TY - JOUR
T1 - Identity-based revocation system
T2 - Enhanced security model and scalable bounded IBRS construction with short parameters
AU - Jiang, Peng
AU - Lai, Jianchang
AU - Guo, Fuchun
AU - Susilo, Willy
AU - Au, Man Ho
AU - Yang, Guomin
AU - Mu, Yi
AU - Chen, Rongmao
N1 - Publisher Copyright:
© 2018 Elsevier Inc.
PY - 2019/1
Y1 - 2019/1
N2 - Identity-based revocation system (IBRS) produces a ciphertext based on the revoked identities such that this ciphertext can only be decrypted by the private keys of non-revoked identities. IBRS can be classified into unbounded IBRS and bounded IBRS, depending on whether to set a maximal revocation number (e.g., N) or not. Compared to unbounded IBRS, existing bounded IBRS schemes have the advantage of short ciphertexts, however, they cannot support an increase of N and have to fix a large N to provide the revocation. This compromises the computational efficiency, which is linear in N. To bridge this gap, we are interested in exploring whether N can be dynamic. Precisely, N is initially set as a small number and increased into a larger one when more than N identities are revoked, while this increase does not affect other non-revoked users in the system. In this paper, motivated by the security of bounded IBRS with a dynamic N, we define an enhanced security model, which allows the corruption of any polynomial number (e.g., n) of private keys, independent of N. It augments existing security models by running different challenges when n ≤ N and n > N, respectively. The enhanced security model suits both unbounded IBRS and bounded IBRS with a general description that can be “empty” for unbounded IBRS or a special N for bounded IBRS. Then, we propose a scalable bounded IBRS scheme and are able to prove its security in an enhanced security model. The increase of N incurs no changing on all of the existing private keys and the only cost is a slight expansion of the master public keys. Our proposed scheme also has short ciphertexts and private keys, comparable to the state-of-the-art (bounded) IBRS schemes.
AB - Identity-based revocation system (IBRS) produces a ciphertext based on the revoked identities such that this ciphertext can only be decrypted by the private keys of non-revoked identities. IBRS can be classified into unbounded IBRS and bounded IBRS, depending on whether to set a maximal revocation number (e.g., N) or not. Compared to unbounded IBRS, existing bounded IBRS schemes have the advantage of short ciphertexts, however, they cannot support an increase of N and have to fix a large N to provide the revocation. This compromises the computational efficiency, which is linear in N. To bridge this gap, we are interested in exploring whether N can be dynamic. Precisely, N is initially set as a small number and increased into a larger one when more than N identities are revoked, while this increase does not affect other non-revoked users in the system. In this paper, motivated by the security of bounded IBRS with a dynamic N, we define an enhanced security model, which allows the corruption of any polynomial number (e.g., n) of private keys, independent of N. It augments existing security models by running different challenges when n ≤ N and n > N, respectively. The enhanced security model suits both unbounded IBRS and bounded IBRS with a general description that can be “empty” for unbounded IBRS or a special N for bounded IBRS. Then, we propose a scalable bounded IBRS scheme and are able to prove its security in an enhanced security model. The increase of N incurs no changing on all of the existing private keys and the only cost is a slight expansion of the master public keys. Our proposed scheme also has short ciphertexts and private keys, comparable to the state-of-the-art (bounded) IBRS schemes.
KW - Enhanced security model
KW - Identity-Based revocation system
KW - Increasing maximal revocation number
KW - Short-parameter construction
UR - http://www.scopus.com/inward/record.url?scp=85053339873&partnerID=8YFLogxK
U2 - 10.1016/j.ins.2018.09.020
DO - 10.1016/j.ins.2018.09.020
M3 - Article
AN - SCOPUS:85053339873
SN - 0020-0255
VL - 472
SP - 35
EP - 52
JO - Information Sciences
JF - Information Sciences
ER -