Cryptography Reference
In-Depth Information
Combined with Theorem 2.2, we have
1
.
1
Q
h
1
2
Q
h
1
p
Adv-BDHI
B
≥
2
·
−
B
is easy to be verified.
The running time of
4
Twin SK-ID-KEM
In this section, we apply the twinning technique to a KEM scheme from SK-
IBE [12], to yield the twin SK-ID-KEM scheme. We present the scheme by
describing the four algorithms:
Setup
,
Extract
,
Encaps
,
Decaps
.
Setup.
To generate system parameters, the algorithm works as follows:
1. Pick two random generators
g
1
,g
2
∈
G
∗
.
2. Pick two random
s
1
,s
2
∈
Z
p
, compute
u
1
=
g
s
1
1
and
u
2
=
g
s
2
.
3. Pick four cryptographic hash functions
H
1
:
}
∗
→
Z
p
,
H
2
:
{
0
,
1
G
T
×
G
T
→
n
for some integer
n
,
H
3
:
n
→
Z
p
×
Z
p
and
H
4
:
n
λ
{
0
,
1
}
{
0
,
1
}
{
0
,
1
}
→{
0
,
1
}
for some integer
λ
.
Thekeyspaceis
n
. The ciphertext space is
G
∗
×
G
∗
×{
n
.
K
=
{
0
,
1
}
C
=
0
,
1
}
The master public key
mpk
and the master secret key
msk
are given by
mpk
=(
g
1
,g
2
,u
1
,u
2
)
,msk
=(
s
1
,s
2
)
Extract.
Givenanidentity
ID
∈{
0
,
1
}
∗
, the algorithm sets the private key to
be
d
ID
=(
d
1
,d
2
)=
g
1
,g
1
s
1
+
H
1
(ID)
1
s
2
+
H
1
(ID)
2
Encaps.
To encapsulate a key of
ID
do the following:
1. Pick a random
σ
n
and compute (
r
1
,r
2
)=
H
3
(
σ
).
∈{
0
,
1
}
2. Compute
t
1
=
u
1
g
H
1
(
ID
)
1
=
g
s
1
+
H
1
(
ID
)
1
and
t
2
=
u
2
h
H
1
(
ID
)
1
=
g
s
2
+
H
1
(
ID
)
2
.
3. Set the ciphertext to be
C
=(
t
r
1
,t
r
2
H
2
(
e
(
g
1
,g
1
)
r
1
,e
(
g
2
,g
2
)
r
2
)).
,σ
⊕
4. Encapsulate the key
k
=
H
4
(
σ
).
Decaps.
Let
C
=(
U
1
,U
2
,V
)
be a ciphertext encrypted using
ID
. To decrypt
C
using the private key
d
ID
=(
d
1
,d
2
) compute:
1. Compute
V
∈C
H
2
(
e
(
U
1
,d
1
)
,e
(
U
2
,d
2
)) =
σ
.
2. Compute (
r
1
,r
2
)=
H
3
(
σ
). Test whether
U
1
=
t
r
1
and
U
2
=
t
r
2
. If not, reject
the ciphertext.
3. Output
k
=
H
4
(
σ
).
⊕
Theorem 4.1
Twin SK-ID-KEM is
IND
-
ID
-
CCA
secure provided that
H
i
(1
≤
i
2)
are random oracles and the
(
Q
h
1
+1)
-
BDHI
assumption holds. Spe-
cially, suppose there exists an
IND
-
ID
-
CCA
adversary
≤
A
against twin SK-ID-
KEM that has advantage
. Suppose during the attack
A
makes at most
Q
e
Search WWH ::
Custom Search