Paper 2023/1435

Identity-Based Matchmaking Encryption, Revisited: Efficient Constructions with Strong Security

Abstract

Identity-based matchmaking encryption (IB-ME) [Ateniese et al., Crypto 2019] allows users to communicate privately, anonymously, and authentically. After the seminal paper by Ateniese et al., much work has been done on the security and construction of IB-ME. In this work, we revisit the security definitions of IB-ME and provide improved constructions. First, we classify the existing security notions of IB-ME, systematically categorizing privacy into three categories (CPA, CCA, and privacy in the case of mismatch) and authenticity into four categories (NMA and CMA, both against insiders and outsiders). In particular, we reconsider privacy when the sender's identity is mismatched during decryption and provide a new simple security game called mismatch security, capturing its essence. Second, we propose efficient and strongly secure IB-ME schemes from the bilinear Diffie-Hellman assumption in the random oracle model and from anonymous identity-based encryption and identity-based signature in the quantum random oracle model. The first scheme is based on Boneh-Franklin IBE, similar to the Ateniese et al. scheme, but ours achieves a more compact decryption key and ciphertext and stronger CCA-privacy, CMA-authenticity, and mismatch security. The second scheme is an improved generic construction, which achieves not only stronger security but also the shortest ciphertext among existing generic constructions. This generic construction provides a practical scheme from lattices in the quantum random oracle model.

Note: Revise our second construction to fix errors.