Identity-Based Encryption in DDH Hard Groups
نویسندگان
چکیده
The concept of Identity-Based Encryption was first introduced by Shamir (CRYPTO 1984) but were not realised until much later Sakai, Ohgishi and Kasahara (SCIS 2000), Boneh Franklin 2001) Cocks (IMACC 2001). Since then, has been a highly active area research. While there have several instantiations its variants, is one glaring omission: no in plain Decisional Diffie-Hellman groups. This seemed at odds with the fact that we can instantiate almost every single cryptographic primitive An answer to this question came result Papakonstantinou, Rackoff Vahlis (EPRINT 2012), who showed it impossible an DDH impossibility questioned when Döttling Garg 2017) presented based on problem. However, did disprove result, as requires use garbled circuits, which are inherently interactive. type scheme covered does raise some questions. In paper, those questions constructing We achieve instantiating generic construction Witness Garg, Gentry, Sahai Waters (STOC 2013), minor changes. To end, construct unique signature groups, best our knowledge. scheme, inefficient, unavoidable. Our completely contradict instead shows statement too strong, only rules out efficient constructions.
منابع مشابه
How powerful are the DDH hard groups?
The question whether Identity-Based Encryption (IBE) can be based on the Decisional DiffieHellman (DDH) assumption is one of the most prominent questions in Cryptography related to DDH. We study limitations on the use of the DDH assumption in cryptographic constructions, and show that it is impossible to construct a secure Identity-Based Encryption system using, in a black box way, only the DDH...
متن کاملLinearly Homomorphic Encryption from DDH
We design a linearly homomorphic encryption scheme whose security relies on the hardness of the decisional Diffie-Hellman problem. Our approach requires some special features of the underlying group. In particular, its order is unknown and it contains a subgroup in which the discrete logarithm problem is tractable. Therefore, our instantiation holds in the class group of a non maximal order of ...
متن کاملAttribute-based encryption implies identity-based encryption
In this short paper we formally prove that designing attribute-based encryption schemes cannot be easier than designing identity-based encryption schemes. In more detail, we show how an attribute-based encryption scheme which admits, at least, AND policies can be combined with a collision-resistant hash function to obtain an identity-based encryption scheme. Even if this result may seem natural...
متن کاملAttribute-Based Encryption from Identity-Based Encryption
Ciphertext-policy attribute-based encryption (CP-ABE) is an access control mechanism where a data provider encrypts a secret message and then sends the ciphertext to the receivers according to the access policy which she/he decides. If the attributes of the receivers match the access policy, then they can decrypt the ciphertext. This manuscript shows a relation between ABE and identity-based en...
متن کاملIdealizing Identity-Based Encryption
We formalize the standard application of identity-based encryption (IBE), namely noninteractive secure communication, as realizing an ideal system which we call delivery controlled channel (DCC). This system allows users to be registered (by a central authority) for an identity and to send messages securely to other users only known by their identity. Quite surprisingly, we show that existing s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2022
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-031-17433-9_4