Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/astl.2016.134.22

2016-01-01

Abstract:In this paper, a new technique - Identifier Discrimination is proposed for composing private keys in hierarchical identity based systems, With the technique, we construct a selective identity secure HIBE system under Decisional Bilinear Diffie-Hellman (DBDH) assumption in standard security model, where the ciphertext and the private key consist of constant number of group elements, and decryption requires only three bilinear map computations, regardless of the identity hierarchy depth. Moreover, different from previous HIBE constructions, key escrow problem inherent in identity based cryptosystems is resolved in our HIBE construction. An entity in hierarchy can be authorized by the root PKG to be capable of deriving private keys for its descendants. That we call Authorized Delegation.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.1007/s10207-018-0402-8

2018-01-01

International Journal of Information Security

Abstract:It has been almost one and a half decades since the introduction of the concept of hierarchical identity-based encryption (HIBE) systems, and many pairing-based HIBE systems have been proposed; however, how to achieve independent private key delegation in HIBE systems is still open. Independent private key delegation in HIBE systems requires that the following three conditions are satisfied: (1) private keys are not valid delegation credentials for deriving descendants’ private keys, (2) any entity intending to derive a private key for any one of its descendants should own a valid delegation credential distributed by the root private key generator (PKG), and (3) a credential is only valid for deriving private keys for a given descendant. We present a new technique for composing private keys for entities in HIBE systems that we call identifier discrimination, aiming at resolving the problem of independent private key delegation. With the technique, we construct a selective identity secure HIBE system under the decisional bilinear Diffie–Hellman (DBDH) assumption in the standard model with the following properties. (1) Every entity in the HIBE system is prevented from deriving private keys for its descendants with the only use of its private key and the public parameters. (2) The root PKG can delegate the privilege (if needed) of generating private keys for each individual entity to any of its ancestors through authorization that we call authorized delegation, by distributing a specifically crafted secret (delegation credential) to the ancestor. (3) The encryption privacy of each ciphertext for its intended recipient is achieved, that is, ciphertexts encrypted on identity of any entity cannot be decrypted by any of its ancestors that we call dedicated encryption privacy.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/ijsia.2016.10.8.20

2016-01-01

International Journal of Security and Its Applications

Abstract:As Hierarchical Identity Based Encryption (HIBE) system usually maps the true institutional structure of an organization or entity relationship between objects in real world, It is important that computation & communication complexity of private key, ciphertext, cryptographic computations and so on related to an entity in the hierarchy is independent to the hierarchy depth of the entity. Moreover, key escrow problem that any non-leaf entity in a hierarchical identity based cryptosystem can derive private keys for its descendants with use of its private key should be resolved, in order to prevent any entity from behaving on behalf of its descendants. In this paper, a new technique is introduced for composing a private key for each individual entity in HIBE system by differentiating between non-local identifiers and local identifiers of the identity of the entity. That we call Identifier Discrimination. With the technique, A selective identity secure HIBE system is constructed under Decisional Bilinear Diffie-Hellman (DBDH) assumption without using random oracles, where the private key and the ciphertext consist of constant number of group elements, and decryption requires only three bilinear map computations, regardless of the identity hierarchy depth. Moreover, in contrast to previous HIBE constructions, where private key for an entity can be derived by its ancestors with direct use of their private keys, key escrow problem inherent in identity based cryptosystems is resolved in our HIBE construction. Privilege of deriving private keys for an entity can be delegated to any of its ancestors through authorization by distributing specifically crafted values to the ancestor in our HIBE system, that we call Authorized Delegation.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.3923/jse.2016.279.284

2016-01-01

Journal of Software Engineering

Abstract:As of Hierarchical Identity Based Encryption (HIBE) systems, there are two important tasks should be accomplished properly, the first one is to establish logically hierarchical relationship between entities in the hierarchy tree, which is essentially accomplished through private key derivation by delegating responsibilities to lower-level PKGs and the other task is to achieve encryption privacy of ciphertext targeting an intended recipient.In this study, mechanisms of private key derivation in HIBE systems are classified, which explicitly define how and to what extent an entity in the hierarchy takes its level PKGs role of generating valid private keys for its descendants in the hierarchy.Moreover, a new delegation mechanism, authorized delegation is introduced, which can prevent any entity from deriving private keys for its descendants with use of its private key and delegate the responsibility of generating private keys for a specified entity through authorization by distributing a specific secret to an entity as an ancestor of the specified entity by the root PKG (primitive authorization) or some other authorized entities (chained authorization).As for encryption privacy of ciphertext in a HIBE system, which measures the possibility that ciphertexts targeting an entity are successfully decrypted by its ancestors or descendants, the encryption privacy is studied from two distinct perspectives, i.e., private key derivation perspective and private key legitimacy perspective.Furthermore, dominated encryption privacy and dedicated encryption privacy are defined and discussed from private key legitimacy perspective.

Song Luo,Yu Chen,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-21031-0_5

2011-01-01

Abstract:Hierarchical identity-based encryption (HIBE) is a generalization of identity-based encryption (IBE) which allows for a hierarchy of identities where any parent identities can derive secret keys for child identities. In this paper, we propose a new HIBE scheme with constant size ciphertexts and short parameters in prime order groups using symmetric pairing. We use a new technique called "hybrid identity vector" to make the key derivation feasible. Our scheme is proven fully secure under the DBDH and D-Linear assumptions by using dual system encryption. Based on our HIBE scheme, we propose a new WIBE (IBE with wildcards) scheme with constant size ciphertexts.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/ijsia.2016.10.6.21

2016-01-01

International Journal of Security and Its Applications

Abstract:In traditional hierarchical identity based cryptosystems (HIBC), non-leaf entities as level PKGs are usually capable of deriving private keys for their descendants with use of their private keys, non-leaf entities can therefore act (decrypt or sign) on the behalf of their arbitrary descendants. This is called key escrow problem of HIBC. In order to resolve key escrow problem, a new technique - Identifier Discrimination is proposed in this paper for composing private keys for entities in hierarchy. With the technique, an identity selective secure HIBE scheme is constructed under Decisional Bilinear Diffie-Helleman (DBDH) assumption in standard security model, in which any identity is incapable of deriving private keys for any of its descendants with use of its private key, and the privilege of generating private keys for each individual descendant is delegated by the root PKG through authorization, that we call Authorization Delegation. Moreover, a new hierarchical identity based signature (HIBS) scheme is constructed from our HIBE construction, by applying Naor transformation of an identity-based signature (IBS) out of an IBE. Because of the inability of deriving its descendants' private keys with use its private key, an entity therefore cannot sign messages on behalf of any of its descendants, thus guaranteeing that authenticity and non-repudiation properties are achieved in our HIBS system.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/astl.2016.123.36

2016-01-01

Abstract:A HIBE scheme with independent delegation are free from Key Escrow Problem that is inherent in HIBE, given the root PKG is unconditionally trusted. We propose a new technique - Identifier Discrimination for composing private keys for entities in hierarchy. With the technique, we construct a HIBE scheme under Decisional Bilinear Diffie-Helleman (DBDH) assumption in standard model with independent delegation, in which the privilege of generating private keys for each individual entity is delegated by the root PKG to any of its ancestors through authorization, that we call Authorization Delegation. Moreover, basing on Naor transformation of an identity-based signature (IBS) out of an IBE, we build a new hierarchical IBS (HIBS) scheme from our HIBE scheme. Being unable to generate a private key for any of its descendants, an entity cannot sign messages on behalf of any of its descendants, which guarantees that authenticity and non-repudiation properties are achieved in HIBS setting.

Qianqian Xing,Baosheng Wang,Xiaofeng Wang,Jing Tao

DOI: https://doi.org/10.1371/journal.pone.0195204

IF: 3.7

2018-04-12

PLoS ONE

Abstract:Revocation functionality and hierarchy key delegation are two necessary and crucial requirements to identity-based cryptosystems. Revocable hierarchical identity-based encryption (RHIBE) has attracted a lot of attention in recent years, many RHIBE schemes have been proposed but shown to be either insecure or bounded where they have to fix the maximum hierarchical depth of RHIBE at setup. In this paper, we propose a new unbounded RHIBE scheme with decryption key exposure resilience and with short public system parameters, and prove our RHIBE scheme to be adaptively secure. Our system model is scalable inherently to accommodate more levels of user adaptively with no adding workload or restarting the system. By carefully designing the hybrid games, we overcome the subtle obstacle in applying the dual system encryption methodology for the unbounded and revocable HIBE. To the best of our knowledge, this is the first construction of adaptively secure unbounded RHIBE scheme.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.1007/978-3-642-34679-8_21

2012-01-01

Abstract:A hierarchical identity-based encryption (HIBE) scheme is called anonymous if the ciphertext does not leak the identity of the recipient. Currently, anonymous HIBE schemes are constructed in composite order groups or achieve selective-ID security in prime order groups and the ciphertext size is linear in the maximum depth of hierarchy. We propose an anonymous HIBE scheme with constant size ciphertext, which is adaptive-ID secure without random oracles in prime order groups. Our scheme improves security and efficiency of the anonymous HIBE schemes simultaneously compare with the previous work.

Junqing Gong,Zhenfu Cao,Shaohua Tang,Jie Chen

DOI: https://doi.org/10.1007/s10623-015-0117-z

2015-01-01

Abstract:This paper continued the research line of dual system groups (DSG) opened by Chen and Wee (CRYPTO, 2013 and IACR Cryptology ePrint Archive, 2014 ). Motivated by Lewko’s unbounded hierarchical identity based encryptions (HIBE) (EUROCRYPT, 2012 ), we extended Chen and Wee’s DSG and showed how to construct an unbounded HIBE from our extended DSG. Furthermore, an instantiation of our extended DSG was given using prime-order bilinear groups under the d -Lin assumption. These two results imply an adaptively secure unbounded HIBE in the standard model with not only shorter ciphertexts and user’s secret keys but also faster algorithms than Lewko’s construction.

Yanli Ren,Dawu Gu,Shuozhong Wang,Xinpengu Zhang

DOI: https://doi.org/10.1142/s0129054110007726

2010-01-01

International Journal of Foundations of Computer Science

Abstract:In a proxy re-encryption scheme, a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. A number of solutions have been proposed in public key settings. Hierarchical identity-based cryptography is a generalization of identity-based encryption that mirrors an organizational hierarchy, which allows a root private key generator to distribute the work load by delegating private key generation and identity authentication to lower-level private key generators. In this paper, we propose a hierarchical identity-based proxy re-encryption (HIBPRE) scheme which achieves IND-PrID-CCA2 security without random oracles. This is the first HIBPRE scheme up to now, and our scheme satisfies unidirectionality, non-interactivity and permits multiple re-encryptions.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.6138/jit.2011.12.4.13

2011-01-01

Abstract:The problem of key-exposure is an important issue in modern society due to the growing use of mobile devices. Weng et al. proposed an identity-based parallel key-insulated encryption (IBPKIE) scheme to solve the key-exposure problem in an identity-based cryptosystem. The scheme has long public parameters and a loose security reduction. Ren et al. presented a new IBPKIE scheme which had constant size public parameters and a tight reduction, and then extended it to a hierarchical IBPKIE (HIBPKIE) scheme. However, Wang et al. analyzed two schemes of Ren et al. and showed that they are not secure against chosen-plaintext attack. In this paper, we propose an improved IBPKIE scheme which achieves IND-ID-KI-CPA security without random oracles. Moreover, our scheme has short public parameters and a tight reduction. We then present an HIBPKIE scheme which achieves IND-sID-KI-CPA security without random oracles. In this scheme, the ciphertext size is independent of the level of the hierarchy in the HIBPKIE scheme.

Yu Chen,Manuel Charlemagne,Zhi Guan,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1755688.1755699

2010-01-01

Abstract:ABSTRACTMost traditional public key cryptosystems are constructed upon algebraically rich structures, which makes their key pairs combinable, i.e., the combination of some private keys and their corresponding public keys could form a new key pair. Exploring such combinable property, this paper proposes a novel Identity-Based Encryption (IBE) scheme based on the Diffie-Hellman Integrated Encryption Scheme (DHIES) with quadratic key combination structure from bilinear maps. The new scheme has a number of advantages over other IBE schemes. First, it uses DHIES to fulfill encryption, thus naturally obtains the security against adaptive chosen ciphertext attack from DHIES. Second, it is interoperable with existing security systems based on DHIES. Third, compared to many pairing-based IBE schemes, it only requires pairing computation during public key generation and there is no need for special hash function. We prove that our scheme is selective identity chosen ciphertext secure in the random oracle model assuming DHIES is chosen ciphertext secure. Additionally, the extract algorithm of our scheme also implies an identity-based short signature scheme.

Yanli Ren,Dawu Gu

DOI: https://doi.org/10.1016/j.jss.2009.07.046

IF: 3.5

2009-01-01

Journal of Systems and Software

Abstract:In order to mitigate the damages of key-exposure, key-insulated encryption introduces a helper key used to periodically update the decryption key. Under the usual circumstances, frequent updating increases the risk of helper key-exposure. Parallel key-insulated encryption (PKIE) supports frequent key updates without increasing the risk of helper key-exposure. In an identity-based cryptosystem, a private key generator (PKG) uses a master secret key to issue private keys to users based on their identities. In this paper, we propose a new identity-based parallel key-insulated encryption (IBPKIE) scheme which achieves IND-ID-KI-CCA2 security without random oracles. Our IBPKIE scheme has short public parameters and a tight reduction with an additive factor. Hierarchical identity-based cryptography was first proposed in 2002. It allows a root PKG to distribute workload by delegating private key generation and entity authentication tasks to lower-level PKGs. In this paper, we formalize the syntax and security model for a hierarchical identity-based parallel key-insulated encryption (HIBPKIE) scheme. We then propose an HIBPKIE scheme with constant size ciphertext, and prove that it achieves IND-ID-KI-CCA2 security without random oracles. To the best of our knowledge, this is the first HIBPKIE scheme up to now.

Seunghwan Park,Dong Hoon Lee,Kwangsu Lee

DOI: https://doi.org/10.48550/arXiv.1610.07948

2016-10-26

Abstract:In identity-based encryption (IBE) systems, an efficient key delegation method to manage a large number of users and an efficient key revocation method to handle the dynamic credentials of users are needed. Revocable hierarchical IBE (RHIBE) can provide these two methods by organizing the identities of users as a hierarchy and broadcasting an update key for non-revoked users per each time period. To provide the key revocation functionality, previous RHIBE schemes use a tree-based revocation scheme. However, this approach has an inherent limitation such that the number of update key elements depends on the number of revoked users. In this paper, we propose two new RHIBE schemes in multilinear maps that use the public-key broadcast encryption scheme instead of using the tree-based revocation scheme to overcome the mentioned limitation. In our first RHIBE scheme, the number of private key elements and update key elements is reduced to $O(\ell)$ and $O(\ell)$ respectively where $\ell$ is the depth of a hierarchical identity. In our second RHIBE scheme, we can further reduce the number of private key elements from $O(\ell)$ to $O(1)$.

Cryptography and Security

Yuan Zhang,Yuan Liu,Yurong Guo,Shihui Zheng,Licheng Wang

DOI: https://doi.org/10.3390/e22111247

IF: 2.738

2020-01-01

Entropy

Abstract:Identity-based encryption (IBE), and its hierarchical extension (HIBE), are interesting cryptographic primitives that aim at the implicit authentication on the users’ public keys by using users’ identities directly. During the past several decades, numerous elegant pairing-based (H)IBE schemes were proposed. However, most pairing-related security assumptions suffer from known quantum algorithmic attacks. Therefore, the construction of lattice-based (H)IBE became one of the hot directions in recent years. In the setting of most existing lattice-based (H)IBE schemes, each bit of a user’s identity is always associated with a parameter matrix. This always leads to drastic but unfavorable increases in the sizes of the system public parameters. To overcome this issue, we propose a flexible trade-off mechanism between the size of the public parameters and the involved computational cost using the blocking technique. More specifically, we divide an identity into l′ segments and associate each segment with a matrix, while increasing the lattice modulo slightly for maintaining the same security level. As a result, for the setting of 160-bit identities, we show that the size of the public parameters can be reduced by almost 89.7% (resp. 93.8%) while increasing the computational cost by merely 5.2% (resp. 12.25%) when l′ is a set of 16 (resp. 8). Finally, our IBE scheme is extended to an HIBE scheme, and both of them are proved to achieve the indistinguishability of ciphertexts against adaptively chosen identity and chosen plaintext attack (IND-ID-CPA) in the standard model, assuming that the well-known ring learning with error (RLWE) problem over the involved ideal lattices is intractable, even in the post-quantum era.

Xiaofen Wang,Xiaosong Zhang,Yi Mu

DOI: https://doi.org/10.1109/smartcity.2015.204

2015-01-01

Abstract:In a hierarchical system, a set of users with ranked rights are organized in a tree-architecture, and the user with higher grade can search and access data of users with lower grade in its branch. Nowadays hierarchical systems are constructed by utilizing the cloud to improve their performance due to the cloud server's powerful computation and storage capabilities. However, the untrusted cloud server may give rise to the risk of private information exposure. To enable ranked and controllable data search in cloud without revealing users' privacy in a hierarchical system is a challenging open problem. In this paper, we formally define the hierarchical searchable encryption, where the user in the hierarchical system can search the data of its descendants. A basic hierarchical ID-based searchable encryption (HIBSE) scheme with constant size ciphertext and probe (i.e. trapdoor) is proposed, which satisfies IND-sID-CKA security. An extended secure channel free HIBSE scheme is also given, where the user can search the data of all his descendants at one time, and it achieves IND-sID-OKGA. The performance evaluation demonstrates that the extended scheme greatly reduces the computation cost when the user searches the data of all his descendants in the branch. Therefore, the extended scheme is efficient and practical in various applications.

Cheng-Yi Lee,Zi-Yuan Liu,Masahiro Mambo,Raylin Tso

DOI: https://doi.org/10.1049/2024/5535196

2024-09-30

IET Information Security

Abstract:The emergence of cloud computing enables users to upload data to remote clouds and compute them. This drastically reduces computing and storage costs for users. Considering secure computing for multilevel users in enterprises, the notion of hierarchical identity‐based inner product functional encryption (HIB‐IPFE) is proposed. In this cryptosystem, a sender can encrypt a vector x→ into a ciphertext with a hierarchical identity, while a receiver who possesses a secret key corresponding to the same hierarchical identity and a vector y→ can decrypt the ciphertext and obtain the inner product x→,y→. However, HIB‐IPFE is not sufficient to capture flexible data sharing and forward security. In this study, we present a notion of hierarchical identity‐based puncturable HIBP‐IPFE. Furthermore, we present a formal definition and security model of HIBP‐IPFE to guarantee data confidentiality and receiver anonymity. Compared with HIB‐IPFE, our proposed scheme enables users to puncture keys on specific tags ensuring that the punctured keys cannot be used to decrypt the ciphertexts associated with those tags. The proposed scheme is provably secure under d‐DBDHE assumption in the standard model. The experimental results indicate that our scheme is more practical in cloud computing, with superior functionality.

computer science, information systems, theory & methods

Feng Bao,Robert H. Deng,Xuhua Ding,Junzuo Lai,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-21554-4_12

2011-01-01

Abstract:At ACNS 2008, Canard et al. introduced the notion of trapdoor sanitizable signature (TSS) based on identity-based chameleon hash (IBCH). Trapdoor sanitizable signatures allow the signer of a message to delegate, at any time, the power of sanitization to possibly several entities who can modify predetermined parts of the message and generate a new signature on the sanitized message without interacting with the original signer. In this paper, we introduce the notion of hierarchical identity-based chameleon hash (HIBCH), which is a hierarchical extension of IBCH. We show that HIBCH can be used to construct other cryptographic primitives, including hierarchical trapdoor sanitizable signature (HTSS) and key-exposure free IBCH. HTSS allows an entity who has the sanitization power for a given signed message, to further delegate its power to its descendants in a controlled manner. Finally, we propose a concrete construction of HIBCH and show that it is t-threshold collusion-resistant.

Guojun Wang,Qin Liu,Jie Wu,Minyi Guo

DOI: https://doi.org/10.1016/j.cose.2011.05.006

IF: 5.105

2011-01-01

Computers & Security

Abstract:With rapid development of cloud computing, more and more enterprises will outsource their sensitive data for sharing in a cloud. To keep the shared data confidential against untrusted cloud service providers (CSPs), a natural way is to store only the encrypted data in a cloud. The key problems of this approach include establishing access control for the encrypted data, and revoking the access rights from users when they are no longer authorized to access the encrypted data. This paper aims to solve both problems. First, we propose a hierarchical attribute-based encryption scheme (HABE) by combining a hierarchical identity-based encryption (HIBE) system and a ciphertext-policy attribute-based encryption (CP-ABE) system, so as to provide not only fine-grained access control, but also full delegation and high performance. Then, we propose a scalable revocation scheme by applying proxy re-encryption (PRE) and lazy re-encryption (LRE) to the HABE scheme, so as to efficiently revoke access rights from users.