Paper 2025/580

Efficient Revocable Identity-Based Encryption from Middle-Product LWE

Takumi Nishimura, University of Tokyo
Atsushi Takayasu, University of Tokyo
Abstract

The Middle-Product Learning with Errors (MPLWE) assumption is a variant of the Learning with Errors (LWE) assumption. The MPLWE assumption reduces the key size of corresponding LWE-based schemes by setting keys as sets of polynomials. Moreover, MPLWE has more robust security than other LWE variants such as Ring-LWE and Module-LWE. Lombardi et al. proposed an identity-based encryption (IBE) scheme (LVV-IBE) based on the MPLWE assumption in the random oracle model (ROM) by following Gentry et al.'s IBE scheme (GPV-IBE) based on LWE. Due to the benefit of MPLWE, LVV-IBE has a shorter master public key and a secret key than GPV-IBE without changing the size of a ciphertext. However, Lombardi et al.'s proof is not tight in the ROM, while Katsumata et al. proved that GPV-IBE achieves tight adaptive anonymity in the quantum ROM (QROM). Revocable IBE (RIBE) is a variant of IBE supporting a key revocation mechanism to remove malicious users from the system. Takayasu proposed the most efficient RIBE scheme (Takayasu-RIBE) based on LWE achieving tight adaptive anonymity in the QROM. Although a concrete RIBE scheme based on MPLWE has not been proposed, we can construct a scheme (LVV-based RIBE) by applying Ma and Lin's generic transformation to LVV-IBE. Due to the benefit of MPLWE, LVV-based RIBE has an asymptotically shorter master public key and a shorter secret key than Takayasu-RIBE although the former has a larger ciphertext than the latter. Moreover, the security proof is not tight and anonymous in the ROM due to security proofs of Ma-Lin and Lombardi et al. In this paper, we propose a concrete RIBE scheme based on MPLWE. Compared with the above RIBE schemes, the proposed RIBE scheme is the most asymptotically efficient since the sizes of a master public key and a secret key (resp. ciphertext) of the proposed scheme are the same as those of LVV-based RIBE scheme (resp. Takayasu-RIBE). Moreover, we prove the tight adaptive anonymity of the proposed RIBE scheme in the QROM. For this purpose, we also prove the tight adaptive anonymity of LVV-IBE in the QROM.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. ACISP 2025
Keywords
Identity-based EncryptionRevocable Identity-based EncryptionMiddle-Product Learning with Errors
Contact author(s)
takunishi23 @ g ecc u-tokyo ac jp
takayasu-a @ g ecc u-tokyo ac jp
History
2025-04-01: approved
2025-03-31: received
See all versions
Short URL
https://ia.cr/2025/580
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/580,
      author = {Takumi Nishimura and Atsushi Takayasu},
      title = {Efficient Revocable Identity-Based Encryption from Middle-Product {LWE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/580},
      year = {2025},
      url = {https://eprint.iacr.org/2025/580}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.