Identity-Based Encryption in DDH Hard Groups - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2022

Identity-Based Encryption in DDH Hard Groups

Résumé

The concept of Identity-Based Encryption was first introduced by Shamir (CRYPTO 1984) but were not realised until much later by Sakai, Ohgishi and Kasahara (SCIS 2000), Boneh and Franklin (CRYPTO 2001) and Cocks (IMACC 2001). Since then, Identity-Based Encryption has been a highly active area of research. While there have been several instantiations of Identity-Based Encryption and its variants, there is one glaring omission: there have been no instantiations in plain Decisional Diffie-Hellman groups. This seemed at odds with the fact that we can instantiate almost every single cryptographic primitive in plain Decisional Diffie-Hellman groups. An answer to this question came in a result by Papakonstantinou, Rackoff and Vahlis (EPRINT 2012), who showed that it is impossible to instantiate an Identity-Based Encryption in plain DDH groups. The impossibility result was questioned when Döttling and Garg (CRYPTO 2017) presented an Identity-Based Encryption based on the Decisional Diffie-Hellman problem. This result however did not disprove the impossibility result, as it requires the use of garbled circuits, which are inherently interactive. This type of scheme is not covered by the impossibility result, but it does raise some questions. In this paper, we answer some of those questions by constructing an Identity-Based Encryption scheme based on the Decisional Diffie-Hellman problem. We achieve this by instantiating the generic construction based on Witness Encryption by Garg, Gentry, Sahai and Waters (STOC 2013), with some minor changes. To this end, we construct the first unique signature scheme in Decisional Diffie-Hellman groups, to the best of our knowledge. The unique signature scheme, and as a result, our Identity-Based Encryption scheme, is inefficient, but this is unavoidable. Our construction does not completely contradict the impossibility result, but instead shows that the statement was too strong, and the result only rules out efficient constructions.
Fichier principal
Vignette du fichier
main.pdf (461.78 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03815800 , version 1 (14-10-2022)

Identifiants

Citer

Olivier Blazy, Saqib Kakvi. Identity-Based Encryption in DDH Hard Groups. AFRICACRYPT 2022 - 13th International Conference on Cryptology in Africa, Jul 2022, Fes, Morocco. pp.81-102, ⟨10.1007/978-3-031-17433-9_4⟩. ⟨hal-03815800⟩
37 Consultations
187 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More