Identity-Based Encryption with Tight Security in Multi-Instance Setting

identity based encryption with almost tight n.w
1 / 25
Embed
Share

Explore the concept of Identity-Based Encryption (IBE) with nearly tight security in a multi-instance, multi-ciphertext setting. This study delves into the proof idea underlying the IBE scheme and achieves almost tight security for Multi-Instance, Multi-Ciphertext IBE, focusing on IBE-IND-CPA and tight security aspects. The goal is to enhance security while reducing key sizes and overall complexity. Dive into the intricate details of IBE security and proof mechanisms proposed by Dennis Hofheinz, Jessica Koch, and Christoph Striecks from the Karlsruhe Institute of Technology, Germany.

  • Encryption
  • Security
  • Multi-Instance
  • IBE
  • Tight
rayaanacharya
shix Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting Dennis Hofheinz, Jessica Koch, Christoph Striecks Karlsruhe Institute of Technology, Germany 1

  2. Overview Identity-Based Encryption (IBE) Tight Security - Proof Idea Underlying IBE-Scheme by Chen and Wee Result: (almost) Tight Security for Multi- Instance, Multi-Ciphertext IBE 2

  3. Identity-Based Encryption (IBE) 3

  4. IBE-IND-CPA Security C* for id* succ.prob = 1 M0 or M1 ? 2 + 1 4

  5. Multi-Instance, Multi-Ciphertext IBE-IND-CPA Security M0i,c or M1i,c? succ.prob = 1 2 + multi 5

  6. Tight Security . . . Ni instances . . . Nc chall. ciphertexts Nu user secret keys security proof = reduction to hard problem (adv. = P) attack adv. 1 = Nu P (generic) attacks potentially easier attack adv. multi = Ni Nc 1 = Ni Nc Nu P 6

  7. Tight Security Our goal: tight security i.e. multi P independent of Ni, Nc, Nu smaller keys, smaller groups recently: (somewhat) tightly secure multi- instance/multi-ciphertext PKE [HJ12, LJYP14] [Chen,Wee13]: somewhat tightly secure IBE 1 instance/1 ciphertext: 1 Nu P 7

  8. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : normal i i depends on idi = i and position 8

  9. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal 1* i* type i C*: id|i* = 1* i* normal C*: 1 i normal usk: type i usk: id|i = 1 i same type id|i* = id|i Decryption 9

  10. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal type i C*: id|i* = 1* i* normal C*: normal usk: type i usk: id|i = 1 i same type id|i* = id|i Decryption 10

  11. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal 1* i* type i C*: id|i* = 1* i* normal C*: 1 i normal usk: type i usk: id|i = 1 i same type id|i* = id|i same type id|i* id|i Decryption 11

  12. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal 1* i* type i C*: id|i* = 1* i* normal C*: 1 i normal usk: type i usk: id|i = 1 i same type id|i* = id|i same type id|i* id|i Decryption 12

  13. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal 1* i* type i C*: id|i* = 1* i* normal C*: 1 i i+1 type i+1 usk: normal usk: id|i+1 = 1 i+1 same type id|i* = id|i same type id|i* id|i different type id|i+1* = id|i+1 Decryption 13

  14. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal type i C*: id|i* = 1* i* normal C*: i+1 type i+1 usk: normal usk: id|i+1 = 1 i+1 same type id|i* = id|i same type id|i* id|i different type id|i+1* = id|i+1 Decryption 14

  15. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal 1* n* type n C*: id* = 1* n* normal C*: 1 n normal usk: type n usk: id = 1 n id* id for all usks 15

  16. Proof Idea of Chen and Wee Sequence of games depending on n-bit identity id = 1 n : start with real security game change all usks and C* normal 1* n* type n C*: id* = 1* n* normal C*: 1 n normal usk: type n usk: id = 1 n id* id for all usks usks useless for decryption replace C* by random Adversary can only guess 16

  17. Proof Idea of Chen and Wee Game hop: type i type i+1 Chall. C*: 1* i+1 i* test usk*: 1* i* usk: test C: 1 i+1 i 1 i Simulator embeds own challenge Simulator can test on its own Decryption: i+1 Game i i+1 = Decryption: Game i+1 i+1 17

  18. Proof Idea of Chen and Wee Game hop: type i type i+1 Chall. C*: i+1 test usk*: usk: test C: i+1 Simulator embeds own challenge Simulator can test on its own Decryption: i+1 Game i i+1 = Decryption: Game i+1 i+1 18

  19. Proof Idea of Chen and Wee Game hop: type i type i+1 Chall. C*: test usk*: i+1 usk: i+1 test C: Simulator embeds own challenge Simulator can test on its own Decryption: i+1 Game i i+1 = Decryption: Game i+1 i+1 19

  20. Proof Idea of Chen and Wee Game hop: type i type i+1 Chall. C*: test usk*: i+1 usk: test C: i+1 Simulator embeds own challenge Simulator can test on its own Decryption: i+1 Game i i+1 = Decryption: Game i+1 i+1 20

  21. Our Approach Problem for multi-instance, multi-ciphertext: Guessing of id*i+1: 1. for each instance loss = 2Ni 2. different chall. ciphertexts have different id-bits generation is not possible Our solution: distribute randomness into 2 compartments 21

  22. Our Approach Solution: no guessing id*i+1 = 0 id*i+1 = 1 Simulator gets: no reaction no reaction i+1 i+1 C*: 1* 1* i* i* i+1 i+1 usk: i+1 1 1 i i i+1 1 1 i i i+1 i+1 type i = type i+1 type i type i+1 type i type i+1 type i = type i+1 22

  23. Our Approach Solution: no guessing id*i+1 = 0 id*i+1 = 1 Simulator gets: no reaction no reaction i+1 i+1 C*: usk: 1 i i+1 1 i i+1 type i = type i+1 type i type i+1 type i type i+1 type i = type i+1 23

  24. Conclusion no guessing (n) reductions: n = length of identity loss independent of the number of ciphertexts , instances and usk-queries first fully secure multi-instance, multi-ciphertext IBE with loss (n) for n-bit identities under a simple assumption 24

  25. 25

Related


No related presentations.

More Related Content