International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Identity-Based Encryption for Fair Anonymity Applications: Defining, Implementing, and Applying Rerandomizable RCCA-secure IBE

Authors:
Yi Wang , National University of Defense Technology
Rongmao Chen , National University of Defense Technology
Xinyi Huang , Fujian Normal University
Jianting Ning , Fujian Normal University
Baosheng Wang , National University of Defense Technology
Moti Yung , Columbia University
Download:
DOI: 10.1007/978-3-030-92075-3_15
Search ePrint
Search Google
Conference: ASIACRYPT 2021
Abstract: Our context is anonymous encryption schemes hiding their receiver, but in a setting which allows authorities to reveal the receiver when needed. While anonymous Identity-Based Encryption (IBE) is a natural candidate for such fair anonymity (it gives trusted authority access by design), the {\it de facto} security standard (a.k.a. IND-ID-CCA) is incompatible with the ciphertext rerandomizability which is crucial to anonymous communication. Thus, we seek to extend IND-ID-CCA security for IBE to a notion that can be meaningfully relaxed for rerandomizability while it still protects against active adversaries. To the end, inspired by the notion of replayable adaptive chosen-ciphertext attack (RCCA) security (Canetti {\it et al.}, Crypto'03), we formalize a new security notion called Anonymous Identity-Based RCCA (ANON-ID-RCCA) security for rerandomizable IBE and propose the first construction with rigorous security analysis. The core of our scheme is a novel extension of the double-strand paradigm, which was originally proposed by Golle {\it et al.} (CT-RSA'04) and later extended by Prabhakaran and Rosulek (Crypto'07), to the well-known Gentry-IBE (Eurocrypt'06). Notably, our scheme is the first IBE that simultaneously satisfies adaptive security, rerandomizability, and recipient-anonymity to date. As the application of our new notion, we design a new universal mixnet in the identity-based setting that does not require public key distribution (with fair anonymity). More generally, our new notion is also applicable to most existing rerandomizable RCCA-secure applications to eliminate the need for public key distribution infrastructure while allowing fairness.
Video from ASIACRYPT 2021
BibTeX
@inproceedings{asiacrypt-2021-31434,
  title={Identity-Based Encryption for Fair Anonymity Applications: Defining, Implementing, and Applying Rerandomizable RCCA-secure IBE},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-030-92075-3_15},
  author={Yi Wang and Rongmao Chen and Xinyi Huang and Jianting Ning and Baosheng Wang and Moti Yung},
  year=2021
}