Making the identity-based Diffie-Hellman key exchange efficiently revocable. (English) Zbl 07927372
Aly, Abdelrahaman (ed.) et al., Progress in cryptology – LATINCRYPT 2023. 8th international conference on cryptology and information security in Latin America, LATINCRYPT 2023, Quito, Ecuador, October 3–6, 2023. Proceedings. Cham: Springer. Lect. Notes Comput. Sci. 14168, 171-191 (2023).
Summary: We propose an efficient identity-based authenticated-key exchange (IB-AKE) protocol that is equipped with scalable key revocation. Our protocol builds upon the most efficient identity-based Diffie-Hellman key exchange (without revocation mechanisms) presented by D. Fiore and R. Gennaro [Lect. Notes Comput. Sci. 5985, 165–178 (2010; Zbl 1272.94030)], which can be constructed from pairing-free groups. The key revocation is essential for IB-AKE protocols in long-term practical operation. Our key revocation mechanism allows the key exchange protocol to remain comparable to the original Fiore-Gennaro identity-based key exchange, unlike other revocable schemes that require major (inefficient) modifications to their original IB-AKE protocols. Moreover, our revocation mechanism is scalable, in the sense that its computational cost is logarithmic, rather than linear, to the number of users. We provide a security proof in the identity-based extended Canetti-Krawczyk security model that is further extended in order to incorporate key revocation. The security of our scheme reduces to the well-established strong Diffie-Hellman assumption. For this proof, we devise a multi-forking lemma, an extended version of the general forking lemma.
For the entire collection see [Zbl 07831456].
For the entire collection see [Zbl 07831456].
MSC:
| 94A60 | Cryptography |
Keywords:
identity-based authenticated-key exchange; revocable; elliptic-curve cryptography; pairing-free; protocol implementations; ARM Cortex-M MCU; general forking lemma; random oracle modelReferences:
| [1] | Anggorojati, B., Prasad, R.: Securing communication in inter domains internet of things using identity-based cryptography. In: IWBIS 2017, pp. 137-142 (2017) |
| [2] | The Apache Software Foundation. The Apache Milagro Cryptographic Library (AMCL) (2022). https://github.com/apache/incubator-milagro-crypto. Accessed 26 Dec 2022 |
| [3] | Boneh, D.; Boyen, X.; Cachin, C.; Camenisch, JL, Efficient selective-ID secure identity-based encryption without random oracles, Advances in Cryptology - EUROCRYPT 2004, 223-238, 2004, Heidelberg: Springer, Heidelberg · Zbl 1122.94355 · doi:10.1007/978-3-540-24676-3_14 |
| [4] | Baek, J.; Safavi-Naini, R.; Susilo, W.; Vaudenay, S., Efficient multi-receiver identity-based encryption and its application to broadcast encryption, Public Key Cryptography - PKC 2005, 380-397, 2005, Heidelberg: Springer, Heidelberg · Zbl 1081.94516 · doi:10.1007/978-3-540-30580-4_26 |
| [5] | Barbulescu, R.; Duquesne, S., Updating key size estimations for pairings, J. Cryptol., 32, 1298-1336, 2019 · Zbl 1435.94122 · doi:10.1007/s00145-018-9280-5 |
| [6] | Barreto, PSLM; Naehrig, M.; Preneel, B.; Tavares, S., Pairing-friendly elliptic curves of prime order, Selected Areas in Cryptography, 319-331, 2006, Heidelberg: Springer, Heidelberg · Zbl 1151.94479 · doi:10.1007/11693383_22 |
| [7] | Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM CCS 2006, pp. 390-399 (2006) |
| [8] | Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: ACM CCS 2008, pp. 417-426 (2008) |
| [9] | Boneh, D.; Franklin, M.; Kilian, J., Identity-based encryption from the weil pairing, Advances in Cryptology — CRYPTO 2001, 213-229, 2001, Heidelberg: Springer, Heidelberg · Zbl 1002.94023 · doi:10.1007/3-540-44647-8_13 |
| [10] | Broustis, I., Cakulev, V., Sundaram, G.: IBAKE: identity-based authenticated key exchange. In: RFC 6539 (2012). https://rfc-editor.org/rfc/rfc6539.txt |
| [11] | Chakraborty, S.; Raghuraman, S.; Pandu Rangan, C., A pairing-free, one round identity based authenticated key exchange protocol secure against memory-scrapers, J. Wirel. Mob. Netw. Ubiq. Comput. Depend. Appl., 7, 1, 1-22, 2016 |
| [12] | Chen, J., Wee, H.: Dual system groups and its applications – compact HIBE and more. IACR Cryptology ePrint Archive: Report 2014/265 (2014) |
| [13] | Cheng, Q., Ma, C.: Ephemeral key compromise attack on the IB-KA protocol. IACR Cryptology ePrint Archive: Report 2009/568 (2009) |
| [14] | Cloudflare Inc: Geo key manager: How it works (2017). https://blog.cloudflare.com/geo-key-manager-how-it-works/ |
| [15] | Dearlove, C.: Identity-Based Signatures for Mobile Ad Hoc Network (MANET) Routing Protocols. RFC 7859 (2016). https://rfc-editor.org/rfc/rfc7859.txt |
| [16] | Dent, A.W.: ECIES-KEM vs. PSEC-KEM. Technical Report NES/DOC/RHU/WP5/028/2, NESSIE (2002) |
| [17] | Emura, K.; Seo, JH; Watanabe, Y., Efficient revocable identity-based encryption with short public parameters, Theor. Comput. Sci., 863, 127-155, 2021 · Zbl 1501.94040 · doi:10.1016/j.tcs.2021.02.024 |
| [18] | Emura, K., Takayasu, A., Watanabe, Y.: Generic constructions of revocable hierarchical identity-based encryption. IACR Cryptology ePrint Archive: Report 2021/515 (2021) |
| [19] | Fiore, D.; Gennaro, R.; Pieprzyk, J., Making the Diffie-Hellman protocol identity-based, Topics in Cryptology - CT-RSA 2010, 165-178, 2010, Heidelberg: Springer, Heidelberg · Zbl 1272.94030 · doi:10.1007/978-3-642-11925-5_12 |
| [20] | Fujioka, A.; Suzuki, K.; Ustaoğlu, B.; Joye, M.; Miyaji, A.; Otsuka, A., Ephemeral key leakage resilient and efficient ID-AKEs that can share identities, private and master keys, Pairing-Based Cryptography - Pairing 2010, 187-205, 2010, Heidelberg: Springer, Heidelberg · Zbl 1252.94063 · doi:10.1007/978-3-642-17455-1_12 |
| [21] | Gallant, RP; Lambert, RJ; Vanstone, SA; Kilian, J., Faster point multiplication on elliptic curves with efficient endomorphisms, Advances in Cryptology — CRYPTO 2001, 190-200, 2001, Heidelberg: Springer, Heidelberg · Zbl 1002.94022 · doi:10.1007/3-540-44647-8_11 |
| [22] | Galbraith, SD; Lin, X.; Scott, M., Endomorphisms for faster elliptic curve cryptography on a large class of curves, J. Cryptol., 24, 446-469, 2011 · Zbl 1258.94036 · doi:10.1007/s00145-010-9065-y |
| [23] | Groves, M.: Sakai-Kasahara Key Encryption (SAKKE). RFC 6508 (2012). https://rfc-editor.org/rfc/rfc6508.txt |
| [24] | Hajny, J., Dzurenda, P., Ricci, S., Malina, L., Vrba, K.: Performance analysis of pairing-based elliptic curve cryptography on constrained devices. In: ICUMT 2018, pp. 1-5 (2018) |
| [25] | Hu, Z.; Liu, S.; Chen, K.; Liu, JK; Susilo, W.; Yang, G., Revocable identity-based encryption from the computational Diffie-Hellman problem, Information Security and Privacy, 265-283, 2018, Cham: Springer, Cham · Zbl 1444.94071 · doi:10.1007/978-3-319-93638-3_16 |
| [26] | Huang, H., Cao, Z.: An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem. In: ASIACCS 2009, pp. 333-342 (2009) |
| [27] | Ishida, Y.; Watanabe, Y.; Shikata, J.; Foo, E.; Stebila, D., Constructions of CCA-secure revocable identity-based encryption, Information Security and Privacy, 174-191, 2015, Cham: Springer, Cham · Zbl 1358.94064 · doi:10.1007/978-3-319-19962-7_11 |
| [28] | ISO/IEC, ISO/IEC 15946-5:2022 Information security - Cryptographic techniques based on elliptic curves -Part 5: Elliptic curve generation (2022). https://www.iso.org/standard/80241.html |
| [29] | Katsumata, S.; Matsuda, T.; Takayasu, A., Lattice-based revocable (hierarchical) IBE with decryption key exposure resistance, Theor. Comput. Sci., 809, 103-136, 2020 · Zbl 1447.94049 · doi:10.1016/j.tcs.2019.12.003 |
| [30] | Kupwade Patil, H.; Szygenda, SA, Security for Wireless Sensor Networks using Identity-Based Cryptography, 2012, Boca Raton: Auerbach Publications, Boca Raton · doi:10.1201/b13080 |
| [31] | Lee, K.; Lee, DH; Park, JH, Efficient revocable identity-based encryption via subset difference methods, Des. Codes Cryptogr., 85, 1, 39-76, 2017 · Zbl 1381.94076 · doi:10.1007/s10623-016-0287-3 |
| [32] | Libert, B.; Vergnaud, D.; Fischlin, M., Adaptive-ID secure revocable identity-based encryption, Topics in Cryptology - CT-RSA 2009, 1-15, 2009, Heidelberg: Springer, Heidelberg · Zbl 1237.94070 · doi:10.1007/978-3-642-00862-7_1 |
| [33] | Lu, H., Li, J., Kameda, H.: A secure routing protocol for cluster-based wireless sensor networks using ID-based digital signature. In: GLOBECOM 2010, pp. 1-5 (2010) |
| [34] | Ma, X., Lin, D.: A generic construction of revocable identity-based encryption. In: Inscrypt 2019, pp. 381-396 (2019) · Zbl 1499.94047 |
| [35] | S. Mitsunari: mcl - A Portable and Fast Pairing-Based Cryptography Library (2016). https://github.com/herumi/mcl |
| [36] | Ni, L.; Chen, G.; Li, J.; Hao, Y., Strongly secure identity-based authenticated key agreement protocols without bilinear pairings, Inf. Sci., 367, 176-193, 2016 · Zbl 1428.94091 · doi:10.1016/j.ins.2016.05.015 |
| [37] | Okano, Y., Tomida, J., Nagai, A., Yoneyama, K., Fujioka, A., Suzuki, K.: Revocable hierarchical identity-based authenticated key exchange. In: ICISC 2021, pp. 17-40 (2021) |
| [38] | Pointcheval, D.; Stern, J., Security arguments for digital signatures and blind signatures, J. Cryptol., 13, 3, 361-396, 2000 · Zbl 1025.94015 · doi:10.1007/s001450010003 |
| [39] | Boyen, X., Martin, L.: Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems. RFC5091 (2007). https://rfc-editor.org/rfc/rfc5091.txt |
| [40] | Sakemi, Y., Kobayashi, T., Saito, T., Wahby, R.: Pairing-friendly curves. draft-irtf-cfrg-pairing-friendly-curves-10. https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-10 |
| [41] | Shamir, A.; Blakley, GR; Chaum, D., Identity-based cryptosystems and signature schemes, Advances in Cryptology, 47-53, 1985, Heidelberg: Springer, Heidelberg · Zbl 1359.94626 · doi:10.1007/3-540-39568-7_5 |
| [42] | Schnorr, C-P, Efficient Signature Generation by Smart Cards, J. Cryptol., 4, 3, 161-174, 1991 · Zbl 0743.68058 · doi:10.1007/BF00196725 |
| [43] | Seo, JH; Emura, K.; Kurosawa, K.; Hanaoka, G., Revocable identity-based encryption revisited: security model and construction, Public-Key Cryptography - PKC 2013, 216-234, 2013, Heidelberg: Springer, Heidelberg · Zbl 1314.94092 · doi:10.1007/978-3-642-36362-7_14 |
| [44] | Sankaran, S.: Lightweight security framework for IoTs using identity based cryptography. In: ICACCI 2016, pp. 880-886 (2016) |
| [45] | Sun, H.; Wen, Q.; Zhang, H.; Jin, Z., A strongly secure identity-based authenticated key agreement protocol without pairings under the GDH assumption, Secur. Commun. Netw., 8, 17, 3167-3179, 2015 · doi:10.1002/sec.1241 |
| [46] | Sun, H.; Wen, Q.; Li, W., A strongly secure pairing-free certificateless authenticated key agreement protocol under the CDH assumption, Sci. China Inf. Sci., 59, 3, 1-16, 2016 · doi:10.1007/s11432-015-5303-0 |
| [47] | Takayasu, A., Adaptively secure lattice-based revocable IBE in the QROM: compact parameters, tight security, and anonymity, Des. Codes Cryptogr., 89, 8, 1965-1992, 2021 · Zbl 1469.94116 · doi:10.1007/s10623-021-00895-3 |
| [48] | TechTarget: Comparing the Best Email Encryption Software Products (2015). https://searchsecurity.techtarget.com/feature/Comparing-the-best-email-encryption-software-product |
| [49] | Tomida, J.; Fujioka, A.; Nagai, A.; Suzuki, K.; Sako, K.; Schneider, S.; Ryan, PYA, Strongly secure identity-based key exchange with single pairing operation, Computer Security - ESORICS 2019, 484-503, 2019, Cham: Springer, Cham · Zbl 1500.94053 · doi:10.1007/978-3-030-29962-0_23 |
| [50] | Tsai, T-T; Chuang, Y-H; Tseng, Y-M; Huang, S-S; Hung, Y-H, A leakage-resilient ID-based authenticated key exchange protocol with a revocation mechanism, IEEE Access, 9, 128633-128647, 2021 · doi:10.1109/ACCESS.2021.3112900 |
| [51] | Tseng, Y-M; Huang, S-S; Tsai, T-T; Ke, J-H, List-free ID-based mutual authentication and key agreement protocol for multiserver architectures, IEEE Trans. Emerg. Topics Comput., 4, 1, 102-112, 2015 · doi:10.1109/TETC.2015.2392380 |
| [52] | Wang, C.; Li, Y.; Xia, X.; Zheng, K., An efficient and provable secure revocable identity-based encryption scheme, PLOS One, 9, 9, 2014 · doi:10.1371/journal.pone.0106925 |
| [53] | VIBE Cybersecurity International: Verifiable Identity-Based Encryption (VIBE) Eliminates Public-Key Certificates (2021). https://vibecyber.com/ |
| [54] | Watanabe, Y.; Emura, K.; Seo, JH; Handschuh, H., New revocable IBE in prime-order groups: adaptively secure, decryption key exposure resistant, and with short public parameters, Topics in Cryptology - CT-RSA 2017, 432-449, 2017, Cham: Springer, Cham · Zbl 1383.94049 · doi:10.1007/978-3-319-52153-4_25 |
| [55] | Wu, T-Y; Tseng, Y-M; Tsai, T-T, A revocable ID-based authenticated group key exchange protocol with resistant to malicious participants, Comput. Netw., 56, 12, 2994-3006, 2012 · doi:10.1016/j.comnet.2012.05.011 |
| [56] | Wu, T.-Y., Tsai, T.-T., Tseng, Y.-M.: A provably secure revocable id-based authenticated group key exchange protocol with identifying malicious participants. Sci. World J. (2014). ID 367264 |
| [57] | Yang, G., Tan, C.-H.: Strongly secure certificateless key exchange without pairing. In: ACM CCS 2011, pp. 71-79 (2011) |
| [58] | Zhang, R.; Tao, Y.; Naccache, D., Key dependent message security for revocable identity-based encryption and identity-based encryption, Information and Communications Security, 426-441, 2018, Cham: Springer, Cham · Zbl 1458.94289 · doi:10.1007/978-3-030-01950-1_25 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
