Déjà Q All Over Again: Tighter and Broader Reductions of q-Type Assumptions

Chase, Melissa; Maller, Mary; Meiklejohn, Sarah

doi:10.1007/978-3-662-53890-6_22

Cited by 16 publications

(14 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In prime order groups, Delerablée's construction [27] is proved selectively secure in the random oracle model under a highly non-standard q-type assumption, where q simultaneously depends on the number of private key queries and the maximal number of receivers per ciphertext. While this assumption is a special case of the Uber assumption of Boneh, Boyen and Goh [10], it seems to escape the family of assumptions that reduce the constant-size subgroup assumptions via the framework of Chase, Maller and Meiklejohn [24]: in Section 3.1, we indeed explain why the results of [24] alone do not immediately guarantee the security of Delerablée's IBBE in composite order groups. 4 Moreover, even if they did, a direct instantiation of [27] in composite order groups would only be guaranteed to be secure in the random oracle model.…”

Section: Overview Of Our Techniquesmentioning

confidence: 95%

“…Our schemes are proved selectively secure using the Déjà Q technique of Chase and Meiklejohn [23], which was re-used by Wee [63] and refined by Chase et al [24]. In Appendix A, we provide detailed comparisons of our schemes with previously known realizations.…”

Section: Our Contributionmentioning

confidence: 98%

“…It is natural to ask whether the scheme can be lifted to the composite-order setting and proved secure based on subgroup decision assumptions via the Déjà Q framework [23,24]. That is, we ask whether the Uber assumption in asymmetric composite-order bilinear groups defined in [24] covers the GDDHE assumption or not?…”

Section: Déjà Q Framework and Its Implications On Delerablée's Ibbementioning

confidence: 99%

“…One of the most appealing tradeoffs was given in the scheme of Boneh, Gentry and Waters [14], which features short ciphertexts and private keys but linear-size private keys in the total number of users. While its security was initially proved under a parameterised assumption, recent extensions [63,24] of the Déjà Q framework [23] showed how to prove the security (against static adversaries) of its composite-order-group instantiations under constant-size subgroup assumptions. Boneh et al suggested a variant [17] of the BGW scheme [14] with polylogarithmic complexity in all metrics using multi-linear maps.…”

Section: Related Workmentioning

confidence: 99%

“…That is, we ask whether the Uber assumption in asymmetric composite-order bilinear groups defined in [24] covers the GDDHE assumption or not? The answer is negative.…”

Section: Déjà Q Framework and Its Implications On Delerablée's Ibbementioning

confidence: 99%

See 4 more Smart Citations

Compact IBBE and Fuzzy IBE from Simple Assumptions

Gong

Libert

Ramanna

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose new constructions for identity-based broadcast encryption (IBBE) and fuzzy identity-based encryption (FIBE) in bilinear groups of composite order. Our starting point is the IBBE scheme of Delerablée (Asiacrypt 2007) and the FIBE scheme of Herranz et al. (PKC 2010) proven secure under parameterised assumptions called generalised decisional bilinear Diffie-Hellman (GDDHE) and augmented multi-sequence of exponents Diffie-Hellman (aMSE-DDH) respectively. The two schemes are described in the prime-order pairing group. We transform the schemes into the setting of (symmetric) composite-order groups and prove security from two static assumptions (subgroup decision). The Déjà Q framework of Chase et al. (Asiacrypt 2016) is known to cover a large class of parameterised assumptions (dubbedüber assumption), that is, these assumptions, when defined in asymmetric composite-order groups, are implied by subgroup decision assumptions in the underlying compositeorder groups. We argue that the GDDHE and aMSE-DDH assumptions are not covered by the Déjà Qüber assumption framework. We therefore work out direct security reductions for the two schemes based on subgroup decision assumptions. Furthermore, our proofs involve novel extensions of Déjà Q techniques of Wee (TCC 2016-A) and Chase et al. Our constructions have constant-size ciphertexts. The IBBE has constant-size keys as well and guarantees stronger security as compared to Delerablée's IBBE, thus making it the first compact IBBE known to be selectively secure without random oracles under simple assumptions. The fuzzy IBE scheme is the first to simultaneously feature constant-size ciphertexts and security under standard assumptions.

show abstract

Section: Overview Of Our Techniquesmentioning

confidence: 95%

Section: Our Contributionmentioning

confidence: 98%

Section: Déjà Q Framework and Its Implications On Delerablée's Ibbementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

“…That is, we ask whether the Uber assumption in asymmetric composite-order bilinear groups defined in [24] covers the GDDHE assumption or not? The answer is negative.…”

Section: Déjà Q Framework and Its Implications On Delerablée's Ibbementioning

confidence: 99%

See 3 more Smart Citations