210 likes | 218 Views
Identity Based Encryption from the Diffie-Hellman Assumption. Sanjam Garg University of California, Berkeley (Joint work with Nico Döttling ). Private-Key Encryption. Alice Bob . Public-Key Encryption [DH76,RSA78,GM82]. Obtain.
E N D
Identity Based Encryption from the Diffie-Hellman Assumption Sanjam Garg University of California, Berkeley (Joint work with Nico Döttling)
Private-Key Encryption Alice Bob
Public-Key Encryption [DH76,RSA78,GM82] Obtain Alice Bob
Identity-Based Encryption (IBE) [Shamir84, BF01] Identity of the recipient used as the public key pp Alice Bob First construction based on pairings [BF01] CA/PKG
ABE [SW05] Hierarchical IBE IBE [Pairing, Lattices] Reduce the Gap! Public-key crypto Public-Key Encryption Trapdoor Functions Private-key crypto Signatures PRF OWF PRG
Our Results • Main result: IBE from Computational Diffie-Hellman Assumption (Fully-secure) • Or, the hardness of Factoring Avoid impossibilities using non-black-box techniques.
Compress two keys Bob Alice • Encryption can be done to either or knowing just • Decryption can be done using , and the right secret key • looses information about or Cara
How known schemes from stronger assumptions compress two keys? • or are correlated • Structured assumptions • Impossibility results: Similar intuition Our goal: Compress Uncorrelated Keys!
Our Construction: Tools + Yao’s Garbled Circuits Hash with Encryption
Tool I: Hash with Encryption Three Algorithms: is short (say -bits) is -bits where and if and Security: Hard to compute such that Security: Reminiscent of Witness Encryption [GGSW13] or laconic OT [CDGGMP17].
Tool I: Hash with Encryption Security can be argued based on DDH Hash Parameters • Set
Tool 2: Yao’s Garbled Circuits [Yao86, AIK04, AIK05, LP09, BHR12] Security:
Obfuscation Lens! How do we encrypt? Bob Alice Abort if . If then else Output Cara
How do we encrypt? Bob Alice • Circuit Cara
How to decrypt? • Decrypt using , and • Recall and • which one can be decrypted? • which decrypts to • Similarly, for each decrypt or • Evaluate(, ) outputs
Many new Applications • New constructions of cryptographic primitives from weaker computation assumptions • Two round MPC [GS17,GS18,BL18,GIS18] • TDF [GD18] from CDH • Deterministic Encryption [GGH18] from CDH • Beats the efficiency of prior works even under DDH • Two-round OT [DGHMW19] form CDH • First PIR with polylogarithmic communication under DDH [DGMMIO19] (also rate 1-OT and more) • Many new techniques: Can lead to several other improvements!