revocable cryptosystems from 1. shantian cheng and juanyang zhang. adaptive-id secure revocable...

Download REVOCABLE CRYPTOSYSTEMS FROM 1. Shantian Cheng and Juanyang Zhang. Adaptive-ID secure revocable identity-based

Post on 03-Jan-2020

2 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • REVOCABLE CRYPTOSYSTEMS FROM LATTICES

    JUANYANG ZHANG

    School of Physical and Mathematical Sciences

    2018

  • REVOCABLE CRYPTOSYSTEMS FROM LATTICES

    JUANYANG ZHANG

    School of Physical and Mathematical Sciences

    A thesis submitted to the Nanyang Technological University

    in partial fulfillment of the requirement for the degree of

    Doctor of Philosophy

    2018

  • To My Mommy and Daddy.

  • Acknowledgements

    First of all, I want to express my deepest gratitude to my main supervisor, Prof.

    Huaxiong Wang, for his priceless guidance and support. I am honoured to accomplish

    my PhD studies under his supervision. He is a model for me, both in academia and in

    daily life.

    I also want to sincerely thank my co-supervisor Prof. San Ling for his invaluable

    guidance and kindness.

    I would like specially to give a deep thank to Dr. Khoa Ta Toan Nguyen for his

    helpful suggestions, his instructive comments, and his patient explanations. I deeply

    admire his enthusiastic attitude towards research and am profoundly grateful for his

    kindness. It is a great privilege for me to be working with him.

    I also want to thank our cryptographic group members: Dr. Hyung Tae Lee, Dr.

    Frederic Ezerman Martianus, Dr. Fuchun Lin, Tan Hong Meng Benjamin, Yanhong

    Xu, Neng Zeng, and some visiting students and professors. I really learned a lot from

    the talks they gave and from the discussions with them.

    I would like to thank my friends: Shantian Cheng, Shu Liu, Ivan Tjuawinata and

    Chen Yuan.

    Last but not least, my deepest love goes to my family, including my father Zheng

    Zhang, mother Zhecui Nan, eldest brother Haoyang Zhang and second brother Haoli

    Zhang. Although they totally could not image PhD students’ life, they still accompanied

    me throughout my studies, especially with their comfort and encouragement when I

    was frustrated.

    i

  • List of Works

    Below is the list of works done during my PhD studies in Nanyang Technological

    University, in chronological order.

    1. Shantian Cheng and Juanyang Zhang. Adaptive-ID secure revocable identity-

    based encryption from lattices via subset difference method. In ISPEC 2015,

    volume 9065 of Lecture Notes in Computer Science, pages 283–297. Springer,

    2015

    2. Khoa Nguyen, Huaxiong Wang, and Juanyang Zhang. Server-aided revocable

    identity-based encryption from lattices. In CANS 2016, volume 10052 of Lecture

    Notes in Computer Science, pages 107–123. Springer, 2016

    3. San Ling, Khoa Nguyen, Huaxiong Wang, and Juanyang Zhang. Revocable

    predicate encryption from lattices. In ProvSec 2017, volume 10592 of Lecture

    Notes in Computer Science, pages 305–326. Springer, 2017

    4. San Ling, Khoa Nguyen, Huaxiong Wang, and Juanyang Zhang. Server-aided

    revocable predicate encryption: definition and lattice-based instantiation. In

    Submission to Designs, Codes and Cryptography

    ii

  • Contents

    1 Introduction 1

    1.1 Revocable Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . 1

    1.2 Lattice-based Cryptography . . . . . . . . . . . . . . . . . . . . . . . . 6

    1.3 Contributions of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 8

    1.4 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 14

    2 Definitions and Preliminaries 16

    2.1 General Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    2.2 Preliminaries on Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    2.2.1 Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    2.2.2 Gaussian Distributions . . . . . . . . . . . . . . . . . . . . . . . 19

    2.2.3 The LWE Problem . . . . . . . . . . . . . . . . . . . . . . . . . 20

    2.3 Basic Cryptographic Primitives from Lattices . . . . . . . . . . . . . . 23

    2.3.1 Sampling Algorithms . . . . . . . . . . . . . . . . . . . . . . . . 23

    2.3.2 Public-key Encryption . . . . . . . . . . . . . . . . . . . . . . . 25

    2.3.3 Hierarchical Identity-based Encryption . . . . . . . . . . . . . . 28

    2.3.4 Predicate Encryption . . . . . . . . . . . . . . . . . . . . . . . . 33

    2.4 Revocable Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . 39

    2.4.1 The Complete Subtree Method . . . . . . . . . . . . . . . . . . 39

    2.4.2 Revocable Identity-based Encryption . . . . . . . . . . . . . . . 41

    iii

  • 3 Server-aided Revocable Identity-based Encryption from Lattices 47

    3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

    3.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

    3.3 A Lattice-based SR-IBE Scheme . . . . . . . . . . . . . . . . . . . . . . 55

    3.3.1 Description of the Scheme . . . . . . . . . . . . . . . . . . . . . 55

    3.3.2 Correctness and Efficiency . . . . . . . . . . . . . . . . . . . . . 59

    3.3.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

    4 Server-aided Revocable Predicate Encryption 69

    4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

    4.2 The model of SR-PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

    4.3 A Lattices-based SR-PE Scheme . . . . . . . . . . . . . . . . . . . . . . 78

    4.3.1 Description of the Scheme . . . . . . . . . . . . . . . . . . . . . 78

    4.3.2 Correctness and Efficiency . . . . . . . . . . . . . . . . . . . . . 82

    4.3.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

    5 Revocable Predicate Encryption from Lattices 93

    5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

    5.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

    5.3 A Lattice-based RPE Scheme . . . . . . . . . . . . . . . . . . . . . . . 99

    5.3.1 Description of the Scheme . . . . . . . . . . . . . . . . . . . . . 99

    5.3.2 Correctness, Efficiency and Potential Implementation . . . . . . 102

    5.3.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

    5.3.4 Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

    6 Conclusions and Open Problems 115

    Bibliography 119

  • Abstract

    In the last decade, lattices have become one of the most powerful tools in constructing

    cryptographic schemes, which enjoy conjectured resistance against quantum computers

    and strong security guarantees from worst-case to average-case reductions, as well

    as asymptotic efficiency. For a multi-user cryptosystem, user revocation has been a

    necessary but challenging problem. However, all known revocable schemes are either

    based on number-theoretic assumptions or lattice-based but less efficient compared to

    the art-of-date systems.

    In this thesis, we focus on investigating user revocation model and the associated

    lattice-based instantiations. Our constructions have two goals: (i) to improve the

    existing revocable lattice-based cryptosystems in terms of efficiency and security; (ii)

    to consider the revocation functionality in new contexts from lattices. For the former,

    we carefully adapt the very recent revocation model into the lattice setting. The

    latter can be achieved either by using the existing revocation models (without concrete

    constructions from lattices) or by proposing new revocation models. We construct a

    series of cryptosystems supporting efficient revocations as follows.

    - A revocable identity-based encryption (IBE) scheme, which is more efficient than all

    existing such schemes from lattices. We follow the architecture of the server-aided

    revocable encryptions, proposed by Qin et al. (ESORICS 2015). This paradigm

    provides significant efficiency advantages over previous revocation techniques in the

    setting of IBE. In the server-aided revocation model, most of the workloads on the

    user side are outsourced to an untrusted server, which can be untrusted since it

    does not possess any private information. With the help of this server, non-revoked

    users do not need to update anything when the system revokes other users. We

    equip Agrawal, Boneh, and Boyen’s IBE (EUROCRYPT 2010) with the server-aided

  • revocation method. In the technical view, we observe that a “double encryption”

    mechanism is well-suited in such a server-aided system. We also show that our scheme

    is provably secure provided with the strong hardness of the Learning With Errors

    (LWE) problem.

    - A revocation model called server-aided revocable predicate encryption (SR-PE) and

    an instantiation from lattices. We consider the server-aided revocation mechanism in

    the predicate encryption (PE) setting and formalize the notion of SR-PE with rigorous

    definitions and security model. Moreover, we introduce a construction of SR-PE for

    the scheme introduced by Agrawal, Freeman, and Vaikuntanathan (ASIACRYPT 2011)

    and prove that our scheme is selectively secure in the standard model. The correctness

    of our scheme relies on a special property of lattice-based encryption schemes.

    - A lattice-based constructi

Recommended

View more >