Research On Dual System Methodology And Functional Encryptions

Functional encryptions extend the notions of classical identity based encryptions(IBE)and attribute based encryptions(ABE),which can be used to achieve fine-grained access control and verifiable computation in the emerging framework of cloud computing.Therefore,it’s one of recent hot topics to pursue functional encryptions with higher performance and security level.However,to reach adaptively secure functional encryption without sacrificing performances in other aspects is a long-standing open problem.In 2009,Brent Waters proposed the dual system methodology,and made a breakthrough on adaptive security of IBE [CRYPTO,2009].After several-year development,dual system methodology has become the most useful tool to construct and analyze various functional encryptions.However in order to deal with functional encryptions with special(security and performance)requirements,one must extend the basic dual system methodology.Currently,there have been several important extensions including nested dual system methodology and dual system methodology with tight reduction.The former one was introduced by Lewko and Waters and used to investigate unbounded hierarchical identity based encryption(UHIBE)[Euro Crypt,2011];the latter one was extended from Chen and Wee’s dual system methodology [CRYPTO,2013] by Hofheinz et al.[PKC,2015],and was used to construct tightly secure IBE in the multi-instance,multi-ciphertext(MIMC)model.Nowadays,the bilinear group is the unique algebraic structure supporting dual system methodology and its extensions.A realization in the prime-order bilinear group always leads to a functional encryption with better performance.However existing prime-order realizations for the nested dual system methodology are not efficient enough while there is no prime-order realization for the dual system methodology with tight reduction.Therefore existing UHIBE and almost-tightly secure IBE in the MIMC model are still not practical enough.In this thesis,we focus on realizing the above two extensions of dual system methodology in a more efficient way,and obtaining functional encryption with better performance.In particular,we must fill the blank and improve current results.Apart from that,we also want to develop current dual system methodology and make it more useful in the field of functional encryptions.In detail,we include the following four results in this thesis:1.Efficient unbounded hierarchical identity based encryption.We start from Lewko’s pairingbased UHIBE [TCC,2012],extend Chen and Wee’s dual system group and its prime-order instantiation [Eprint,2014] to support nested dual system methodology.Now we obtain a new realization for the nested dual system methodology,and reach a new UHIBE scheme from prime-order bilinear groups.Compared with Lewko’s prime-order construction,our result has shorter ciphertexts,shorter keys and faster encryption/decryption algorithm under master public key of the same size.2.Prime-order identity based encryption with tight security in the multi-instance,multiciphertext model.We revise Hofheinz et al.’s extended nested dual system groups,and give its first prime-order instantiation based on Chen and Wee’s prime-order instantiation for nested dual system group [CRYPTO,2013].This means we have the first prime-order realization for the dual system methodology with tight reduction,and derive the first almosttightly secure IBE in the MIMC model from prime-order bilinear groups.Furthermore,we also propose technique of compressing semi-functional spaces,which allows us to reach better performance(including shorter ciphertexts and faster encryption/decryption algorithm)at the cost of basing the security on stronger assumption.3.Improvement on tightly secure identity based encryption in the multi-instance,multiciphertext model.Although compressing technique we have proposed can improve the performance,a stronger computational assumption is required,so we don’t consider it as a real improvement.In this work,we try to extend Blazy et al’s almost-tightly secure IBE [CRYPTO,2014] to the MIMC model.However,this scheme is not quite compatible with our previous extension technique.To solve the problem,we first revisit Blazy et al.’s IBE scheme and explain it in the framework of nested dual system group.Now we can extend Blazy et al.’s IBE scheme using our previous technique and finally reach an efficient almost-tightly secure IBE scheme based on a standard assumption.In other words,our work provides a better realization for the dual system methodology with tight reduction.4.Tightly secure identity based encryption against selective opening attack.Selective opening security is more stronger than ciphertext indistinguishability and harder to achieve.Bellare et al.proved that,given a one-bit IBE with ciphertext indistinguishability and an additional feature,one can build a multi-bit IBE against selective opening attack.They also gave concrete instantiations for such a one-bit IBE scheme [TCC,2011].We study tight reduction based on their work.We first update their generic transformation which allows us to start from a one-bit IBE scheme in the multi-ciphertext model and only arises constant security loss.Then we construct such a one-bit IBE scheme with tight reduction form Hofheinz et al.’s IBE scheme [PKC,2015].Our final result is an IBE scheme from composite-order bilinear groups against selective opening attack.The security loss is unrelated to the amount of users,the length of messages and secret keys revealed to the adversary.This work is the first attempt to employ dual system methodology with tight reduction in the area of selective opening security of IBE.All these work focus on the most fundamental and core primitive in the area of functional encryptions,i.e.,identity based encryption and its hierarchical variant.We believe they can be the theoretical foundation for studying more complex functional encryptions and developing dual system methodology in the future.