Server-aided Revocable Identity-based Encryption

Author

Baodong QIN, Singapore Management UniversityFollow
DENG, Robert H., Singapore Management UniversityFollow
Yingjiu LI, Singapore Management UniversityFollow
Shengli LIU, Shanghai Jiaotong University

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

9-2015

Abstract

Efficient user revocation in Identity-Based Encryption (IBE) has been a challenging problem and has been the subject of several research efforts in the literature. Among them, the tree-based revocation approach, due to Boldyreva, Goyal and Kumar, is probably the most efficient one. In this approach, a trusted Key Generation Center (KGC) periodically broadcasts a set of key updates to all (non-revoked) users through public channels, where the size of key updates is only O(r log N/r), with N being the number of users and r the number of revoked users, respectively; however, every user needs to keep at least O(logN) longterm secret keys and all non-revoked users are required to communicate with the KGC regularly. These two drawbacks pose challenges to users who have limited resources to store their secret keys or cannot receive key updates in real-time.
To alleviate the above problems, we propose a novel system model called server-aided revocable IBE. In our model, almost all of the workloads on users are delegated to an untrusted server which manages users’ public keys and key updates sent by a KGC periodically. The server is untrusted in the sense that it does not possess any secret information. Our system model requires each user to keep just one short secret key and does not require users to communicate with either the KGC or the server during key updating. In addition, the system supports delegation of users’ decryption keys, namely it is secure against decryption key exposure attacks. We present a concrete construction of the system that is provably secure against adaptive-ID chosen plaintext attacks under the DBDH assumption in the standard model. One application of our server-aided revocable IBE is encrypted email supporting lightweight devices (e.g., mobile phones) in which an email server plays the role of the untrusted server so that only non-revoked users can read their email messages.

Keywords

IBE, Revocation, Decryption key exposure

Discipline

Computer Sciences | Information Security

Research Areas

Cybersecurity

Publication

Computer Security – ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I

Volume

9326

First Page

286

Last Page

304

ISBN

9783319241739

Identifier

10.1007/978-3-319-24174-6_15

Publisher

Springer

City or Country

Cham

Citation

QIN, Baodong; DENG, Robert H.; Yingjiu LI; and LIU, Shengli. Server-aided Revocable Identity-based Encryption. (2015). Computer Security – ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I. 9326, 286-304.
Available at: https://ink.library.smu.edu.sg/sis_research/2883

Copyright Owner and License

Publisher

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/978-3-319-24174-6_15