Skip to main content
SpringerLink
Log in

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model

  • Published:
Journal of Cryptology Aims and scope Submit manuscript

Abstract

In (STOC, 2008), Gentry, Peikert, and Vaikuntanathan proposed the first identity-based encryption (GPV-IBE) scheme based on a post-quantum assumption, namely the learning with errors assumption. Since their proof was only made in the random oracle model (ROM) instead of the quantum random oracle model (QROM), it remained unclear whether the scheme was truly post-quantum or not. In (CRYPTO, 2012), Zhandry developed new techniques to be used in the QROM and proved security of GPV-IBE in the QROM, hence answering in the affirmative that GPV-IBE is indeed post-quantum. However, since the general technique developed by Zhandry incurred a large reduction loss, there was a wide gap between the concrete efficiency and security level provided by GPV-IBE in the ROM and QROM. Furthermore, regardless of being in the ROM or QROM, GPV-IBE is not known to have a tight reduction in the multi-challenge setting. Considering that in the real-world an adversary can obtain many ciphertexts, it is desirable to have a security proof that does not degrade with the number of challenge ciphertext. In this paper, we provide a much tighter proof for the GPV-IBE in the QROM in the single-challenge setting. In addition, we show that a slight variant of the GPV-IBE has an almost tight reduction in the multi-challenge setting both in the ROM and QROM, where the reduction loss is independent of the number of challenge ciphertext. Our proof departs from the traditional partitioning technique and resembles the approach used in the public key encryption scheme of Cramer and Shoup (CRYPTO, 1998). Our proof strategy allows the reduction algorithm to program the random oracle the same way for all identities and naturally fits the QROM setting where an adversary may query a superposition of all identities in one random oracle query. Notably, our proofs are much simpler than the one by Zhandry and conceptually much easier to follow for cryptographers not familiar with quantum computation. Although at a high level, the techniques used for the single- and multi-challenge setting are similar, the technical details are quite different. For the multi-challenge setting, we rely on the Katz–Wang technique (CCS, 2003) to overcome some obstacles regarding the leftover hash lemma.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Our parameter selection in the main body may seem much worse compared to GPV-IBE, but this is only because we choose the parameters conservatively. Specifically, we can set the parameters to be only slightly worse than GPV-IBE by setting them less conservatively as in [33]. Please, see end of Sect. 3.2 for more details.

  2. Compared to [43] our choice of parameter is more conservative since we consider \(2^{-\Omega (n)}\) statistical distance rather than \(2^{-\omega (\log n)}\).

  3. Here, since \(\textsf {poly} (\lambda )\) is upper-bounded by the time to answer a random oracle query made by \(\mathcal {A}\) and to sample a short vector from \(D_{\mathbb {Z}^m, \sigma }\), we can assume w.l.o.g that \(\textsf {Time} (\mathcal {A}) \gg (Q_\mathsf{H }+Q_{\textsf {ID} })\cdot \textsf {poly} (\lambda )\). Namely, the reduction is tight with respect to the runtime as well. The same discussion holds for the subsequent QROM setting.

  4. Such a simulation may be possible by using the technique of the concurrent work by Zhandry [71], though it would make the security proof more complicated and non-tight.

  5. Similar to Footnote 3, we have \(\textsf {Time} (\mathcal {A}) \gg (Q_\mathsf{H }+Q_{\textsf {ID} } + Q_\textsf {ch} )\cdot \textsf {poly} (\lambda )\) by further assuming that the runtime of constructing a ciphertext or running algorithm \(\textsf {ReRand} \) is much smaller compared to \(\textsf {Time} (\mathcal {A})\).

  6. Recall that we only change \(\mathbf{c}_{\textsf {ID} \Vert 0}\) and \(\mathbf{c}_{\textsf {ID} \Vert 1}\) into random elements one at a time.

References

  1. Shweta Agrawal, Dan Boneh, and Xavier Boyen. Efficient lattice (h) ibe in the standard model. In EUROCRYPT, pages 553–572. Springer, 2010.

  2. Erdem Alkim, Nina Bindel, Johannes A. Buchmann, Özgür Dagdelen, Edward Eaton, Gus Gutoski, Juliane Krämer, and Filip Pawlega. Revisiting TESLA in the quantum random oracle model. In PQCrypto, pages 143–162. Springer, 2017.

  3. Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In CRYPTO, pages 595–618. Springer, 2009.

  4. Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, and Daniel Wichs. Public-key encryption in the bounded-retrieval model. In EUROCRYPT, pages 113–134. Springer, 2010.

  5. Andris Ambainis, Mike Hamburg, and Dominique Unruh. Quantum security proofs using semi-classical oracles. In CRYPTO II, pages 269–295. Springer, 2019.

  6. Nuttapong Attrapadung, Goichiro Hanaoka, and Shota Yamada. A framework for identity-based encryption with almost tight security. In ASIACRYPT, pages 521–549. Springer, 2015.

  7. Joël Alwen, Stephan Krenn, Krzysztof Pietrzak, and Daniel Wichs. Learning with rounding, revisited. In CRYPTO, pages 57–74. Springer, 2013.

  8. Andris Ambainis, Ansis Rosmanis, and Dominique Unruh. Quantum attacks on classical proof systems: The hardness of quantum rewinding. In FOCS, pages 474–483. IEEE, 2014.

  9. Dan Boneh, Özgür Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner, and Mark Zhandry. Random oracles in a quantum world. In Eurocrypt, pages 41–69. Springer, 2011.

  10. Florian Bourse, Rafaël Del Pino, Michele Minelli, and Hoeteck Wee. Fhe circuit privacy almost for free. In CRYPTO, pages 62–89. Springer, 2016.

  11. Dan Boneh and Matt Franklin. Identity-based encryption from the weil pairing. In CRYPTO, pages 213–229. Springer, 2001.

  12. Shi Bai and Steven D. Galbraith. An improved compression technique for signatures based on learning with errors. In CT-RSA, pages 28–47, 2014.

  13. Nina Bindel, Mike Hamburg, Kathrin Hövelmanns, Andreas Hülsing, and Edoardo Persichetti. Tighter proofs of CCA security in the quantum random oracle model. In TCC II, pages 61–90. Springer, 2019.

  14. Mihir Bellare, Eike Kiltz, Chris Peikert, and Brent Waters. Identity-based (lossy) trapdoor functions and applications. In EUROCRYPT, pages 228–245. Springer, 2012.

  15. Xavier Boyen and QinYi Li. Towards tightly secure lattice short signature and id-based encryption. In ASIACRYPT(2), pages 404–434. Springer, 2016.

  16. Xavier Boyen and Qinyi Li. Almost tight multi-instance multi-ciphertext identity-based encryption on lattices. In ACNS, pages 535–553. Springer, 2018.

  17. Zvika Brakerski, Adeline Langlois, Chris Peikert, Oded Regev, and Damien Stehlé. Classical hardness of learning with errors. In STOC, pages 575–584, 2013.

  18. Abhishek Banerjee, Chris Peikert, and Alon Rosen. Pseudorandom functions and lattices. In EUROCRYPT, pages 719–737. Springer, 2012.

  19. Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In CCS, pages 62–73. ACM, 1993.

  20. Ran Canetti, Shai Halevi, and Jonathan Katz. Chosen-ciphertext security from identity-based encryption. In EUROCRYPT, pages 207–222. Springer, 2004.

  21. David Cash, Dennis Hofheinz, Eike Kiltz, and Chris Peikert. Bonsai trees, or how to delegate a lattice basis. In EUROCRYPT, pages 523–552. Springer, 2010.

  22. Alessandro Chiesa, Peter Manohar, and Nicholas Spooner. Succinct arguments in the quantum random oracle model. In TCC II, pages 1–29. Springer, 2019.

  23. Jean-Sébastien Coron. A variant of boneh-franklin ibe with a tight reduction in the random oracle model. Des. Codes Cryptogr., 50(1):115–133, 2009.

  24. Ronald Cramer and Victor Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In CRYPTO, pages 13–25. Springer, 1998.

  25. Jie Chen and Hoeteck Wee. Fully,(almost) tightly secure ibe and dual system groups. In CRYPTO, pages 435–460. Springer, 2013.

  26. Jelle Don, Serge Fehr, Christian Majenz, and Christian Schaffner. Security of the fiat-shamir transformation in the quantum random-oracle model. In CRYPTO II, pages 356–383. Springer, 2019.

  27. Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In EUROCRYPT, pages 523–540. Springer, 2004.

  28. Junqing Gong, Xiaolei Dong, Jie Chen, and Zhenfu Cao. Efficient ibe with tight reduction to standard assumption in the multi-challenge setting. In ASIACRYPT, pages 624–654. Springer, 2016.

  29. Craig Gentry. Practical identity-based encryption without random oracles. In EUROCRYPT, pages 445–464. Springer, 2006.

  30. Oded Goldreich, Shafi Goldwasser, and Silvio Micali. How to construct random functions. J. ACM, 33(4):792–807, 1986.

  31. Shafi Goldwasser, Yael Kalai, Chris Peikert, and Vinod Vaikuntanathan. Robustness of the learning with errors assumption. ICS, pages 230–240, 2010.

  32. Oded Goldreich. Two remarks concerning the goldwasser-micali-rivest signature scheme. In CRYPTO, pages 104–110. Springer, 1986.

  33. Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In STOC, pages 197–206. ACM, 2008.

  34. Craig Gentry, Amit Sahai, and Brent Waters. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In CRYPTO, pages 75–92. Springer, 2013.

  35. Dennis Hofheinz and Tibor Jager. Tightly secure signatures and public-key encryption. In CRYPTO, pages 590–607. Springer, 2012.

  36. Dennis Hofheinz, Jessica Koch, and Christoph Striecks. Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting. In PKC, pages 799–822. Springer, 2015.

  37. Minki Hhan, Keita Xagawa, and Takashi Yamakawa. Quantum random oracle model with auxiliary input. In ASIACRYPT I, pages 584–614. Springer, 2019.

  38. Haodong Jiang, Zhenfeng Zhang, Long Chen, Hong Wang, and Zhi Ma. Ind-cca-secure key encapsulation mechanism in the quantum random oracle model, revisited. In CRYPTO, pages 96–125. Springer, 2018.

  39. Haodong Jiang, Zhenfeng Zhang, and Zhi Ma. Key encapsulation mechanism with explicit rejection in the quantum random oracle model. In PKC II, pages 618–645. Springer, 2019.

  40. Haodong Jiang, Zhenfeng Zhang, and Zhi Ma. Tighter security proofs for generic key encapsulation mechanism in the quantum random oracle model. In PQCrypto, pages 227–248. Springer, 2019.

  41. Eike Kiltz, Vadim Lyubashevsky, and Christian Schaffner. A concrete treatment of fiat-shamir signatures in the quantum random-oracle model. In EUROCRYPT III, pages 552–586. Springer, 2018.

  42. Jonathan Katz and Nan Wang. Efficiency improvements for signature schemes with tight security reductions. In Computer and Communications Security, pages 155–164. ACM, 2003.

  43. Shuichi Katsumata and Shota Yamada. Partitioning via non-linear polynomial functions: more compact ibes from ideal lattices and bilinear maps. In ASIACRYPT, pages 682–712. Springer, 2016.

  44. Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In EUROCRYPT, pages 1–23. Springer, 2010.

  45. Vadim Lyubashevsky, Chris Peikert, and Oded Regev. A toolkit for ring-lwe cryptography. In EUROCRYPT, pages 35–54. Springer, 2013.

  46. Benoît Libert, Amin Sakzad, Damien Stehlé, and Ron Steinfeld. All-but-many lossy trapdoor functions and selective opening chosen-ciphertext security from lwe. In CRYPTO, pages 332–364. Springer, 2017.

  47. Qipeng Liu and Mark Zhandry. Revisiting post-quantum fiat-shamir. In CRYPTO II, pages 326–355. Springer, 2019.

  48. Silvio Micali. Computationally sound proofs. SIAM J. Comput., 30(4):1253–1298, 2000.

  49. Daniele Micciancio and Chris Peikert. Trapdoors for lattices: Simpler, tighter, faster, smaller. In EUROCRYPT, pages 700–718. Springer, 2012.

  50. Daniele Micciancio and Oded Regev. Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput., 37(1):267–302, 2007.

  51. Michael A. Nielsen and Isaac L. Chuang. Quantum Computation and Quantum Information. Cambridge University Press, 2000.

  52. Chris Peikert. Limits on the hardness of lattice problems in ell \_p norms. In Conference on Computational Complexity, pages 333–346. IEEE, 2007.

  53. Chris Peikert. Public-key cryptosystems from the worst-case shortest vector problem. In STOC, pages 333–342. ACM, 2009.

  54. Chris Peikert. An efficient and parallel gaussian sampler for lattices. In CRYPTO, pages 80–97. Springer, 2010.

  55. Chris Peikert and Alon Rosen. Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In TCC, pages 145–166. Springer, 2006.

  56. Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. In STOC, pages 84–93. ACM Press, 2005.

  57. Oded Regev. The learning with errors problem. Invited survey in CCC, 2010.

  58. Renato Renner and Stefan Wolf. Smooth rényi entropy and applications. In International Symposium on Information Theory – ISIT, pages 233–233. IEEE, 2004.

  59. Peter W. Shor. Algorithms for quantum computation: Discrete logarithms and factoring. In FOCS, pages 124–134. IEEE, 1994.

  60. Tsunekazu Saito, Keita Xagawa, and Takashi Yamakawa. Tightly-secure key-encapsulation mechanism in the quantum random oracle model. In EUROCRYPT III, pages 520–551. Springer, 2018.

  61. Ehsan Ebrahimi Targhi and Dominique Unruh. Post-quantum security of the fujisaki-okamoto and OAEP transforms. In TCC II, pages 192–216. Springer, 2016.

  62. Dominique Unruh. Quantum position verification in the random oracle model. In CRYPTO II, pages 1–18. Springer, 2014.

  63. Dominique Unruh. Revocable quantum timed-release encryption. In EUROCRYPT, pages 129–146. Springer, 2014.

  64. Dominique Unruh. Non-interactive zero-knowledge proofs in the quantum random oracle model. In EUROCRYPT II, pages 755–784. Springer, 2015.

  65. Dominique Unruh. Post-quantum security of fiat-shamir. In ASIACRYPT I, pages 65–95. Springer, 2017.

  66. Brent Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114–127. Springer, 2005.

  67. Keita Xagawa and Takashi Yamakawa. (tightly) qcca-secure key-encapsulation mechanism in the quantum random oracle model. In PQCrypto, pages 249–268. Springer, 2019.

  68. Shota Yamada. Adaptively secure identity-based encryption from lattices with asymptotically shorter public parameters. In EUROCRYPT, pages 32–62. Springer, 2016.

  69. Mark Zhandry. How to construct quantum random functions. In FOCS, pages 679–687. IEEE, 2012.

  70. Mark Zhandry. Secure identity-based encryption in the quantum random oracle model. In CRYPTO, pages 758–775. Springer, 2012.

  71. Mark Zhandry. How to record quantum queries, and applications to quantum indifferentiability. In CRYPTO II, pages 239–268. Springer, 2019.

Download references

Acknowledgements

The first was supported by JST CREST Grant No. JPMJCR19F6 and the second author was supported by JST CREST Grant No. JPMJCR19F6 and JSPS KAKENHI Grant Number 16K16068.

Author information

Authors and Affiliations

  1. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Shuichi Katsumata & Shota Yamada

  2. NTT Secure Platform Laboratories, Tokyo, Japan

    Takashi Yamakawa

Authors
  1. Shuichi Katsumata
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shota Yamada
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takashi Yamakawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shuichi Katsumata.

Additional information

Communicated by Damien Stehlé

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The preliminary version of this work was done part in while the first author was at the University of Tokyo, Japan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Katsumata, S., Yamada, S. & Yamakawa, T. Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model. J Cryptol 34, 5 (2021). https://doi.org/10.1007/s00145-020-09371-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-020-09371-y

Keywords

Search

Navigation