Registration-based encryption: Removing private-key generator from IBE

Sanjam Garg; Mohammad Hajiabadi; Mohammad Mahmoody; Ahmadreza Rahimi

doi:10.1007/978-3-030-03807-6_25

Registration-based encryption: Removing private-key generator from IBE

Sanjam Garg, Mohammad Hajiabadi, Mohammad Mahmoody, Ahmadreza Rahimi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Scopus citations

Abstract

In this work, we introduce the notion of registration-based encryption (RBE for short) with the goal of removing the trust parties need to place in the private-key generator in an IBE scheme. In an RBE scheme, users sample their own public and secret keys. There will also be a “key curator” whose job is only to aggregate the public keys of all the registered users and update the “short” public parameter whenever a new user joins the system. Encryption can still be performed to a particular recipient using the recipient’s identity and any public parameters released subsequent to the recipient’s registration. Decryption requires some auxiliary information connecting users’ public (and secret) keys to the public parameters. Because of this, as the public parameters get updated, a decryptor may need to obtain “a few” additional auxiliary information for decryption. More formally, if n is the total number of identities and κ is the security parameter, we require the following. Efficiency requirements: (1) A decryptor only needs to obtain updated auxiliary information for decryption at most O(log n) times in its lifetime, (2) each of these updates are computed by the key curator in time poly (κ, log n), and (3) the key curator updates the public parameter upon the registration of a new party in time poly (κ, log n). Properties (2) and (3) require the key curator to have random access to its data. Compactness requirements: (1) Public parameters are always at most poly (κ, log n) bit, and (2) the total size of updates a user ever needs for decryption is also at most poly (κ, log n) bits. We present feasibility results for constructions of RBE based on indistinguishably obfuscation. We further provide constructions of weakly efficient RBE, in which the registration step is done in poly (κ, n), based on CDH, Factoring or LWE assumptions. Note that registration is done only once per identity, and the more frequent operation of generating updates for a user, which can happen more times, still runs in time poly (κ, log n). We leave open the problem of obtaining standard RBE (with poly (κ, log n) registration time) from standard assumptions.

Original language	English (US)
Title of host publication	Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings
Editors	Amos Beimel, Stefan Dziembowski
Publisher	Springer Verlag
Pages	689-718
Number of pages	30
ISBN (Print)	9783030038069
DOIs	https://doi.org/10.1007/978-3-030-03807-6_25
State	Published - 2018
Event	16th Theory of Cryptography Conference, TCC 2018 - Panaji, India Duration: Nov 11 2018 → Nov 14 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11239 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th Theory of Cryptography Conference, TCC 2018
Country/Territory	India
City	Panaji
Period	11/11/18 → 11/14/18

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-03807-6_25

Cite this

Garg, S., Hajiabadi, M., Mahmoody, M., & Rahimi, A. (2018). Registration-based encryption: Removing private-key generator from IBE. In A. Beimel, & S. Dziembowski (Eds.), Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings (pp. 689-718). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11239 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-03807-6_25

Garg, Sanjam ; Hajiabadi, Mohammad ; Mahmoody, Mohammad et al. / Registration-based encryption : Removing private-key generator from IBE. Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings. editor / Amos Beimel ; Stefan Dziembowski. Springer Verlag, 2018. pp. 689-718 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{71f45fd4df4e4917bc458e6271528d88,

title = "Registration-based encryption: Removing private-key generator from IBE",

abstract = "In this work, we introduce the notion of registration-based encryption (RBE for short) with the goal of removing the trust parties need to place in the private-key generator in an IBE scheme. In an RBE scheme, users sample their own public and secret keys. There will also be a “key curator” whose job is only to aggregate the public keys of all the registered users and update the “short” public parameter whenever a new user joins the system. Encryption can still be performed to a particular recipient using the recipient{\textquoteright}s identity and any public parameters released subsequent to the recipient{\textquoteright}s registration. Decryption requires some auxiliary information connecting users{\textquoteright} public (and secret) keys to the public parameters. Because of this, as the public parameters get updated, a decryptor may need to obtain “a few” additional auxiliary information for decryption. More formally, if n is the total number of identities and κ is the security parameter, we require the following. Efficiency requirements: (1) A decryptor only needs to obtain updated auxiliary information for decryption at most O(log n) times in its lifetime, (2) each of these updates are computed by the key curator in time poly (κ, log n), and (3) the key curator updates the public parameter upon the registration of a new party in time poly (κ, log n). Properties (2) and (3) require the key curator to have random access to its data. Compactness requirements: (1) Public parameters are always at most poly (κ, log n) bit, and (2) the total size of updates a user ever needs for decryption is also at most poly (κ, log n) bits. We present feasibility results for constructions of RBE based on indistinguishably obfuscation. We further provide constructions of weakly efficient RBE, in which the registration step is done in poly (κ, n), based on CDH, Factoring or LWE assumptions. Note that registration is done only once per identity, and the more frequent operation of generating updates for a user, which can happen more times, still runs in time poly (κ, log n). We leave open the problem of obtaining standard RBE (with poly (κ, log n) registration time) from standard assumptions.",

author = "Sanjam Garg and Mohammad Hajiabadi and Mohammad Mahmoody and Ahmadreza Rahimi",

note = "Funding Information: S. Garg—Research supported in part from DARPA/ARL SAFEWARE Award W911NF15C0210, AFOSR Award FA9550-15-1-0274, AFOSR YIP Award, DARPA and SPAWAR under contract N66001-15-C-4065, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for Long-Term Cybersecu-rity (CLTC, UC Berkeley). The views expressed are those of the author and do not reflect the official policy or position of the funding agencies. M. Hajiabadi—Supported by NSF award CCF-1350939 and AFOSR Award FA9550-15-1-0274. M. Mahmoody—Supported by NSF CAREER award CCF-1350939, and two University of Virginia{\textquoteright}s SEAS Research Innovation Awards. A. Rahimi—Supported by NSF award CCF-1350939. Funding Information: S. Garg—Research supported in part from DARPA/ARL SAFEWARE Award W911NF15C0210, AFOSR Award FA9550-15-1-0274, AFOSR YIP Award, DARPA and SPAWAR under contract N66001-15-C-4065, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for Long-Term Cybersecurity (CLTC, UC Berkeley). The views expressed are those of the author and do not reflect the official policy or position of the funding agencies. M. Hajiabadi—Supported by NSF award CCF-1350939 and AFOSR Award FA9550-15-1-0274. M. Mahmoody—Supported by NSF CAREER award CCF-1350939, and two University of Virginia{\textquoteright}s SEAS Research Innovation Awards. A. Rahimi—Supported by NSF award CCF-1350939. Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2018.; 16th Theory of Cryptography Conference, TCC 2018 ; Conference date: 11-11-2018 Through 14-11-2018",

year = "2018",

doi = "10.1007/978-3-030-03807-6_25",

language = "English (US)",

isbn = "9783030038069",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "689--718",

editor = "Amos Beimel and Stefan Dziembowski",

booktitle = "Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings",

address = "Germany",

}

Garg, S, Hajiabadi, M, Mahmoody, M & Rahimi, A 2018, Registration-based encryption: Removing private-key generator from IBE. in A Beimel & S Dziembowski (eds), Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11239 LNCS, Springer Verlag, pp. 689-718, 16th Theory of Cryptography Conference, TCC 2018, Panaji, India, 11/11/18. https://doi.org/10.1007/978-3-030-03807-6_25

Registration-based encryption: Removing private-key generator from IBE. / Garg, Sanjam; Hajiabadi, Mohammad; Mahmoody, Mohammad et al.
Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings. ed. / Amos Beimel; Stefan Dziembowski. Springer Verlag, 2018. p. 689-718 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11239 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Registration-based encryption

T2 - 16th Theory of Cryptography Conference, TCC 2018

AU - Garg, Sanjam

AU - Hajiabadi, Mohammad

AU - Mahmoody, Mohammad

AU - Rahimi, Ahmadreza

N1 - Funding Information: S. Garg—Research supported in part from DARPA/ARL SAFEWARE Award W911NF15C0210, AFOSR Award FA9550-15-1-0274, AFOSR YIP Award, DARPA and SPAWAR under contract N66001-15-C-4065, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for Long-Term Cybersecu-rity (CLTC, UC Berkeley). The views expressed are those of the author and do not reflect the official policy or position of the funding agencies. M. Hajiabadi—Supported by NSF award CCF-1350939 and AFOSR Award FA9550-15-1-0274. M. Mahmoody—Supported by NSF CAREER award CCF-1350939, and two University of Virginia’s SEAS Research Innovation Awards. A. Rahimi—Supported by NSF award CCF-1350939. Funding Information: S. Garg—Research supported in part from DARPA/ARL SAFEWARE Award W911NF15C0210, AFOSR Award FA9550-15-1-0274, AFOSR YIP Award, DARPA and SPAWAR under contract N66001-15-C-4065, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for Long-Term Cybersecurity (CLTC, UC Berkeley). The views expressed are those of the author and do not reflect the official policy or position of the funding agencies. M. Hajiabadi—Supported by NSF award CCF-1350939 and AFOSR Award FA9550-15-1-0274. M. Mahmoody—Supported by NSF CAREER award CCF-1350939, and two University of Virginia’s SEAS Research Innovation Awards. A. Rahimi—Supported by NSF award CCF-1350939. Publisher Copyright: © International Association for Cryptologic Research 2018.

PY - 2018

Y1 - 2018

N2 - In this work, we introduce the notion of registration-based encryption (RBE for short) with the goal of removing the trust parties need to place in the private-key generator in an IBE scheme. In an RBE scheme, users sample their own public and secret keys. There will also be a “key curator” whose job is only to aggregate the public keys of all the registered users and update the “short” public parameter whenever a new user joins the system. Encryption can still be performed to a particular recipient using the recipient’s identity and any public parameters released subsequent to the recipient’s registration. Decryption requires some auxiliary information connecting users’ public (and secret) keys to the public parameters. Because of this, as the public parameters get updated, a decryptor may need to obtain “a few” additional auxiliary information for decryption. More formally, if n is the total number of identities and κ is the security parameter, we require the following. Efficiency requirements: (1) A decryptor only needs to obtain updated auxiliary information for decryption at most O(log n) times in its lifetime, (2) each of these updates are computed by the key curator in time poly (κ, log n), and (3) the key curator updates the public parameter upon the registration of a new party in time poly (κ, log n). Properties (2) and (3) require the key curator to have random access to its data. Compactness requirements: (1) Public parameters are always at most poly (κ, log n) bit, and (2) the total size of updates a user ever needs for decryption is also at most poly (κ, log n) bits. We present feasibility results for constructions of RBE based on indistinguishably obfuscation. We further provide constructions of weakly efficient RBE, in which the registration step is done in poly (κ, n), based on CDH, Factoring or LWE assumptions. Note that registration is done only once per identity, and the more frequent operation of generating updates for a user, which can happen more times, still runs in time poly (κ, log n). We leave open the problem of obtaining standard RBE (with poly (κ, log n) registration time) from standard assumptions.

AB - In this work, we introduce the notion of registration-based encryption (RBE for short) with the goal of removing the trust parties need to place in the private-key generator in an IBE scheme. In an RBE scheme, users sample their own public and secret keys. There will also be a “key curator” whose job is only to aggregate the public keys of all the registered users and update the “short” public parameter whenever a new user joins the system. Encryption can still be performed to a particular recipient using the recipient’s identity and any public parameters released subsequent to the recipient’s registration. Decryption requires some auxiliary information connecting users’ public (and secret) keys to the public parameters. Because of this, as the public parameters get updated, a decryptor may need to obtain “a few” additional auxiliary information for decryption. More formally, if n is the total number of identities and κ is the security parameter, we require the following. Efficiency requirements: (1) A decryptor only needs to obtain updated auxiliary information for decryption at most O(log n) times in its lifetime, (2) each of these updates are computed by the key curator in time poly (κ, log n), and (3) the key curator updates the public parameter upon the registration of a new party in time poly (κ, log n). Properties (2) and (3) require the key curator to have random access to its data. Compactness requirements: (1) Public parameters are always at most poly (κ, log n) bit, and (2) the total size of updates a user ever needs for decryption is also at most poly (κ, log n) bits. We present feasibility results for constructions of RBE based on indistinguishably obfuscation. We further provide constructions of weakly efficient RBE, in which the registration step is done in poly (κ, n), based on CDH, Factoring or LWE assumptions. Note that registration is done only once per identity, and the more frequent operation of generating updates for a user, which can happen more times, still runs in time poly (κ, log n). We leave open the problem of obtaining standard RBE (with poly (κ, log n) registration time) from standard assumptions.

UR - http://www.scopus.com/inward/record.url?scp=85057105762&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85057105762&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-03807-6_25

DO - 10.1007/978-3-030-03807-6_25

M3 - Conference contribution

AN - SCOPUS:85057105762

SN - 9783030038069

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 689

EP - 718

BT - Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings

A2 - Beimel, Amos

A2 - Dziembowski, Stefan

PB - Springer Verlag

Y2 - 11 November 2018 through 14 November 2018

ER -

Garg S, Hajiabadi M, Mahmoody M, Rahimi A. Registration-based encryption: Removing private-key generator from IBE. In Beimel A, Dziembowski S, editors, Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings. Springer Verlag. 2018. p. 689-718. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-03807-6_25

Registration-based encryption: Removing private-key generator from IBE

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this