TY - GEN
T1 - Registration-based encryption
T2 - 16th Theory of Cryptography Conference, TCC 2018
AU - Garg, Sanjam
AU - Hajiabadi, Mohammad
AU - Mahmoody, Mohammad
AU - Rahimi, Ahmadreza
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2018.
PY - 2018
Y1 - 2018
N2 - In this work, we introduce the notion of registration-based encryption (RBE for short) with the goal of removing the trust parties need to place in the private-key generator in an IBE scheme. In an RBE scheme, users sample their own public and secret keys. There will also be a “key curator” whose job is only to aggregate the public keys of all the registered users and update the “short” public parameter whenever a new user joins the system. Encryption can still be performed to a particular recipient using the recipient’s identity and any public parameters released subsequent to the recipient’s registration. Decryption requires some auxiliary information connecting users’ public (and secret) keys to the public parameters. Because of this, as the public parameters get updated, a decryptor may need to obtain “a few” additional auxiliary information for decryption. More formally, if n is the total number of identities and κ is the security parameter, we require the following. Efficiency requirements: (1) A decryptor only needs to obtain updated auxiliary information for decryption at most O(log n) times in its lifetime, (2) each of these updates are computed by the key curator in time poly (κ, log n), and (3) the key curator updates the public parameter upon the registration of a new party in time poly (κ, log n). Properties (2) and (3) require the key curator to have random access to its data. Compactness requirements: (1) Public parameters are always at most poly (κ, log n) bit, and (2) the total size of updates a user ever needs for decryption is also at most poly (κ, log n) bits. We present feasibility results for constructions of RBE based on indistinguishably obfuscation. We further provide constructions of weakly efficient RBE, in which the registration step is done in poly (κ, n), based on CDH, Factoring or LWE assumptions. Note that registration is done only once per identity, and the more frequent operation of generating updates for a user, which can happen more times, still runs in time poly (κ, log n). We leave open the problem of obtaining standard RBE (with poly (κ, log n) registration time) from standard assumptions.
AB - In this work, we introduce the notion of registration-based encryption (RBE for short) with the goal of removing the trust parties need to place in the private-key generator in an IBE scheme. In an RBE scheme, users sample their own public and secret keys. There will also be a “key curator” whose job is only to aggregate the public keys of all the registered users and update the “short” public parameter whenever a new user joins the system. Encryption can still be performed to a particular recipient using the recipient’s identity and any public parameters released subsequent to the recipient’s registration. Decryption requires some auxiliary information connecting users’ public (and secret) keys to the public parameters. Because of this, as the public parameters get updated, a decryptor may need to obtain “a few” additional auxiliary information for decryption. More formally, if n is the total number of identities and κ is the security parameter, we require the following. Efficiency requirements: (1) A decryptor only needs to obtain updated auxiliary information for decryption at most O(log n) times in its lifetime, (2) each of these updates are computed by the key curator in time poly (κ, log n), and (3) the key curator updates the public parameter upon the registration of a new party in time poly (κ, log n). Properties (2) and (3) require the key curator to have random access to its data. Compactness requirements: (1) Public parameters are always at most poly (κ, log n) bit, and (2) the total size of updates a user ever needs for decryption is also at most poly (κ, log n) bits. We present feasibility results for constructions of RBE based on indistinguishably obfuscation. We further provide constructions of weakly efficient RBE, in which the registration step is done in poly (κ, n), based on CDH, Factoring or LWE assumptions. Note that registration is done only once per identity, and the more frequent operation of generating updates for a user, which can happen more times, still runs in time poly (κ, log n). We leave open the problem of obtaining standard RBE (with poly (κ, log n) registration time) from standard assumptions.
UR - http://www.scopus.com/inward/record.url?scp=85057105762&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85057105762&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-03807-6_25
DO - 10.1007/978-3-030-03807-6_25
M3 - Conference contribution
AN - SCOPUS:85057105762
SN - 9783030038069
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 689
EP - 718
BT - Theory of Cryptography - 16th International Conference, TCC 2018, Proceedings
A2 - Beimel, Amos
A2 - Dziembowski, Stefan
PB - Springer Verlag
Y2 - 11 November 2018 through 14 November 2018
ER -