Identity-based revocation system: Enhanced security model and scalable bounded IBRS construction with short parameters

Authors

Peng Jiang, Beijing Institute of TechnologyFollow
Jianchang Lai, University of Wollongong, Nanjing Normal UniversityFollow
Fuchun Guo, University of WollongongFollow
Willy Susilo, University of WollongongFollow
Man Ho Au, The Hong Kong Polytechnic UniversityFollow
Guomin Yang, University of WollongongFollow
Yi Mu, University of WollongongFollow
Rongmao Chen, National University of Defense Technology ChangshaFollow

RIS ID

130296

Publication Details

Jiang, P., Lai, J., Guo, F., Susilo, W., Au, M., Yang, G., Mu, Y. & Chen, R. (2019). Identity-based revocation system: Enhanced security model and scalable bounded IBRS construction with short parameters. Information Sciences, 472 35-52.

Abstract

Identity-based revocation system (IBRS) produces a ciphertext based on the revoked identities such that this ciphertext can only be decrypted by the private keys of non-revoked identities. IBRS can be classified into unbounded IBRS and bounded IBRS, depending on whether to set a maximal revocation number (e.g., N) or not. Compared to unbounded IBRS, existing bounded IBRS schemes have the advantage of short ciphertexts, however, they cannot support an increase of N and have to fix a large N to provide the revocation. This compromises the computational efficiency, which is linear in N. To bridge this gap, we are interested in exploring whether N can be dynamic. Precisely, N is initially set as a small number and increased into a larger one when more than N identities are revoked, while this increase does not affect other non-revoked users in the system. In this paper, motivated by the security of bounded IBRS with a dynamic N, we define an enhanced security model, which allows the corruption of any polynomial number (e.g., n) of private keys, independent of N. It augments existing security models by running different challenges when n ≤ N and n > N, respectively. The enhanced security model suits both unbounded IBRS and bounded IBRS with a general description that can be "empty" for unbounded IBRS or a special N for bounded IBRS. Then, we propose a scalable bounded IBRS scheme and are able to prove its security in an enhanced security model. The increase of N incurs no changing on all of the existing private keys and the only cost is a slight expansion of the master public keys. Our proposed scheme also has short ciphertexts and private keys, comparable to the state-of-the-art (bounded) IBRS schemes.