Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ ·...
Transcript of Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ ·...
![Page 1: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/1.jpg)
Identity Based Encryption from the Diffie-Hellman Assumption
Sanjam GargUniversity of California, Berkeley(Joint work with Nico Döttling)
![Page 2: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/2.jpg)
Private-Key Encryption
ðð = ðžðžðžðžðð(ðŸðŸ,ðð)
Alice Bob
ðŸðŸ
ðð
ðŸðŸ
ðð
![Page 3: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/3.jpg)
Public-Key Encryption [DH76,RSA78,GM82]
ðžðžðžðžðð(ðððððµðµðµðµðµðµ,ðð)
Alice Bob
Obtain ðððððµðµðµðµðµðµ
ðð
ð ð ðððµðµðµðµðµðµ
![Page 4: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/4.jpg)
Identity-Based Encryption (IBE) [Shamir84]
Identity of the recipient used as the public key
ðžðžðžðžðð(ððððððððððððððððð. ðððððð,ðð)
Alice Bob
CA/PKG
ððððððððððððððððð. ðððððð
ðððŸðŸðµðµðµðµðµðµððððððððððð.ðððµðµðð
ðð
pp
![Page 5: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/5.jpg)
Identity-Based Encryption (IBE) [Shamir84]
Four Algorithms: (ðð,ðŸðŸ,ðžðž,ð·ð·)
ðð 1ðð â ðððð,ððð ð ðð ðððð are public parametersððð ð ðð is the master secret-key
ðŸðŸ ððð ð ðð, ðŒðŒð·ð· â ð ð ðððŒðŒðŒðŒ ð ð ðððŒðŒðŒðŒ secret key for ðŒðŒð·ð·
ðžðž ðððð, ðŒðŒð·ð·,ðð â ðð encrypt using ðððð and ðŒðŒð·ð·
ð·ð· ð ð ðððŒðŒðŒðŒ, ðð â ðð decrypt ðð using ð ð ðððŒðŒðŒðŒ
![Page 6: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/6.jpg)
Full Security of IBE [BF01]
Challenger AdversaryðððððŒðŒð·ð·
ðð 1ðð â ðððð,ððð ð ðð
ð ð ðððŒðŒðŒðŒ = ðŸðŸ(ððð ð ðð, ðŒðŒð·ð·)
ðŒðŒð·ð·â
ðð â {0,1}ðð = ðžðž(ðððð, ðŒðŒð·ð·â, ðð)
ðŒðŒð·ð·
ð ð ðððŒðŒðŒðŒ = ðŸðŸ(ððð ð ðð, ðŒðŒð·ð·)ðŒðŒð·ð· â ðŒðŒð·ð·â
ððâ² â {0,1}|Pr ðð = ððâ² â 1/2| â ðžðžðððð(ðð)
![Page 7: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/7.jpg)
Selective Security of IBE [CHK04]
Challenger AdversaryðððððŒðŒð·ð·
ðð 1ðð â ðððð,ððð ð ðð
ð ð ðððŒðŒðŒðŒ = ðŸðŸ(ððð ð ðð, ðŒðŒð·ð·)
ðŒðŒð·ð·â
ðð â {0,1}ðð = ðžðž(ðððð, ðŒðŒð·ð·â, ðð)
ðŒðŒð·ð·
ð ð ðððŒðŒðŒðŒ = ðŸðŸ(ððð ð ðð, ðŒðŒð·ð·)ðŒðŒð·ð· â ðŒðŒð·ð·â
ððâ² â {0,1}|Pr ðð = ððâ² â 1/2| â ðžðžðððð(ðð)
![Page 8: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/8.jpg)
Can we realize IBE?
Yes, we can! [Boneh and Franklin, CRYPTO 01]
![Page 9: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/9.jpg)
Hierarchical IBE [HL02,GS02]
Bob
ðððŸðŸðµðµðµðµðµðµððððððððððð.ðððµðµðð
Use ðððŸðŸðŒðŒðŒðŒ to compute ðððŸðŸðŒðŒðŒðŒ|ðŒðŒðŒðŒâ² for any ðŒðŒð·ð·ðŒ
ððððððððððððððððð. ðððððð|ðŽðŽðððŽðŽðððð2,2018
![Page 10: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/10.jpg)
IBE ConstructionsPairings Lattices
(LWE)Quadratic
ResiduocityIBE w/RO BF01 GPV08 Cocks01
BGH07IBE no RO CHK03
BB04, W05G06, W09
CHKP10ABB10, MP12
??
HIBE GS03, BB04⊠CHKP10⊠??
Can we realize IBE from weaker assumptions?
![Page 11: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/11.jpg)
Negative Evidence
Trapdoor Permutations [BPRVW08]
Decisional Diffie-Hellman Assumption
[PRV12]
![Page 12: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/12.jpg)
OWF PRG PRF
Private-key crypto
Public-Key Encryption
Trapdoor Functions
Signatures
Public-key crypto
IBE
Hierarchical IBE
ABE [SW05]
Reduce the Gap!
![Page 13: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/13.jpg)
Our Results
⢠Main result: IBE from Computational Diffie-Hellman Assumption (Fully-secure)
⢠Or, the hardness of Factoring
⢠Selectively-Secure HIBE⢠In fact, from any IBE scheme!
Avoid impossibilities using non-black-box techniques.
![Page 14: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/14.jpg)
How do we get it?
Garbled RAM [LO13,GHLORW14,GLOS15,GLO15,GMP16,GGMP16,CDGGMP17]
Witness Encryption[CS00,GGSW13,BH15,CDGGMP17]
![Page 15: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/15.jpg)
How do we get it?
![Page 16: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/16.jpg)
Compress two keys
ðððð0 ðððð1
ðððð
⢠ðððð = ðððð0 = ðððð1⢠Encryption can be done
to either ðððð0 or ðððð1knowing just ðððð
⢠Decryption can be done using ðððð0, ðððð1 and the right secret key
⢠ðððð looses information about ðððð0or ðððð1
ðð = ðžðžðžðžðð2(ðððð, ðð,ðð)ðð
Alice Bob
Cara
![Page 17: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/17.jpg)
How known schemes from stronger assumptions compress two keys?
ðððð0 ðððð1
ðððð
⢠ðððð0 or ðððð1 are correlated
⢠Structured assumptions⢠Impossibility results:
Similar intuition
Our goal: Compress Uncorrelated Keys!
![Page 18: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/18.jpg)
Our Construction: Tools
Hash with EncryptionYaoâs Garbled Circuits+
![Page 19: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/19.jpg)
Tool I: Hash with Encryption
Three Algorithms: (ð»ð»,ðžðž,ð·ð·)
H ð¥ð¥ â â â is short (say ðð-bits)ð¥ð¥ is 2ðð-bits
ðžðž (â, ðð, ðð),ðð â ðð where ðð â 2ðð and ðð â 0,1ð·ð· ðð, ð¥ð¥ â ðð if ð»ð» ð¥ð¥ = â and ð¥ð¥ðð = ðð
Reminiscent of Witness Encryption [GGSW13] or laconic OT [CDGGMP17].
Security: ð¥ð¥,ðžðž (â, ðð, 1 â ð¥ð¥ðð), 0 â ð¥ð¥,ðžðž (â, ðð, 1 â ð¥ð¥ðð), 1
Security: Hard to compute ð¥ð¥, ð¥ð¥â²such that ð»ð» ð¥ð¥ = ð»ð» ð¥ð¥ðŒ
![Page 20: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/20.jpg)
Tool I: Hash with Encryption
Hash Parameters ðŽðŽ1,0 ðŽðŽ2,0ðŽðŽ1,1 ðŽðŽ2,1
âŠðŽðŽðð,0ðŽðŽðð,1
⢠H ð¥ð¥ â ââ = ï¿œ
ððâ[ðð]
ðŽðŽðð,ð¥ð¥ðð
⢠ðžðž (â, ðð, ðð),ðð â ðð =ðŽðŽ1,0ð ð ðŽðŽ2,0
ð ð
ðŽðŽ1,1ð ð ðŽðŽ2,1
ð ð âŠðŽðŽðð,0ð ð
ðŽðŽðð,1ð ð , âð ð âðð
⢠D ðð, ð¥ð¥ : Set âð ð = âððâ[ðð]ðŽðŽðð,ð¥ð¥ððð ð
ðŽðŽðð,1âðµðµð ð
Security can be argued based on DDH
ððð¥ð¥,ðððŠðŠ ,ððð¥ð¥ðŠðŠâ ððð¥ð¥ ,ðððŠðŠ,ðððð
![Page 21: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/21.jpg)
Tool 2: Yaoâs Garbled Circuits (ðºðºðððŽðŽðððððð,ðžðžðžðžðððð)[Yao86, AIK04, AIK05, LP09, BHR12]
ðºðºðððŽðŽðððððð ð¶ð¶ â ï¿œÌï¿œð¶, ðððððððð,0, ðððððððð,1 ðð
ðžðžðžðžðððð ï¿œÌï¿œð¶, ðððððððð,ð¥ð¥ðð â ð¶ð¶(ð¥ð¥)
Security: (ï¿œÌï¿œð¶, ðððððððð,ð¥ð¥ðð) â ðððððð(ð¶ð¶ ð¥ð¥ )
![Page 22: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/22.jpg)
How do we compress?
ðððð = ð»ð» ðððð0 ðððð1
ðððð0 ðððð1
ðððð
![Page 23: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/23.jpg)
How do we encrypt?
ðððð = ð»ð» ðððð0 ðððð1
ðððð0 ðððð1
ðððð
ðð = ðžðžðžðžðð2(ðððð, ðð,ðð)ðð
ðððððð,ðµðµ,ðð ð¥ð¥1. Abort if ðððð â ð»ð» ð¥ð¥ .2. If ðð = 0 then ðððð = ð¥ð¥ 1 ⊠ðð
else ðððð = ð¥ð¥ ðð + 1 ⊠2ðð3. Output ðžðžðžðžðð(ðððð,ðð)
Alice Bob
Cara
![Page 24: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/24.jpg)
How do we encrypt?
ðððð = ð»ð» ðððð0 ðððð1
ðððð0 ðððð1
ðððð
ðð = ðžðžðžðžðð2(ðððð, ðð,ðð)ðð
ðžðžðžðžðð2(ðððð, ðð,ðð)⢠Circuit ð¶ð¶ðð(ðððð) = ðžðžðžðžðð ðððð,ðð⢠ðºðºðððŽðŽðððððð ð¶ð¶ðð â ï¿œÌï¿œð¶, ðððððððð,0, ðððððððð,1 ðð⢠â ðð â {ðððð + 1, ðððð + ðð}, ðŸðŸ â {0,1}⢠ðððð,ðŸðŸ= ðžðž ðððð, ðð, ðŸðŸ , ðððððððð,ðŸðŸâ¢ ðð = ï¿œÌï¿œð¶, ðððð,ðŸðŸ
Alice Bob
Cara
![Page 25: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/25.jpg)
How to decrypt?
â¢Decrypt ðð = ï¿œÌï¿œð¶, ðððð,ðŸðŸ using ðððð1, ðððð2 and ð ð ðððµðµ
â¢Recall ðð1,0 = ðžðž ðððð, ðððð + 1,0 , ðððððð1,0 and
ðð1,1 = ðžðž ðððð, ðððð + 1,1 , ðððððð1,1⢠which one can be decrypted? ⢠ðð1,ðððððð,1 which decrypts to ðððððð1,ðððððð,1
⢠Similarly, for each ðð decrypt ðððð,0 or ðððð,1â¢Evaluate(ï¿œÌï¿œð¶, {ðððððððð,ðððððð,ðð}) outputs ðžðžðžðžðð ðððððµðµ ,ðð
![Page 26: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/26.jpg)
How to compress more keys/Bootstrapping?
⢠Using a Merkel Tree
⢠Exponentially Many Keys⢠Grow the tree dynamically â as needed
![Page 27: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/27.jpg)
Chameleon Encryption
Five Algorithms: (ðð,ð»ð»,ð»ð»â1,ðžðž,ð·ð·)
ðð 1ðð,ðžðž â ðð, ð¡ð¡ ðð is the hash Keyðð is the hash trapdoor
H ðð, ð¥ð¥; ðŽðŽ â â â is short (say ðð-bits)ððâðð ðð, (ðð, ðð),ððð â ððð ð¯ð¯ ðð,ðð; ðð = ð¯ð¯(ðð,ððâ²; ððâ²)
ðžðž ðð, (â, ðð, ðð),ðð â ðð where ðð â ðžðž and ðð â 0,1ð·ð· ðð, (ð¥ð¥, ðŽðŽ) â ðð if ð»ð» ðð, ð¥ð¥; ðŽðŽ = â and ð¥ð¥ðð = ðð
Security: ðð, ð¥ð¥, ðŽðŽ,ðžðž ðð, (â, ðð, 1 â ð¥ð¥ðð), 0 â ðð, ð¥ð¥, ðŽðŽ,ðžðž ðð, (â, ðð, 1 â ð¥ð¥ðð), 1
![Page 28: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/28.jpg)
Bootstrapping
ðð0
ðð1
ððâ
â0,0
â1,0 â1,1
ââ,0 ââ,1 ââ,2ââ2 ââ,2ââ1
ðððð,ðð = ð»ð»â1(ð¡ð¡ðð , (0â, ðŽðŽðð,ððâ² ),âðð+1,2ðð|âðð+1,2ðð+1)
âðð,ðð = ð»ð»(ðððð , 0â; ðŽðŽðð,ððâ² )
ð¡ð¡0
ððð ð ðð
ð¡ð¡1
ð¡ð¡â
ðððð,ðð = ð»ð»â1(ð¡ð¡0, (0â, ðŽðŽ0,0â² ),â1,0|â1,1)
![Page 29: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/29.jpg)
Bootstrapping
ðððð,ðððð0
ðð1
ððâ
ðððð,ðð
ððâ,ðð
â0,0
â1,0 â1,1
ââ,0 ââ,1 ââ,2ââ2 ââ,2ââ1
Secret-key for ðŒðŒð·ð·
ðððð,ðð = ð»ð»â1(ð¡ð¡ðð , (0â, ðŽðŽðð,ððâ² ),âðð+1,2ðð|âðð+1,2ðð+1)
âðð,ðð = ð»ð»(ðððð , 0â; ðŽðŽðð,ððâ² )
ð¡ð¡0
ððð ð ðð
ð¡ð¡1
ð¡ð¡â
![Page 30: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/30.jpg)
Bootstrapping
ðððð,ðððð0
ðð1
ððâ
ðððð,ðð
ððâ,ðð
â0,0
â1,0 â1,1
ââ,0 ââ,1 ââ,2ââ2 ââ,2ââ1
Cipher for ðŒðŒð·ð·,ðð
ðð
ï¿œð¶ð¶0
ï¿œð¶ð¶1
ï¿œð¶ð¶â
![Page 31: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/31.jpg)
Open Problems and Related Works
⢠Can we make the scheme efficient?⢠IBE from any PKE?⢠ABE from weaker assumptions?
⢠Techniques have other applications:⢠Laconic OT [CDGGMP17]⢠Anonymous IBE [BLSV18]⢠Circular Security [BLSV18,DGHM18,KT18]⢠Two-round MPC [GS17, GS18, BL18]⢠Adaptive garbled circuits/RAM [GS18a, GS18b]⢠Laconic Function Evaluation [QWW18]
![Page 32: Identity Based Encryption from the Diffie-Hellman Assumptionâ¬ÂŠÂ · ðžðžðððð,ðŒðŒ,ððð·ð·âðð encrypt using ððððand ðŒðŒð·ð·](https://reader036.fdocuments.us/reader036/viewer/2022062403/604e5b8e110d5334e7695ec3/html5/thumbnails/32.jpg)
Thank You! Questions?