| Identity-based cryptography(IBC)eliminates the necessity of certificates in public-key infrastructure and therefore turns into a significant part of public-key cryptography.However,the inherent key-escrow problem in IBC greatly hinders its practical applications,where the private key generator(PKG)fully controls the private keys of all of the users,and then it can eavesdrop users' messages or even regenerate and sell users' private keys.As a method that relieves the key-escrow problem in IBC and does not change its identity-based mechanism,accountable cryptography has been widely researched since the presentation.This paper mainly researches on the accountable authority identity-based encryption(A-IBE).If the malicious PKG impersonates a user and generates a corresponding pirate private key or decoder box,the additional tracing algorithm in A-IBE can provide enough cryptographic evidence to enable the PKG to be held accountable.However,up to date,there still exist some unsolved and not-researched problems in the accountable cryptography,such as the construction of full black-box A-IBE with constant-size parameters,accountable authority identity-based broadcast encryption(A-IBBE)with constant-size private keys and ciphertexts,accountable authority IBE with distributed PKGs(A-d IBE),and accountable authority identity-based broadcast revocation encryption(IBRS).For some of these problems,this paper provides a preliminary solution and study.The main contributions are listed as follows.1.For the public problem left in A-IBE that constructing a full black-box A-IBE scheme with constant-size parameters,a generic construction of the full black-box A-IBE scheme with constant-size parameters is proposed.A new primitive that is defined as token-based IBE(TB-IBE)is firstly provided.Next,it is proven that as long as a TB-IBE scheme satisfies three required properties,namely Well-Formed-Key,WellFormed-Ciphertext,and Convertible-Key,it can be converted to a full black-box AIBE scheme which is comparable with the underlying TB-IBE scheme in the terms of parameters size and computation complexity.Finally,a concrete instantiation is presented by converting the Park-Lee IBE scheme into a full black-box A-IBE scheme with parameters consisting of constant group elements.2.For the unsolved problem that constructing the A-IBBE scheme with constant-size private keys and ciphertexts,a concrete A-IBBE scheme is presented,where the private keys and ciphertexts consist of constant group elements.Moreover,the scheme presented captures the public accountability such that the tracing can be realized with users' public tracing key instead of their private keys.Specifically,the message confidentiality and dishonest user security of the A-IBBE scheme presented are based on two general decisional Diffie-Hellman exponent(GDDHE)assumptions,namely(f,g)-GDDHE assumption and(q,n)-GDDHE assumption.The detailed definition and corresponding security proofs for these two assumptions are also given in the paper.3.For the key-escrow problem in IBE with distributed PKGs,accountability is introduced into d IBE and a new concept is presented,namely A-d IBE.First,the formalization of definition and security models of A-d IBE are shown.Next,a concrete whitebox A-d IBE scheme is given and it is proven to be secure on the random oracle model.For simplicity,the scheme presented only achieves IND-ID-CPA security.Finally,how to extend to IND-ID-CCA security and efficiently revoke PKGs are also shown.4.For the key-escrow problem in IBRS,accountability is introduced into IBRS and a new concept is proposed,namely accountable authority identity-based broadcast revocation encryption(A-IBRS).The definition and security models of full black-box A-IBRS are formalized firstly.Next,a full black-box A-IBRS scheme is constructed,where the master public key and private keys consist of constant group elements.Finally,the scheme proposed is proven to be secure on the standard model. |
PDF Full Text Request