Junqing Gong Shanghai Jiao Tong University Jie Chen Xiaolei Dong Zhenfu Cao East China Normal University Shaohua Tang South China University of Technology PKC 2016 Overview ID: 598011
Download Presentation The PPT/PDF document "Extended Nested Dual System Groups, Revi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Extended Nested Dual System Groups, Revisited
Junqing Gong Shanghai Jiao Tong UniversityJie Chen, Xiaolei Dong, Zhenfu Cao East China Normal UniversityShaohua Tang South China University of Technology
PKC 2016Slide2
OverviewSlide3
PP
Identity Based EncryptionPP
PP
…
Algorithms
:
Setup(1
k
)
(PP,MSK)
KeyGen
(MSK,ID) SK
ID
Enc
(PP,ID,M) CT
Dec(PP,SK,CT) M
Security
: IND-ID-CPA (Adaptive/Full)
Q revealed keys
Almost Tight Security [Chen-Wee @ CRYPTO13]
Pr
[
Advserary
wins]
O(k)
Pr[Hard problem can be solved]
Small group size &Efficient realization
ID
SKID
CTSlide4
Towards
Multi-instance, Multi-ciphertext Setting[Hofheinz-Koch-Striecks @ PKC15]
…
…
…
Instance 1
Instance 2
Instance
…
GP
GP
GP
PP
PP
PP
…Slide5
Our Results
Almost-tight SecurityComposite-order Bilinear GroupPrime-order Bilinear GroupStandard(Single-instance, Single-ciphertext)Chen-Wee13Chen-Wee13Multi-instance,Multi-ciphertext(MIMC)Hofheinz-Koch-Striecks15This workMore Efficient, generally(shorter ct & faster algorithms)Slide6
Overview
CW13HKS15
Almost-tightly Secure IBE in SISC
Almost-tightly Secure IBE in MIMC
Composite
&
Prime
Composite only!Slide7
CW13
HKS15
Ours
ENDSG from
Prime order
Bilinear Group
Require specific algebraic structure!
OverviewSlide8
Basic Prime-order TechniqueSlide9
Our Idea
Almost Tight SecurityComposite-order Bilinear GroupPrime-order Bilinear GroupSingle-instance, Single-ciphertext(SISC)Chen-Wee13Chen-Wee13Multi-instance,Multi-ciphertext(MIMC)Hofheinz-Koch-Striecks15This workSlide10
From
CW13 to HKS15structuralstructuralNormal SpaceSemi-functional Spacestructuralstructural
Nested Hiding
CAUTION:
share the same
th
bit
Impossible in MIMC setting.
Slide11
From CW13 to
HKS15structuralstructuralNormal SpaceSemi-functional Space
Semi-functional Space
1. Additional SF Space
2. Switching
Ciphertext
3. Nested Hiding
4. Tightness PreservingSlide12
1. Additional SF Space
Dual Pairing
V
ector Space
Normal
Semi-
Func
Normal
Semi-
Func
Semi-
Func
Slide13
2. Switching Ciphertext
Normal
Semi-
Func
Semi-
Func
Slide14
2. Switching Ciphertext
Normal
Semi-
Func
Semi-
Func
Requirement [HKS15]:
Given
,
Rnd
(
)
Rnd
(
)
-Lin
Slide15
2. Switching Ciphertext
Normal
Semi-
Func
Semi-
Func
Requirement:
Given
,
Rnd
(
)
Rnd
(
)
-Lin
Slide16
3. Nested Hiding
Update
Update
Update
Two random functions have more
Entropy!
Many Tuple Lemma
:
Given
and
and
,
Generalized
Many Tuple Lemma
:
Given
and
and
,
Slide17
4. Preserving Tightness
We base all these properties on standard -Linear assumption-Linear assumption is random self-reducible [c.f. Escala-Herold-Kiltz-Rafols-Villar @ CRYPTO 13]Security loss is O(), constant for fixed assumption. Slide18
A Glance of other Results
Stronger security (No. of ct per id) with no extra assumption-weak adaptively secure: unconditionally (-Lin)full adaptive secure: -Lin assumptionAn improvement:Compress two semi-functional spaces: from to Positive: Higher performanceNegative: Non-standard/stronger assumption for switching ct Open problemFind an approach to achieve high performance under standard/weaker assumption !Slide19
An Independent Work on This Topic
Attrapadung-Hanaoka-Yamada @ AsiaCrypt15 An elegant explanation of Chen-Wee’s proof idea [CW13] using Broadcast Encoding mechanismGeneric construction for almost-tightly secure IBE in both composite- and prime-order groupsBasic prime-order construction is similar to ours improvementMore concrete results: Tight reduction with short public parameterAnonymous versionOur work is more general in terms of assumption.Slide20
The End
Any Question?Slide21
4. Preserving Tightness
Span()Span( )……
Span(
)
Span(
)
Span(
)
Span(
)
SituationSlide22
4. Preserving Tightness
Span()Span( )……
Solution
)
Span(
)
Span(
Span(
)
Span(
)
)
Span(
)
Span(
Span(
)
Span(
)
)
Span(
)
Span(
Constant Loss
Arise reduction loss proportional to the
dimension
of spaceSlide23
An Improvement
Normal
Semi-
Func
Semi-
Func
Used to hide messageSlide24
Normal
Semi-
Func
Semi-
Func
Used to hide message!
Positive
:
Reduce dimension
High performance
Negative
:
Non-standard/stronger
assumption
-Lin
w
ith Auxiliary Input
An Improvement