Select a uniformly random polynomial ;
- Output the public parameters and master key .
- Set and . They are used to generate the private key;
- Run , where is a vector in ;
- Output the private key .
- Set and . They are used to generate the ciphertext;
- Select a uniformly random polynomial ;
- Select matrices in which consist of uniformly random polynomials with coefficient . Define and its coefficients are in ;
- Select noise polynomial , noise vector and set ;
- Set , and ;
- Output the ciphertext .
- Compute , and denotes the coefficient of w;
- Compare and treating them as integer in Z, if , output 1, otherwise output 0.
3.2. Parameters and Correctness
- the error term is less than ,
- that algorithm TrapGen can operate ,
- that is sufficiently large for sampling algorithm(i.e., ),
- that reduction applies (i.e., the number of private key queries ).
3.3. Security Proof
- Abort check [18]: For , the game proceeds normally if and . Otherwise, it resets and aborts the game. However, the game proceeds normally in the adversary’s view.
- Construct random vector with RLWE samples. For , the i-th column of is .
- Let the random polynomial be the 0-th RLWE sample.
- Construct vectors and as in Game 3.
- Send public parameters to adversary .
- Set with the RLWE instance.
- Let to blind the message bit.
- Set and .
- Choose a random bit . If , set . Otherwise, select a random element in . Then, send challenge ciphertext to adversary.
4. Adaptively Secure HIBE
4.1. The HIBE Construction
- Run , , where is a vector in with a trapdoor ;
- Choose random vectors , and these vectors are used to form the public parameters;
- Choose a uniformly random polynomial ;
- Output the public parameters and master key .
- Set , and it is used to generate the private key;
- Run , where is a vector in ;
- Output the private key .
- Set , and it is used to generate the ciphertext;
- Choose a uniformly random polynomial ;
- Choose matrices for and , which consist of random polynomials with coefficient . Define ;
- Choose noise polynomial , noise vector , and set ;
- Set , and ;
- Output the ciphertext .
- Set ;
- Sample such that ;
- Compute , denotes the coefficient of w;
- Compare and treating them as integer in Z, if , output 1, otherwise output 0.
4.2. Parameters and Correctness
- the error term is less than ,
- that algorithm TrapGen can operate ,
- that is sufficiently large for sampling algorithm(i.e., ,
- that reduction applies (i.e., the number of private key queries ).
4.3. Security Proof
- Construct random vector with RLWE samples. For , the i-th column of is .
- Let a random polynomial be the 0-th RLWE sample.
- Construct and as in Game 3.
- Send public parameters to adversary .
- Set with the RLWE instance.
- Set to blind the message bit.
- Set and .
- Choose a random bit . If set , otherwise, select a random in . Then, send the challenge ciphertext to adversary.
5. Efficiency
6. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Shamir, A. Identity-Based Cryptosystems and Signature Schemes. In Workshop on the Theory and Application of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 1984; pp. 47–53. [Google Scholar] [CrossRef] [Green Version]
- Boneh, D.; Franklin, M.K. Identity-Based Encryption from the Weil Pairing. In Annual International Cryptology Conference; Springer: Berlin/Heidelberger, Germany, 2001; pp. 213–229. [Google Scholar] [CrossRef] [Green Version]
- Canetti, R.; Halevi, S.; Katz, J. A Forward-Secure Public-Key Encryption Scheme. In International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2003; pp. 255–271. [Google Scholar] [CrossRef] [Green Version]
- Boneh, D.; Boyen, X. Secure Identity Based Encryption Without Random Oracles. In Annual International Cryptology Conference; Springer: Berlin/Heidelberger, Germany, 2004; pp. 443–459. [Google Scholar] [CrossRef] [Green Version]
- Waters, B. Efficient Identity-Based Encryption Without Random Oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2005; pp. 114–127. [Google Scholar] [CrossRef] [Green Version]
- Cocks, C.C. An Identity Based Encryption Scheme Based on Quadratic Residues. In IMA International Conference on Cryptography and Coding; Springer: Berlin/Heidelberger, Germany, 2001; pp. 360–363. [Google Scholar] [CrossRef]
- Gentry, C.; Silverberg, A. Hierarchical ID-Based Cryptography. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberger, Germany, 2002; pp. 548–566. [Google Scholar] [CrossRef] [Green Version]
- Horwitz, J.; Lynn, B. Toward Hierarchical Identity-Based Encryption. In International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2002; pp. 466–481. [Google Scholar] [CrossRef] [Green Version]
- Boneh, D.; Boyen, X. Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2004; pp. 223–238. [Google Scholar] [CrossRef] [Green Version]
- Gentry, C. Practical Identity-Based Encryption Without Random Oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2006; pp. 445–464. [Google Scholar] [CrossRef] [Green Version]
- Chatterjee, S.; Sarkar, P. HIBE With Short Public Parameters without Random Oracle. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberger, Germany, 2006; pp. 145–160. [Google Scholar] [CrossRef] [Green Version]
- Canetti, R.; Halevi, S.; Katz, J. A Forward-Secure Public-Key Encryption Scheme. J. Cryptol. 2007, 20, 265–294. [Google Scholar] [CrossRef]
- Waters, B. Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions. In Annual International Cryptology Conference; Springer: Berlin/Heidelberger, Germany, 2009; pp. 619–636. [Google Scholar] [CrossRef] [Green Version]
- Regev, O. On lattices, learning with errors, random linear codes, and cryptography. J. ACM 2005, 56, 1–40. [Google Scholar] [CrossRef]
- Stehlé, D.; Steinfeld, R.; Tanaka, K.; Xagawa, K. Efficient Public Key Encryption Based on Ideal Lattices. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberger, Germany, 2009; pp. 617–635. [Google Scholar] [CrossRef] [Green Version]
- Lyubashevsky, V.; Peikert, C.; Regev, O. On Ideal Lattices and Learning with Errors over Rings. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2010; pp. 1–23. [Google Scholar] [CrossRef]
- Gentry, C.; Peikert, C.; Vaikuntanathan, V. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, BC, Canada, 17–20 May 2008; pp. 197–206. [Google Scholar] [CrossRef] [Green Version]
- Agrawal, S.; Boneh, D.; Boyen, X. Efficient Lattice (H)IBE in the Standard Model. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2010; pp. 553–572. [Google Scholar] [CrossRef] [Green Version]
- Singh, K.; Rangan, C.P.; Banerjee, A.K. Adaptively Secure Efficient Lattice (H)IBE in Standard Model with Short Public Parameters. In International Conference on Security, Privacy, and Applied Cryptography Engineering; Springer: Berlin/Heidelberger, Germany, 2012; pp. 153–172. [Google Scholar] [CrossRef]
- Chatterjee, S.; Sarkar, P. Trading Time for Space: Towards an Efficient IBE Scheme with Short(er) Public Parameters in the Standard Model. In International Conference on Information Security and Cryptology; Springer: Berlin/Heidelberger, Germany, 2005; pp. 424–440. [Google Scholar] [CrossRef]
- Naccache, D. Secure and practical identity-based encryption. IET Inf. Secur. 2005, 1, 59–64. [Google Scholar] [CrossRef] [Green Version]
- Yamada, S. Adaptively Secure Identity-Based Encryption from Lattices with Asymptotically Shorter Public Parameters. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2016; pp. 32–62. [Google Scholar] [CrossRef]
- Zhang, J.; Chen, Y.; Zhang, Z. Programmable Hash Functions from Lattices: Short Signatures and IBEs with Small Key Sizes. In Annual international cryptology conference; Springer: Berlin/Heidelberger, Germany, 2016; pp. 303–332. [Google Scholar] [CrossRef]
- Yamada, S. Asymptotically Compact Adaptively Secure Lattice IBEs and Verifiable Random Functions via Generalized Partitioning Techniques. In Annual International Cryptology Conference; Springer: Berlin/Heidelberger, Germany, 2017; pp. 161–193. [Google Scholar] [CrossRef]
- Agrawal, S.; Boyen, X. Identity-Based Encryption from Lattices in the Standard Model. 2009. Available online: http://www.cs.stanford.edu/~xb/ab09/ (accessed on 20 October 2020).
- Cash, D.; Hofheinz, D.; Kiltz, E. How to Delegate a Lattice Basis. IACR Cryptol. ePrint Arch. 2009, 2009, 351. [Google Scholar]
- Cash, D.; Hofheinz, D.; Kiltz, E.; Peikert, C. Bonsai Trees, or How to Delegate a Lattice Basis. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2010; pp. 523–552. [Google Scholar] [CrossRef] [Green Version]
- Agrawal, S.; Boneh, D.; Boyen, X. Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE. In Annual Cryptology Conference; Springer: Berlin/Heidelberger, Germany, 2010; pp. 98–115. [Google Scholar] [CrossRef] [Green Version]
- Wang, F.; Wang, C.; Liu, Z.H. Efficient hierarchical identity based encryption scheme in the standard model over lattices. Front. Inf. Technol. Electron. Eng. 2016, 17, 781–791. [Google Scholar] [CrossRef]
- Apon, D.; Fan, X.; Liu, F. Compact identity based encryption from LWE. Cryptol. ePrint Arch. 2016, 2016. [Google Scholar]
- Boyen, X.; Li, Q. Towards tightly secure lattice short signature and id-based encryption. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberger, Germany, 2016; pp. 404–434. [Google Scholar]
- Zhang, L.; Wu, Q. Adaptively Secure Hierarchical Identity-Based Encryption over Lattice. In International Conference on Network and System Security; Springer: Berlin/Heidelberger, Germany, 2017; pp. 46–58. [Google Scholar] [CrossRef]
- Yang, X.; Wu, L.; Zhang, M.; Chen, X. An efficient CCA-secure cryptosystem over ideal lattices from identity-based encryption. Comput. Math. Appl. 2013, 65, 1254–1263. [Google Scholar] [CrossRef]
- Ducas, L.; Lyubashevsky, V.; Prest, T. Efficient Identity-Based Encryption over NTRU Lattices. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberger, Germany, 2014; pp. 22–41. [Google Scholar] [CrossRef] [Green Version]
- Hoffstein, J.; Pipher, J.; Silverman, J.H. NTRU: A Ring-Based Public Key Cryptosystem. In ANTS-III; Springer: Berlin/Heidelberger, Germany, 1998; pp. 267–288. [Google Scholar] [CrossRef]
- Katsumata, S.; Yamada, S. Partitioning via Non-linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberger, Germany, 2016; pp. 682–712. [Google Scholar] [CrossRef]
- Bert, P.; Fouque, P.; Roux-Langlois, A.; Sabt, M. Practical Implementation of Ring-SIS/LWE Based Signature and IBE. In International Conference on Post-Quantum Cryptography; Springer: Berlin/Heidelberger, Germany, 2018; pp. 271–291. [Google Scholar] [CrossRef] [Green Version]
- Micciancio, D.; Peikert, C. Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberger, Germany, 2012; pp. 700–718. [Google Scholar] [CrossRef] [Green Version]
- Peikert, C. Bonsai Trees (or, Arboriculture in Lattice-Based Cryptography). IACR Cryptol. ePrint Arch. 2009, 2009, 359. [Google Scholar]
- Ajtai, M. Generating Hard Instances of Lattice Problems (Extended Abstract). In Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, PA, USA, 22–24 May 1996; pp. 99–108. [Google Scholar] [CrossRef]
- Banaszczyk, W. New bounds in some transference theorems in the geometry of numbers. Math. Ann. 1993, 296, 625–635. [Google Scholar] [CrossRef]
- Banaszczyk, W. Inequalites for Convex Bodies and Polar Reciprocal Lattices in Rn. Discret. Comput. Geom. 1995, 13, 217–231. [Google Scholar] [CrossRef]
- Singh, K.; Rangan, C.P.; Banerjee, A.K. Efficient Lattice HIBE in the Standard Model with Shorter Public Parameters. In Information and Communication Technology-EurAsia Conference; Springer: Berlin/Heidelberger, Germany, 2014; pp. 542–553. [Google Scholar] [CrossRef] [Green Version]
Schemes | Size | Size | Ciphertext Size | Security | Assumption |
---|---|---|---|---|---|
[18] | Adaptive-CPA | LWE | |||
[23] | Adaptive-CPA | LWE | |||
[22] * | Adaptive-CPA | LWE | |||
[36] * | Adaptive-CPA | RLWE † | |||
[24] | Adaptive-CPA | LWE | |||
Ours ** | Adaptive-CPA | RLWE † |
Schemes | |||
---|---|---|---|
[36] | |||
Ours |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhang, Y.; Liu, Y.; Guo, Y.; Zheng, S.; Wang, L. Adaptively Secure Efficient (H)IBE over Ideal Lattice with Short Parameters. Entropy 2020, 22, 1247. https://doi.org/10.3390/e22111247
Zhang Y, Liu Y, Guo Y, Zheng S, Wang L. Adaptively Secure Efficient (H)IBE over Ideal Lattice with Short Parameters. Entropy. 2020; 22(11):1247. https://doi.org/10.3390/e22111247
Chicago/Turabian StyleZhang, Yuan, Yuan Liu, Yurong Guo, Shihui Zheng, and Licheng Wang. 2020. "Adaptively Secure Efficient (H)IBE over Ideal Lattice with Short Parameters" Entropy 22, no. 11: 1247. https://doi.org/10.3390/e22111247
APA StyleZhang, Y., Liu, Y., Guo, Y., Zheng, S., & Wang, L. (2020). Adaptively Secure Efficient (H)IBE over Ideal Lattice with Short Parameters. Entropy, 22(11), 1247. https://doi.org/10.3390/e22111247