عنوان انگلیسی مقاله:
Lattice-based revocable (Hierarchical) IBE with decryption key exposure resistance
ترجمه فارسی عنوان مقاله:
رمزنگاری مبتنی بر هویت قابل بازگشت (سلسله مراتبی) مبتنی بر شبکه با مقاومت در معرض کلید رمزگشایی
Sciencedirect - Elsevier - Theoretical Computer Science, Journal Pre-proof: 10:1016/j:tcs:2019:12:003
Shuichi Katsumata, Takahiro Matsuda, Atsushi Takayasu
Revocable identity-based encryption (RIBE) is an extension of IBE that supports a key revocation mechanism,
which is an indispensable feature for practical cryptographic schemes. Due to this extra feature, RIBE
is often required to satisfy a strong security notion unique to the revocation setting called decryption key
exposure resistance (DKER). Additionally, hierarchal IBE (HIBE) is another orthogonal extension of IBE
that supports key delegation functionalities allowing for scalable deployments of cryptographic schemes.
So far, R(H)IBE constructions with DKER are only known from bilinear maps, where all constructions
rely heavily on the so-called key re-randomization property to achieve the DKER and/or hierarchal feature.
Since lattice-based schemes seem to be inherently ill-fit with the key re-randomization property, no
construction of lattice-based R(H)IBE schemes with DKER are known.
In this paper, we propose the first lattice-based RHIBE scheme with DKER without relying on the
key re-randomization property, departing from all the previously known methods. We start our work by
providing a generic construction of RIBE schemes with DKER, which uses as building blocks any twolevel
standard HIBE scheme and (weak) RIBE scheme without DKER. Based on previous lattice-based
RIBE constructions without DKER, our result implies the first lattice-based RIBE scheme with DKER.
Then, building on top of our generic construction, we construct the first lattice-based RHIBE scheme with
DKER, by further exploiting the algebraic structure of lattices. To this end, we prepare a new tool called
the level conversion keys, which enables us to achieve the hierarchal feature without relying on the key
re-randomization property. In this full version, we give the formal proofs of our proposed schemes.
Keywords: revocable (hierarchical) identity-based encryption | lattice-based cryptography | decryption key exposure