The original article is called
Additively Homomorphic IBE from Higher Residuosity
Clear M., McGoldrick C. (2019) Additively Homomorphic IBE from Higher Residuosity. In: Lin D., Sako K. (eds) Public-Key Cryptography – PKC 2019. PKC 2019. Lecture Notes in Computer Science, vol 11442. Springer, Cham. https://doi.org/10.1007/978-3-030-17253-4_17
Abstract
“We present an identity-Based encryption (IBE) scheme that is group homomorphic for addition modulo a “large” (i.e. superpolynomial) integer, the first such group homomorphic IBE. Our first result is the construction of an IBE scheme supporting homomorphic addition modulo a poly-sized prime e. Our construction builds upon the IBE scheme of Boneh, LaVigne and Sabin (BLS). BLS relies on a hash function that maps identities to eth residues. However there is no known way to securely instantiate such a function. Our construction extends BLS so that it can use a hash function that can be securely instantiated. We prove our scheme Open image in new window
secure under the (slightly modified) eth residuosity assumption in the random oracle model and show that it supports a (modular) additive homomorphism. By using multiple instances of the scheme with distinct primes and leveraging the Chinese Remainder Theorem, we can support homomorphic addition modulo a “large” (i.e. superpolynomial) integer. We also show that our scheme for e>2 is anonymous by additionally assuming the hardness of deciding solvability of a special system of multivariate polynomial equations. We provide a justification for this assumption by considering known attacks.”
Before starting the description of the scheme we will see which are its characteristics.
Its staring point is represented by the BLP (Boneh, LaVigne and Sabin) IBE scheme, which has a main disadvantage concerning the hash function that maps the identities to e-th residues. Clear and McGoldrich emphasize that there is not known way to securely instantiate such a function, but by this article they overcome this issue. Furthermore, the scheme they obtain is the first group homomorphic (for addition) IBE scheme. This property is fulfilled by using multiple instances of the scheme with different prime numbers together with the CRT (Chinese Remainder Theorem). Even if the authors sustain that the scheme is anonymous for e>2 by an supplementary assumption, this is a questionable issue as we will see later on.
The scheme comes with some important achievements:
- it can use a securely instantiated hash function
- it supports homomorphic addition modulo a large polynomial size prime e, satisfying the properties of an IBGHE)
- it achieves anonymity by using “multiple instances of the scheme, with distinct prime” numbers, and CRT in order “to support homomorphic addition modulo a large integer” (superpolynomial) and, as the authors say, it is the first such scheme that supports an unbounded number of operations
- they also say that the scheme achieves anonymity for e>2 “assuming the hardness of deciding solvability of a special system of multivariate polynomial equation”.
From a security point of view, the scheme is proved to be IND-ID-CPA secure under a e-th residuosity assumption in the ROM (random oracle model).
Concerning the structure, as every IBE (Identity Based Encryption) scheme, this one has four probabilistic algorithms.
English
Arabic
Chinese (Simplified)
Dutch
French
German
Greek
Hebrew
Hindi
Italian
Korean
Portuguese
Romanian
Russian
Serbian
Spanish