The Fujisaki-Okamoto (FO) transformation is a method of practically realizing CCA-secure public-key encryption (PKE) scheme. Recently, the FO transformation for PKE in PQC has also been widely studied. In this work, we focus on how to practically realize CCA security in identity-based encryption (IBE) in PQC. Our contributions are as follows: (i) We show that a slightly modified post-quantum FO transformation can be effectively used to transform from CPA-secure IBE scheme to CCA-secure IBE scheme in the quantum random oracle model (QROM). (ii) Our main contribution is to show that the FO transformation realizes anonymity of IBE scheme in addition to CCA-security if the underlying CPA-secure IBE scheme meets the additional property called strong disjoint-simulatable (SDS) property. (iii) To demonstrate that the above result (ii) is not mere theory, we also show that a CPA-secure IBE scheme with the SDS property can indeed be constructed based on the Gentry-Peikert-Vaikuntanathan (GPV) IBE scheme. Consequently, combining (ii) and (iii) yields a post-quantum anonymous IBE scheme with CCA security in the QROM.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Post-quantum Fujisaki-Okamoto Transformation for Anonymous Identity-Based Encryption

  • Tsuchiya Yui,
  • Toi Tomita,
  • Junji Shikata

摘要

The Fujisaki-Okamoto (FO) transformation is a method of practically realizing CCA-secure public-key encryption (PKE) scheme. Recently, the FO transformation for PKE in PQC has also been widely studied. In this work, we focus on how to practically realize CCA security in identity-based encryption (IBE) in PQC. Our contributions are as follows: (i) We show that a slightly modified post-quantum FO transformation can be effectively used to transform from CPA-secure IBE scheme to CCA-secure IBE scheme in the quantum random oracle model (QROM). (ii) Our main contribution is to show that the FO transformation realizes anonymity of IBE scheme in addition to CCA-security if the underlying CPA-secure IBE scheme meets the additional property called strong disjoint-simulatable (SDS) property. (iii) To demonstrate that the above result (ii) is not mere theory, we also show that a CPA-secure IBE scheme with the SDS property can indeed be constructed based on the Gentry-Peikert-Vaikuntanathan (GPV) IBE scheme. Consequently, combining (ii) and (iii) yields a post-quantum anonymous IBE scheme with CCA security in the QROM.