<p>Receiver selective opening (RSO) security considers the security of encryption schemes under the scenario of a single sender and multiple receivers, where an adversary is allowed to adaptively corrupt some receivers’ secret keys. RSO security has been proven to be more secure than indistinguishability-based security notions. A lot of research has focused on RSO security in terms of public-key encryption and identity-based encryption (IBE); however, hierarchical IBE (HIBE), which is a generalization of IBE, is still lacking in the study, and how to obtain such a construction remains an open problem. To address this gap, we initiate a study of RSO security on HIBE in this work. Precisely, we first formalize the definition of simulation-based RSO against identity-chosen-plaintext/ciphertext attacks in the <i>k</i>-challenge setting (SIM-ID-RSO<InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(_k\)</EquationSource> <EquationSource Format="MATHML"><math> <mmultiscripts> <mrow /> <mi>k</mi> <mrow /> </mmultiscripts> </math></EquationSource> </InlineEquation>-CPA/CCA) for HIBE. We then present generic SIM-ID-RSO<InlineEquation ID="IEq2"> <EquationSource Format="TEX">\(_k\)</EquationSource> <EquationSource Format="MATHML"><math> <mmultiscripts> <mrow /> <mi>k</mi> <mrow /> </mmultiscripts> </math></EquationSource> </InlineEquation>-CCA secure HIBE constructions by introducing the <i>double secret key</i> paradigm. Specifically, we show that a SIM-ID-RSO<InlineEquation ID="IEq3"> <EquationSource Format="TEX">\(_k\)</EquationSource> <EquationSource Format="MATHML"><math> <mmultiscripts> <mrow /> <mi>k</mi> <mrow /> </mmultiscripts> </math></EquationSource> </InlineEquation>-CCA secure HIBE scheme can be obtained from an IND-ID-CPA secure HIBE scheme as well as a one-time signature scheme that satisfies strong unforgeability. Through our general construction, we can derive various concrete schemes based on different hard assumptions (e.g., lattice-based and pairing-based SIM-ID-RSO<InlineEquation ID="IEq4"> <EquationSource Format="TEX">\(_k\)</EquationSource> <EquationSource Format="MATHML"><math> <mmultiscripts> <mrow /> <mi>k</mi> <mrow /> </mmultiscripts> </math></EquationSource> </InlineEquation>-CCA secure HIBE schemes) according to usage requirements.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hierarchical identity-based encryption with receiver selective opening security in the multi-challenge setting

  • Zi-Yuan Liu,
  • Masahiro Mambo,
  • Raylin Tso,
  • Yi-Fan Tseng

摘要

Receiver selective opening (RSO) security considers the security of encryption schemes under the scenario of a single sender and multiple receivers, where an adversary is allowed to adaptively corrupt some receivers’ secret keys. RSO security has been proven to be more secure than indistinguishability-based security notions. A lot of research has focused on RSO security in terms of public-key encryption and identity-based encryption (IBE); however, hierarchical IBE (HIBE), which is a generalization of IBE, is still lacking in the study, and how to obtain such a construction remains an open problem. To address this gap, we initiate a study of RSO security on HIBE in this work. Precisely, we first formalize the definition of simulation-based RSO against identity-chosen-plaintext/ciphertext attacks in the k-challenge setting (SIM-ID-RSO \(_k\) k -CPA/CCA) for HIBE. We then present generic SIM-ID-RSO \(_k\) k -CCA secure HIBE constructions by introducing the double secret key paradigm. Specifically, we show that a SIM-ID-RSO \(_k\) k -CCA secure HIBE scheme can be obtained from an IND-ID-CPA secure HIBE scheme as well as a one-time signature scheme that satisfies strong unforgeability. Through our general construction, we can derive various concrete schemes based on different hard assumptions (e.g., lattice-based and pairing-based SIM-ID-RSO \(_k\) k -CCA secure HIBE schemes) according to usage requirements.