An IBE Technique Using Partial Discrete Logarithm

Available online at www.sciencedirect.com

ScienceDirect Procedia Computer Science 93 (2016) 735 – 741

6th International Conference On Advances In Computing & Communications, ICACC 2016, 6-8 September 2016, Cochin, India

An IBE Technique using Partial Discrete Logarithm Chandrashekhar Y. Meshrama*, P. L. Powara, Mohammad S. Obaidatb Fellow of IEEE, Cheng-Chi Leec,d a

Department of Mathematics and Computer Sciences, Rani Durgavati University, Jabalpur(M.P.), India b Department of Computer and Information Sciences, Fordham University, Bronx, NY 10458, USA c Department of Library and Information Science, Fu Jen Catholic University, New Taipei, Taiwan 24205, R.O.C. d Department of Photonics and Communication Engineering, Asia University, Wufeng Shiang, Taichung, Taiwan 413, R.O.C.

Abstract: An IBE (identity-based encryption) technique is a very valuable implement in cryptography and have numerous potential applications. The security of conventional IBE technique entirely relies on upon the protection of private keys. Disclosure of private keys wants reissuing all beforehand assigned encryptions. This confinement turns out to be more evident nowadays as key disclosure is more basic with expanding utilization of mobile and unprotected devices. Under this foundation, justifying the damage of key disclosure in IBE is a critical issue. To manage this issue, we plan to participate advancing safety into IBE. In this article, we present a new development of IBE technique that is semantically secure against chosen ciphertext attack (IND-ID-CCA) in random oracle model. Click insertPublished your abstract text. B.V. This is an open access article under the CC BY-NC-ND license © 2016here The and Authors. by Elsevier © 2016 The Authors. Published by Elsevier B.V. (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-reviewunder underresponsibility responsibility of the Organizing Committee of ICACC Peer-review of the Organizing Committee of ICACC 2016 2016. Keywords: Cryptography; IBE; PDL; Random oracle; IND-ID-CCA

1. Introduction An IBE (identity-based encryption) technique is a one of public key encryption component, where a subjective string, for example, the beneficiary's identity, can function as same public key. This comfort eliminates the essential

* Corresponding author. Tel.:+91-7509549730. E-mail address: [email protected]

1877-0509 © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the Organizing Committee of ICACC 2016 doi:10.1016/j.procs.2016.07.282

736

Chandrashekhar Y. Meshram et al. / Procedia Computer Science 93 (2016) 735 – 741

to appropriate public key declarations. Then again, in ordinary public key encryption technique, it is unavoidable to get to the online public key index with a specific end goal to acquire people in public keys. IBE technique are to a great extent inspired by numerous applications, for example encrypting messages with the beneficiary's email address. Shamir18 presented the ideas of ID-based cryptography (IBC) to streamline the certificate management in email system in 1984. In IBC, the unmistakeable identities of a client is utilized as the general the public key, while the secrete key connected with that identities is processed and issued covertly to client by a trusted outsider named Private Key Generator (PKG). In such formal setting the main thing that ought to be certificated is the public constraints of the PKG, so IBC definitely decreases the requirement for declarations. In 2001 Cocks5 and Boneh and Franklin3 presented two IBE techniques, individually. In their other article4, Boneh and Franklin utilized a class of bilinear maps as the premise of their development. This has prompted various IBE techniques1, 2, 19, among others, which depend on bilinear maps. The first efficient probably secure IBE technique was presented by Boneh and Franklin3, 4. The novel methodology they utilized depends on a class of bilinear maps. Taking after their work, various of IBE technique utilizing bilinear maps were projected. For instance, Boneh and Boyen1 planned a protected IBE techniques without random oracles. After Waters19 introduced an effective and protected IBE technique without random oracles, Boneh and Boyen2 contributed additional effective IBE technique without random oracles, which is safe in the selective identity model. In any case, as piercing out in7, even the effective technique similar3 are still altogether slower than general public key cryptosystems such as ElGamal. Interestingly, our IBE technique is practically as quick as the ElGamal in encryption and decryption phases. Meshram et al.8-10 presented some new efficient IBE technique and ID-based mechanisms based on discrete logarithm (DL), generalized discrete logarithm (GDL) and factoring. The security of this techniques are solving the hardness of DL, GDL and factoring simultaneously. Meshram and Meshram11, 12 investigate the new variants of ID-based beta cryptographic technique and transformation process such as public key cryptographic technique transfer to ID-based cryptographic technique without developing new ID-based technique. Meshram13-15 presented new provably secure ID-based cryptographic technique, new variant of ID-based beta cryptographic technique, and efficient technique based on factoring and DL. It is as low as ElGamal technique. Recentaly Meshram and Obaidat16 also showed new variant of ID-based cryptographic technique such as quadratic-exponentiation randomized cryptographic technique. As outlined in the above, we presented IBE technique and verified a formal security proof for semantically secure against IND-ID-CCA under the PDL suspicion in the random oracle utilizing the reversing technique presented by Boneh and Franklin4. The rest of this article is organized as fellows. Required background material is introduced in Section 2. Our efficient IBE technique based on PDL is presented in Section 3. The consistency of algorithm is explained in Section 4. Security investigation of new technique is discussed in Section 5. Lastly, Section 6 concludes the article. 2. Background and Material 2.1. Mathematical assumption The security of our technique will be reduced to the complexity of the Partial Discrete Logarithm (PDL) issue in the group in which the signature is developed. We quickly survey the definition 6, 17 The Partial Discrete Logarithm (PDL) Let ܰ ൌ ँऀ be a number, with ँ and ऀ are primes of the structure andँ ൌ ʹँǯ ൅ ͳand ऀ ൌ ʹऀǯ ൅ ͳ, whereँǯ and ऀǯ are also primes. We indicate by ܵሺκሻ the arrangements of prime numbers of length κ. We consider ਽ ൌ ܴܳேమ the cyclic group of quadratic residues modulo ܰ ଶ . We have ‫݀ݎ݋‬ሺ਽ሻ ൌ ேఒሺேሻ

ఒ൫ேమ ൯ ଶ

ൌ ऀऀᇱ ँँᇱ ൌ

ேఒሺேሻ ଶ

ǡ with ߣሺܰሻ ൌ ʹँԢऀԢ.

The maximal order of a component in this group is , and each component of order ܰ is of the form ߙ ൌ ሺͳ ൅ ݇ܰሻǤ ଶ Definition 1 (PDL): Let ԭ be a component of maximal order in ਽ . For straightforwardness, we assume that ԭ ఒሺேሻ ݉‫ ܰ݀݋‬ଶ ൌ ሺͳ ൅ ܰሻ݉‫ ܰ݀݋‬ଶ , that is ݇ ൌ ͳ . For given ԭ and ‫ ݖ‬ൌ ԭ௪ ݉‫ ܰ݀݋‬ଶ (for few ‫ א ݓ‬ሾͳǡ ‫݋‬ሺ਽ሻሿ , Paillier19 defined the PDL as the computational issue of computing ‫ݓ‬ሺ݉‫ܰ݀݋‬ሻ. We anticipate this issue is difficult,

Chandrashekhar Y. Meshram et al. / Procedia Computer Science 93 (2016) 735 – 741

as stated in the accompanying suspicion. Assumption 1 (PDL over ࣴே‫ כ‬మ ). For each probabilistic polynomial time (PPT) algorithm ि, there exists a negligible function ݈݊݁݃ሺሻ such that for adequately extensive ‫ݐ‬. ௧ ” ቂिሺܰǡ ԭǡ ‫ݖ‬ሻ ൌ ܽሺ݉‫ܰ݀݋‬ሻȁँǡ ऀ ՚ ܵܲ ቀ ቁ Ǣ ܰ ൌ ँऀǢ ԭ ՚ ਽Ǣ ܽ ՚ ሾͳǡ ‫݀ݎ݋‬ሺ‫ܩ‬ሻሿǢ ‫ ݖ‬՚ ԭ௔ ሺ݉‫ ܰ݀݋‬ଶ ሻቃ ൌ ‡‰Žሺ‫ݐ‬ሻ ଶ

3. Proposed IBE Technique In this section, we proposed an IBE technique. It contains the following four components 3.1. Setup By taking in security parameterሺࣽǡ ‫ݐ‬ሻ, this process will be done by PKG as follows: Select two huge prime numbers ँ and ऀ such that ܰ ൌ ँऀ and let ਽ be a multiple group of maximal order with generator ԭ such that ਽ ‫ࣴ ك‬ே‫ כ‬మ  Ǥ b. Generate ‫ݐ‬dimension secret vectors ܼ ൌ  ሺऊଵ ǡ Ǥ Ǥ Ǥ ǡ ऊ௧ ሻ, where ऊ௜ is randomly selected from ࣴே‫ כ‬. c. Generate the corresponding ‫ ݐ‬dimension public vectors ܺ ൌ  ሺईଵ ǡ Ǥ Ǥ Ǥ Ǥ ǡ ई௧ ሻǡ where ई௜ ൌ  ԭ ऊ೔ ሺ݉‫ ܰ݀݋‬ଶ ሻ and ݅ ‫  א‬ሺͳǡ ‫ݐ‬ሻ. d. Construct hash function ԰ଵ ‫  ׷‬ሼͲǡ ͳሽ‫ כ‬՜ ሼͲǡ ͳሽ௧ . e. Construct two functions such that ԰ଶ ‫ ׷‬਽ ՜ ሼͲǡ ͳሽκ ǡ ԰ଷ ‫ ׷‬਽ ൈ ሼͲǡ ͳሽκ ՜ ࣴே‫ כ‬మ  The master key of PKG is a set to be ݉݇ ൌ  ሼܰǡ ܼሽ and the public parameters of PKG are ‫ ݉݌‬ൌ ሼ‫ܩ‬ǡ ԭǡ ‫ݐ‬ǡ ܺǡ ԰ଵ ǡ ԰ଶ ǡ ԰ଷ ሽ. a.

3.2. Extract For a given ࣻࣸ ‫  א‬ሼͲǡ ͳሽ‫ כ‬, the process executes the next: a. Compute ԰ଵ ሺࣻࣸሻ ՜ ሺࣺଵ ǡ Ǥ Ǥ Ǥ ǡ ࣺ௧ ሻ and assume that ࣺ௜ is the ݅ ௧௛ bit of ԰ଵ ሺࣻࣸሻ, where ݅ ‫  א‬ሺͳǡ ‫ݐ‬ሻ. b. Calculate the secrete key as takes after: ௧

ऊࣻࣸ ൌ ෍ ࣺ௜ ऊ௜ ሺ݉‫ ܰ݀݋‬ଶ ሻ ௜ୀଵ

c.

Calculate the comparing public key as takes after: ईࣻࣸ ൌ ς௧௜ୀଵሺ‫ݕ‬௜ ሻ ࣺ೔ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ς௧௜ୀଵሺԭ௜ ሻࣺ೔ऊ೔ ሺ݉‫ ܰ݀݋‬ଶ ሻ  ൌ ԭ ऊࣻࣸ ሺ݉‫ ܰ݀݋‬ଶ ሻ.

3.3. Encryption A message ࣾ ‫  א‬ሼͲǡ ͳሽ‫ כ‬is encrypted for ࣻࣸ as takes after: a. Select arbitrary value ‫ࣴ א ݎ‬ே‫ כ‬and compute ‫ܥ‬ଵ ൌ ‫ݎ‬ईࣻࣸ ԰యሺ௥ǡࣾሻ ሺ݉‫ ܰ݀݋‬ଶ ሻǤ ԰య ሺ௥ǡࣾሻ ଶ ሺ݉‫ ܰ݀݋‬ሻ. b. Compute ‫ܥ‬ଶ ൌ  ԭ c. Compute ‫ܥ‬ଷ ൌ ࣾ۩԰ଶ ሺ‫ݎ‬ሻሺ݉‫ ܰ݀݋‬ଶ ሻ The cipertext is set by ‫ ܥ‬ൌ  ሺ‫ܥ‬ଵ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻǤ 3.4. Decryption To decrypt the ciphertext ࡯ under clients identity ࣻࣸ, the user can decrypt ‫ ܥ‬using his private key ऊࣻࣸ as follows: ‫ܥ‬ଷ ۩԰ଶ ቆ

‫ܥ‬ଵ ऊ

‫ܥ‬ଶ ࣻࣸ

ቇ ሺ݉‫ ܰ݀݋‬ଶ ሻ

737

738

Chandrashekhar Y. Meshram et al. / Procedia Computer Science 93 (2016) 735 – 741

4. Consistency of the algorithm For the correctness of above process, we have ‫ܥ‬ଵ ‫ ࣸࣻݕݎ‬԰య ሺ௥ǡࣾሻ ‫ݎ‬ሺԭ ऊࣻࣸ ሻ԰య ሺ௥ǡெሻ ‫ܥ‬ଷ ۩԰ଶ ቆ ऊࣻࣸ ቇ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ  ‫ܥ‬ଷ ۩԰ଶ ቆ ԰ ሺ௥ǡࣾሻ ऊ ቇ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ  ‫ܥ‬ଷ ۩԰ଶ ቆ ԰ ሺ௥ǡࣾሻ ऊ ቇ ሺ݉‫ ܰ݀݋‬ଶ ሻ ሺԭ య ሻ ࣻࣸ ሺԭ య ሻ ࣻࣸ ‫ܥ‬ଶ ‫ ݃ݎ‬ऊࣻࣸ ԰య ሺ௥ǡࣾሻ ൌ  ‫ܥ‬ଷ ۩԰ଶ ቆ ԰ ሺ௥ǡࣾሻ௫ ቇ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ‫ܥ‬ଷ ۩԰ଶ ሺ‫ݎ‬ሻሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ࣾሺ݉‫ ܰ݀݋‬ଶ ሻ ࣻࣸ ԭ య 5. Security analysis and discussion In this area, we demonstrated the security of IBE technique is semantically secure against IND-ID-CCA in the random oracle, utilizing the reversing procedure presented by Boneh and Franklin4. Theorem 1. Let hash functions԰ଵ be random oracle, then our IBE technique is ሺࣽ଴ ǡ ࣽଵ ǡ ߳ሻ-semantically protected against IND-ID-CCA under the decisional ሺͳ െ ᐯሻ߳ሺࣽሻ in the random oracle. Proof. Expect that there occurs a ሺࣽ଴ ǡ ࣽଵ ǡ ߳ሻ IND-ID-CCA foe ृ against IBE techniqueǤ We build an IND-CCA algorithm  to perform the IND-CCA game with the challenger to disruption the encryption technique. To get a good advantage, ि simulates the IND-ID-CCA challenger to perform an IND-ID-CCA game with the foe ृ. We give a detailed description takes after. Setup: suppose thatࣽ ൌ  ࣽ଴  ൅  ࣽଵ . Algorithm ि acquires the public constraints ሺ‫ܩ‬ǡ ܰǡ ԭǡ ԰ଵ ǡ ԰ଶ ሻ and public key ‫ ܣ‬ൌ  ԭ௔ of the encryption technique from the challenger. Algorithm ि arbitrarily selects ‫ݒ‬ଵ ǡ ‫ݒ‬ଶ ǡ ‫ݒ‬ଷ ǡ Ǥ Ǥ Ǥ Ǥ Ǥ ǡ ‫ݒ‬௧ ‫ࣴ א‬ே‫ כ‬and ሺࣽ ൅ ͳሻ݊ -dimensional binary vectors ܸ௜ ൌ ሺࣺଵ௜ ǡ ࣺଶ௜ ǡ ࣺଷ௜ ǡ ǥ ǥ ǡ ࣺ௧௜ ሻ் , where ݅ ‫  א‬ሺͳǡ ࣽሻ is uniform and independent. The main contrast is that ि replaces the zero vector in the right side of Equation (1) with ܷଵ ൌ ሺͳǡ Ǥᇥ ǡͳ ǡ Ͳǡ Ǥᇥ ǡͲሻ் . ि arbitrarily selects ‫ݑ‬ଵ ǡ Ǥ Ǥ ǡ ‫ݑ‬௧ ‫ࣴ א‬ே‫  כ‬fulfilling the accompanying mathematical statements ᇣᇧǥ ᇤᇧ ᇣᇧǥ ᇤᇧ ࣽభ ାଵ

ࣽబ

framework: ࣺଵଵ ࣺଶଵ ሺ—ଵ ǡ Ǥ Ǥ ǡ —୲ ሻ ൮ ‫ڭ‬ ࣺ୲ଵ

ࣺଵଶ ࣺଶଶ ‫ڭ‬ ࣺ୲ଶ

ࣺଵଷ ࣺଶଷ ‫ڭ‬ ࣺ୲ଷ

ǥǥǥ ǥǥǥ ǥǥǥ ǥǥǥ

ࣺଵࣽ ࣺଶࣽ ൲ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ሺͲǡ Ǥ Ǥ ǡͲሻሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ Ͳ ‫ڭ‬ ࣺ୲ࣽ

(1)

and ࣺଵଵ ࣺଶଵ ሺ—ଵ ǡ Ǥ Ǥ Ǥ ǡ —୲ ሻ ൮ ‫ڭ‬ ࣺ୲ଵ

ࣺଵଶ ࣺଶଶ ‫ڭ‬ ࣺ୲ଶ

ࣺଵଷ ࣺଶଷ ‫ڭ‬ ࣺ୲ଷ

ǥǥǥ ǥǥǥ ǥǥǥ ǥǥǥ

ࣺଵࣽ ࣺଶࣽ ൲ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ܷଵ் ሺ݉‫ ܰ݀݋‬ଶ ሻ ‫ڭ‬ ࣺ୲ࣽ

(2)

Assuming no ሺ‫ݑ‬ଵ ǡ ǥ Ǥ Ǥ ǡ ‫ݑ‬௧ ሻ fulfills the Equation (2), then aborts. The algorithm ि arbitrarily selects one of them. At that point ि sets the public parameter ܺ and corresponding master private key is given by ܼ as takes after separately ܺ ൌ ሺ‫ܣ‬௨భ ԭ௩భ ǡ ǥ ǡ ‫ܣ‬௨೟ ԭ௩೟ ሻሺ݉‫ ܰ݀݋‬ଶ ሻ, ܼ ൌ ሺܽ‫ݑ‬ଵ ൅ ‫ݒ‬ଵ ǡ ǥ ǡ ܽ‫ݑ‬௞ ൅ ‫ݒ‬௞ ሻሺ݉‫ ܰ݀݋‬ଶ ሻ Note that ि doesn’t know ܽ. Algorithm ि provides the public constraints ሺ‫ܩ‬ǡ ܰǡ ԭǡ ‫ݐ‬ǡ ܺǡ ԰ଵ ǡ ԰ଶ ሻ to the foe ृ. Random Oracle Inquiries: The foe ृ requirements to make inquiries to the random oracle ԰ଵ when he needs to get hash values. Such inquiries can be made in any of the remaining stages of the IND-ID-CCA game. ि answers random oracle inquiries as takes after. Despite everything we accept that ‫ݍ‬԰భ is a polynomial upper bound of the quantity of random oracle inquiries. ि arbitrarily selects ߤଵ ǡ ߤଶ ‫  ك‬൫ͳǡ ʹǡ Ǥ Ǥ Ǥ Ǥ ǡ ܰ԰భ ൯freely such that ȁߤଵ ȁൌ  ࣽ଴ ǡ ȁߤଶ ȁ ൌ  ࣽଵ ൅ ͳ .

Chandrashekhar Y. Meshram et al. / Procedia Computer Science 93 (2016) 735 – 741

To reply the random oracle inquiries, ि keeps up a list ԰ଵ ௅௜௦௧  ൌ‫ࣸࣻۃ‬௜ ǡ ԰ଵ ሺࣻࣸ௜ ሻǡ ߙ௜ ‫ۄ‬, where ࣻࣸ௜ is an identity that has performed in the before random oracle inquiries and ߙ௜ ‫ א‬ሼͲǡ ͳǡ ʹሽ is assigned when ि reacts to the inquiry. Let ԰ଵ ௅௜௦௧ denote this list of tuples; toward the starting, ԰ଵ ௅௜௦௧ is vacant. At the point when there is a random oracle inquiry ࣻࣸ௜ , ि reacts as takes after: 1. If ࣻࣸ௜ is previously in list ԰ଵ ௅௜௦௧ , then ि answers with the noted hash value ԰ଵ ሺࣻࣸ௜ ሻ. 2. If ࣻࣸ௜ is the ݅Ԣ th new inquiry to the random oracle and ݅ ᇱ ‫ߤ א‬ଶ െ ߤଵ, and ݅Ԣ is the ̶݅th smallest component in ߤଶ െ ߤଵ ; then ि sets ԰ଵ ሺࣻࣸ௜ ሻ  ൌ  ሺࣺଵ௜̶ ǡ Ǥ Ǥ Ǥ ǡ ࣺ௧௜̶ ሻ and ߙ௜ ൌ ʹ. ि answers to ृ with ԰ଵ ሺࣻࣸ௜ ሻ and records the tuple ‫ࣸࣻۃ‬௜ ǡ ԰ଵ ሺࣻࣸ௜ ሻǡ ߙ௜ ‫ ۄ‬in ԰ଵ ௅௜௦௧ . 3. If ࣻࣸ௜ is the ݅Ԣth new inquiry to the random oracle and ݅ ᇱ ‫ߤ א‬ଵ , ݅Ԣ is the ̶݅th smallest component in ߤଵ and that ݆ ൌ  ࣽଵ ൅ ̶݅; then ि sets ԰ଵ ሺࣻࣸ௜ ሻ  ൌ  ሺࣺଵ௝ ǡ Ǥ Ǥ Ǥ ǡ ࣺ௧௝ ሻand ߙ௜ ൌ ͳ. At that point ि answers to ृ with ԰ଵ ሺࣻࣸ௜ ሻ and records the tuple ‫ࣸࣻۃ‬௜ ǡ ԰ଵ ሺࣻࣸ௜ ሻǡ ߙ௜ ‫ ۄ‬in ԰ଵ ௅௜௦௧ . Something else, ि arbitrarily selects a binary string ࣺଵ௟ ǡ Ǥ Ǥ ǡ ࣺ௧௟ ‫ א‬ሼͲǡ ͳሽ௧ that is not in the list ԰ଵ ௅௜௦௧ , sets ԰ଵ ሺࣻࣸ௜ ሻ  ൌ  ࣺଵ௟ ǡ Ǥ Ǥ ǡ ࣺ௧௟ and ߙ௜ ൌ Ͳ . At that point ि answers to ृ with ԰ଵ ሺࣻࣸ௜ ሻ and records the tuple ‫ࣸࣻۃ‬௜ ǡ ԰ଵ ሺࣻࣸ௜ ሻǡ ߙ௜ ‫ ۄ‬in ԰ଵ ௅௜௦௧ . Stage 1: Private key extraction inquiries. For each private key extraction inquiry ࣻࣸ௜ issued by the foe ृ, algorithm ि reacts as takes after: 4.

1.

In the event that ࣻࣸ௜ performs in ԰ଵ ௅௜௦௧ andߙ௜ ് ʹ, or ࣻࣸ௜ doesn’t perform in ԰ଵ ௅௜௦௧ and all the ܸ௝ created in the Setup stage have been utilized in answering the earlier inquiries, then the ि restarts the IND-ID-CCA game; in specifically, ि requirements to re-select the set ߤ ‫  ك‬ሺͳǡ ʹǡ Ǥ Ǥ Ǥ Ǥ ǡ ܰ԰భ ሻ in the resumed game. Letter that ि can restart the IND-ID-CCA game at most ሺ‫ܥ‬ேࣽାଵ െ ͳሻ times. Uncertainty the time of resuming the IND-ID-CCA ԰ భ

2.

game surpasses this quantity, then ि aborts, yielding a consistently arbitrary bit as ߪԢ. If ࣻࣸ௜ performs in ԰ଵ ௅௜௦௧ and ߙ௜ ൌ ʹ, then ि computes ऊࣻࣸ೔ ൌ  σ௧ःୀଵ ࣺᇱः௜ ‫ݒ‬ः  and answers with ऊࣻࣸ೔ , where ࣺᇱः௜ is the ः ௧௛ bit of recorded value ԰ଵ ሺࣻࣸ௜ ሻ .

3.

If ࣻࣸ௜ doesn’t perform in ԰ଵ ௅௜௦௧ and there exists ܸ௝ produced in the Setup stage that was never utilized in answering the part inquiries, then ि selects such a never used ܸ௝ , sets ԰ଵ ሺࣻࣸ௜ ሻ  ൌ  ࣺଵ௝ ǡ Ǥ Ǥ ǡ ࣺ௧௝ and ߙ௜ ൌ ʹ,

answers the inquiry using ऊࣻࣸ೔ ൌ  σ௧ःୀଵ ࣺः௜ ‫ݒ‬ः , and records the tuple ‫ࣸࣻۃ‬௜ ǡ ԰ଵ ሺࣻࣸ௜ ሻǡ ߙ௜ ‫ ۄ‬in ԰ଵ ௅௜௦௧ . Note that: ௧

ऊࣻࣸ೔ ൌ  ෍

ःୀଵ

௧

ൌ ܽ෍

௧

ࣺः௜ ‫ݔ‬ः ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ  ෍

௦ୀଵ

௧

ࣺः௜ ‫ݑ‬ः ሺ݉‫ ܰ݀݋‬ଶ ሻ  ൅ ෍

ःୀଵ

ःୀଵ

ࣺः௜ ሺܽ‫ݑ‬ः ൅ ‫ݒ‬ः ሻሺ݉‫ ܰ݀݋‬ଶ ሻ ௧

ࣺः௜ ‫ݒ‬ः ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ෍

ःୀଵ

ࣺः௜ ‫ݒ‬ः ሺ݉‫ ܰ݀݋‬ଶ ሻ

where the previous expression is because of Eq.(1). So the overhead task of ऊࣻࣸ೔ is legitimate. Ciphertext inquiries. For each ciphertext inquiry ‫ࣸࣻۃ‬௜ ǡ ‫ܥ‬௜ ‫ ۄ‬issued by the foe , where ‫ܥ‬௜  ൌ  ሺ‫ܥ‬ଵ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻ, then ि answers as takes after: 1. In the event that ࣻࣸ௜ performs in ԰ଵ ௅௜௦௧ and ߙ௜ ൌ Ͳ, or ࣻࣸ௜ doesn’t perform in ԰ଵ ௅௜௦௧ and all the ܸ௝ ǡ ሺͳ ൑ ݆ ൑ ࣽଵ ሻ, produced in the Setup stage have been utilized as a part of answering to the past inquiries, then ि restarts the IND-ID-CCA game; specifically, ि needs to re-select the sets ߤଵ and ߤଶ in resumed game. Letter that ि can െ ͳሻtimes. Uncertainty the time of resuming the IND-ID-CCA resume the IND-ID- CCA game at most ሺ‫ܥ‬ேࣽାଵ ԰ భ

game surpasses this number, then ि aborts, yielding a consistently arbitrary bit. 2.

If ࣻࣸ௜ performs in ԰ଵ ௅௜௦௧ and ߙ௜ ൌ ͳ, then ि calculates the private key ऊࣻࣸ೔ . At that point decrypts ‫ܥ‬௜ using ऊࣻࣸ೔ and answers to ृ using the plaintext.

739

740

Chandrashekhar Y. Meshram et al. / Procedia Computer Science 93 (2016) 735 – 741

If ࣻࣸ௜ performs in ԰ଵ ௅௜௦௧ and ߙ௜ ൌ ʹ, then ि develops ‫ܥ‬௜ᇱ ൌ  ሺ‫ܥ‬ଵ ‫ܥ‬ଶି௩ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻ where ‫ ݒ‬ൌ  σ௧௟ୀଵ ࣺᇱ௟௜ ‫ݒ‬௟ , and ࣺᇱ௟௜ is the ݈th bit of the recorded value ԰ଵ ሺࣻࣸ௜ ሻ. Then ि issues ‫ܥ‬௜ᇱ to challenger as a ciphertext inquiry and straight on the response of the challenger back to ृ.

3.

If ࣻࣸ௜ doesn’t perform in ԰ଵ ௅௜௦௧ and there exists ܸ௝ ǡ ሺͳ ൑ ݆ ൑  ࣽଵ ሻ, created in the Setup stage which never performed in the past inquiries, then ि selects such a ܸ௝ and sets ԰ଵ ሺࣻࣸ௜ ሻ  ൌ  ࣺଵ௝ ǡ Ǥ Ǥ ǡ ࣺ௧௝ and ߙ௜ ൌ ʹ. At that ௧ ࣺᇱ௟௜ ‫ݒ‬௟ . point ि develops ‫ܥ‬௜ᇱ ൌ  ሺ‫ܥ‬ଵ ‫ܥ‬ଶି௩ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻǢ where ‫ ݒ‬ൌ  σ௟ୀଵ ᇱ The algorithm issues ‫ܥ‬௜ to the challenger as a ciphertext inquiry and forwards the answer of the challenger back to ृ. The algorithm ि records the tuple ‫ࣸࣻۃ‬௜ ǡ ԰ଵ ሺࣻࣸ௜ ሻǡ ߙ௜ ‫ ۄ‬in ԰ଵ ௅௜௦௧ . Note that, if ߙ௜ ൌ ʹ, then by Equation (2) we have ‫ ݑ‬ൌ ͳ. So: ः ‫ݎ‬ईࣻࣸ ሺԭ ः ሻି௩ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ‫ݎ‬ሺԭ௔௨ା௩ ሻः ሺԭ ः ሻି௩ ሺ݉‫ ܰ݀݋‬ଶ ሻ ൌ ‫ݎ‬ሺԭ௔ ሻ ः ሺ݉‫ ܰ݀݋‬ଶ ሻ ೔ 4.

Hence, the above developments of ‫ ܥ‬ᇱ is legitimate. Challenge: The foe ृ submits two plaintexts ࣾ଴ ǡ ࣾଵ  ‫ א‬ሼͲǡ ͳሽκ and an identity ࣻࣸ௖௛ that doesn’t equal any ࣻࣸ௜ performed in the private key extraction inquiries. The algorithm ि reacts as takes after: 1.

If ࣻࣸ௖௛ performs in ԰ଵ ௅௜௦௧ and ߙ௜ ൌ Ͳ, then the ि restarts the IND-ID-CCA game; specifically, the ि re-selects the sets ߤଵ and ߤଶ in the restarted game. Review that ि can restart at most ሺ‫ܥ‬௤௞ାଵ െ ͳሻ times. Uncertainty the time ԰భ of resuming the IND-ID-CCA game surpasses this quantity, then the ि aborts, yielding a consistently random bit.

2. 3.

If ࣻࣸ௖௛ performs in ԰ଵ ௅௜௦௧ and ߙ௜ ൌ ʹ, then the ि submits ሺࣾ଴ ǡ ࣾଵ ሻ to the challenger. Assume that challenger sends back a challenge ሺ‫ܥ‬ଵ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻ. At that point ि sends ሺ‫ܥ‬ଵ ‫ܥ‬ଶ௩ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻ to ृ as a challenge. If ࣻࣸ௖௛ doesn’t perform in ԰ଵ ௅௜௦௧ , then the ि sets ԰ଵ ሺࣻࣸ௖௛ ሻ  ൌ  ࣺଵ଴ ǡ Ǥ Ǥ Ǥ ǡ ࣺ௧଴ . At that point ि records the tuple

‫ࣸࣻۃ‬௖௛ ǡ ԰ଵ ሺࣻࣸ௖௛ ሻǡ Ͳ‫ ۄ‬in ԰ଵ ௅௜௦௧ and submits ሺࣾ଴ ǡ ࣾଵ ሻ to the challenger. Assume that the challenger sends back a challenge ሺ‫ܥ‬ଵ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻ. Generally as in the past case, the ि sends ሺ‫ܥ‬ଵ ‫ܥ‬ଶ௩ ǡ ‫ܥ‬ଶ ǡ ‫ܥ‬ଷ ሻ to ृ as a challenge. Stage 2: ि reacts to the private key extraction inquiries and ciphertext inquiries similarly as in Stage 1. Guess: ि forwards the yield of the foe ृ to the challenger as his own particular yield. Obviously conditional probability that the algorithm ि gains the IND-CCA game when the ि doesn’t abort is equal to the probability that ृ wins the IND-ID-CCA game. Thus, we just need to bound the probability that ि doesn’t abort. There are three reasons that cause the ि aborts (a) In Stage 1 or Stage 2, a private key extraction inquiry prompts െ ͳǤ (b) In Stage 1 or Stage 2, a decryption resume the IND-ID-CCA game but the times of resuming surpasses ‫ܥ‬ேࣽାଵ ԰ భ

െ ͳǤ (c) In the challenge inquiry prompts resume the IND-ID-CCA game but the times of resuming surpasses ‫ܥ‬ேࣽାଵ ԰ భ

െ ͳǤ stage, the challenge prompts resume the IND-ID-CCA game but the times of resuming surpasses ‫ܥ‬ேࣽାଵ ԰ భ

Claim: The total probability are most

ଵ ఊ

ଵ

ǡ ,ʹ௞ି௧ when ि is aborts for reason first, second and third respectively ఊ

Proof. For the first reason with one selection ofߤ, the probability that there is a secrete key extraction inquiry prompting resuming of the IND-ID-CCA game is at most ቆͳ െ 

ଵ ࣽశభ ஼ಿ ԰భ

ࣽ

ቇǤ Suppose that ‫݌‬଴ ൌ ‫ܥ‬ே԰బ ǡ and ‫ ݌‬ൌ ‫ܥ‬ேࣽାଵ , then, ԰ భ

భ

ଵ

௣

ଵ

the probability that ‫ ݌‬choices of ߤଵ all initiate to resuming of the IND-ID-CCA game is at most ቀͳ െ  ቁ ൎ  . ࣽ ାଵ

௣బ

ఊ

Also for the second reason, suppose‫݌‬ଵ ൌ ‫ܥ‬ே԰భ , then the probability that ‫ ݌‬choices of ߤଶ all initiate resuming of the ଵ

௣

భ

ଵ

IND-ID-CCA game is at most ቀͳ െ  ቁ ൎ  . ௣భ

ఊ

For the third reason, we consider the circumstance that the binary vector ܸ ᇱ ൌ ሺࣺԢଵ ǡ ǥ ǡ ࣺԢ௧ ሻ் is a linear combination of ܸ௝ ሺͳ ൑ ݆ ൑ ‫ݐ‬ሻǤ observing the matrix,‫ܯ‬௧ሺࣽାଵሻ ൌ ሺܸ ᇱଵ ǡ ǥ ǡ ܸ ᇱ ࣽ ǡ ܸԢሻ where ࣽ ൅ ͳ ൑ ‫ݐ‬, it is a linear combination matrix in the above circumstance. Assume the rank of this matrix ‫ܯ‬௧ሺࣽାଵሻ is Ԣ , where ‫ݐ‬Ԣ ൑ ࣽ. That is, there exist ‫ݐ‬Ԣ row of ‫ܯ‬௧ሺࣽାଵሻ that are linearly independent. Without loss of sweeping statement, assume that the first ‫ݐ‬Ԣ row of ‫ܯ‬௧ሺࣽାଵሻ are linearly independent. Also, let ‫ܯ‬௧ ᇲ௧ ᇲ indicate the ‫ ݐ‬ᇱ -dimensional vector containing of the ‫ݐ‬Ԣ linearly

Chandrashekhar Y. Meshram et al. / Procedia Computer Science 93 (2016) 735 – 741 ᇲ

independent components of ܸ௝ Ǥ So we have ȁ‫ܯ‬௧ ᇲ௧ ᇲ ȁ ൑ ʹ௧ ൑ ʹࣽ . Subsequently there are absolutely ʹ௧ t-dimensional binary vectors, the probability that the aborts for ܸԢ is linear combination of ܸ௝ ሺͳ ൑ ݆ ൑ ‫ݐ‬ሻ is ʹࣽି௧ ሺࣽ ൏ ‫ݐ‬ሻǤ That is, ଵ

ଵ

ఊ

ఊ

the total probability that the aborts for the first, second and third reason are most ᐯ ൌ ቀ ൅ ൅ ʹࣽି௧ ቁǤ In conclusion, the probability that ि doesn’t abort during simulation are at least ሺͳ െ ᐯሻǤTherefore the advantages that ि wins the IND-CCA game is at least ሺͳ െ ᐯሻ߳ሺࣽሻǤ explicitly, the advantage that ृ wins the IND-ID-CCA game is at least ሺͳ െ ᐯሻ߳ሺࣽሻ.This finishes the evidence of Theorem 1. 6. Conclusion In this article, we planned an efficient IBE technique using PDL. Its unforgeability can be decreased to the complexity of the PDL, which is a essential obstinate issue in field of cryptography. IBE technique is semantically secure against IND-ID-CCA under PDL assumption in random oracle model. It is easy to see that our presented IBE technique requires that ࣽ ൏ ‫ݐ‬, i.e., that the complete quantity of private key extraction inquiries ought to be not as much as ‫ݐ‬. A fascinating open inquiry is whether we can outline an IBE technique that has similar effectiveness, but doesn’t require ࣽ ൏ ‫ݐ‬. Acknowledgements This work was supported by Dr. D.S. Kothari fellowship awarded by University Grants Commission, New Delhi, India References 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19.

Boneh D, and Boyen X. Secure identity based encryption without random oracles. Advances in Cryptology-CRYPTO 2004, Lecture Notes in Computer Science. Berlin: Springer- Verlag. 2004:3152:443-459. Boneh D, and Boyen X. Efficient selective-id secure identity based encryption without random oracles. Advances in CryptologyEUROCRYPT 2004, Lecture Notes in Computer Science. Berlin: Springer-Verlag. 2004:3027:223-238. Boneh D, and Franklin MK, Identity-based encryption from the Weil Pairing. Advances in Cryptology-CRYPTO 2001, Lecture Notes in Computer Science. Berlin: Springer-Verlag. 2001:2193:213-229. Boneh D, and Franklin MK. Identity based encryption from the Weil pairing. SIAM Journal of Computing. 2003:32 (3):586–615. Cocks C. An identity based encryption scheme based on quadratic residues. International Conference on Cryptography and Coding (Proceedings of IMA), Lecture Notes in Computer Science, Springer-Verlag. 2001: 2260: 360–363. Das A, Adhikari A. An efficient IND-CCA2 secure Paillier-based cryptosystem. Information Processing Letters. 2012:112: 885–888 Galindo D. The Exact Security of Pairing Based Encryption and Signature Schemes. Working Draft, November 1, 2004. Available at http://www.cs.ru.nl/ dgalindo/galindoEcrypt.pdf. Meshram C, Meshram S and Zhang M. An ID-based cryptographic mechanisms based on GDLP and IFP. Information Processing Letters. 2012:112(19):753–758. Meshram C, Huang X, and Meshram S. New Identity-based cryptographic scheme for IFP and DLP based cryptosystem. International Journal of Pure and Applied Mathematics. 2012:81(1):65-79 Meshram C, Meshram S and Ram C. Constructing identity-based cryptographic scheme for beta cryptosystem. International Journal of Applied Mathematics. 2012: 25(5):609-624 Meshram C and Meshram S. An identity-based cryptographic model for discrete logarithm and integer factoring based cryptosystem. Information Processing Letters. 2013:113(10-11):375-380 Meshram C and Meshram S. An Identity based Beta Cryptosystem. IEEE Proceedings of 7th International Conference on Information Assurance and Security (IAS 2011).2011:298-303 Meshram C. An Efficient ID-based Cryptographic Encryption based on Discrete Logarithm Problem and Integer Factorization Problem. Information Processing Letters.2015:115 (2):351-358 Meshram C. An efficient ID-based Beta Cryptosystem, International Journal of Security and Its Applications. 2015:9(2):189-202 Meshram C. Factoring and Discrete Logarithm using IBC. International Journal of Hybrid Information Technology.2015:8(3):121-132. Meshram C and Obaidat MS. An ID-based Quadratic-Exponentiation Randomized Cryptographic Scheme. IEEE Proceeding of International Conference on Computer, Information and Telecommunication Systems. 2015:1-5 Paillier P. Public key cryptosystem based on discrete logarithm residues. In Eurocrypt’ 99, Lecture Notes in Computer Science, Springer, Berlin. 1999: 1592: 223-238. Shamir A, Identity-based cryptosystems and signature schemes. Proceedings of CRYPTO’84, Lecture Notes in Computer Science, SpringerVerlag. 1984:196:47–53. Waters B., Efficient identity-based encryption without random oracles, Advances in Cryptology-CRYPTO 2005, Lecture Notes in Computer Science. Berlin: Springer-Verlag, vol. 3494, (2005), pp. 114-127.

741