Extended Nested Dual System Groups, Revisited

The notion of extended nested dual system groups (ENDSG) was recently proposed by Hofheinz et al. [PKC 2015] for constructing almost-tight identity based encryptions (IBE) in the multi-instance, multi-ciphertext (MIMC) setting. However only a composite-order instantiation was proposed and more efficient prime-order instantiations are absent. The paper fills the blank by presenting two constructions. We revise the definition of ENDSG and realize it using prime-order bilinear groups based on Chen and Wee’s prime-order instantiation of nested dual system groups [CRYPTO 2013]. This yields the first almosttight IBE in the prime-order setting achieving weak adaptive security in MIMC scenario under the d-linear (d-Lin) assumption. We further enhanced the revised ENDSG to capture stronger security notions for IBE, including B-weak adaptive security and full adaptive security. We show that our prime-order instantiation is readily B-weak adaptive secure and full adaptive secure without introducing extra assumption. We then try to find better solution by fine-tuning ENDSG again and realizing it using the technique of Chen, Gay, and Wee [EUROCRYPT 2015]. This leads to an almost-tight secure IBE in the same setting with better performance than our first result, but the security relies on a non-standard assumption, d-linear assumption with auxiliary input (d-LinAI) for an even positive integer d. However we note that, the 2-LinAI assumption is implied by the external decisional linear (XDLIN) assumption. This concrete instantiation could also be realized using symmetric bilinear groups under standard decisional linear assumption.