This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present disclosure that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present disclosure. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
Structure preserving techniques in cryptography, which aim at constructing primitives where plaintexts, ciphertexts and signatures that are compatible with the Groth-Sahai proof systems, is a hectic subject of research in cryptography, especially for pairing-based cryptography schemes. For these schemes, the plaintexts, ciphertexts and signatures must all live in a same group  in a configuration (; (T) of pairing-friendly groups. The article “Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups.” by Abe et al., published in the proceedings of the conference Crypto 2011, as well as the articles “Structure-Preserving Signatures and Commitments to Group Elements.”, by Abe et al. published at Crypto 2010 and “Structure Preserving CCA Secure Encryption and Applications.” by Camenisch et al., published in the proceedings of the conference Asiacrypt 2011, provide some insights of the discussed topic. To sum up, the following formal definition can be set up: a pairing-based cryptography scheme is said structure-preserving if the plaintext and all ciphertext components belong to a group  over which a bilinear map e:×→T is efficiently computable (with T is the target group). However, a lot of schemes cannot be easily modified in order to obtain such a feature in plaintexts, ciphertexts and signatures. More particularly, so far, all known pairing-based Identity Based Encryption (IBE) schemes, and their generalizations (that also comprise, for example, attribute-based encryption schemes), are designed to encrypt messages that are transformed into elements that live in the target group T (as main operation consist in multiplying the message by the result of a pairing operation that lies into (T) or that consist of a bit string. None of available IBE schemes makes it possible to encrypt elements of  while preserving the ability of efficiently proving that some committed message Mε is the plaintext. But, as IBE schemes, which allow one to encrypt messages using the identity of the receiver (e.g., his email address or his phone number) as a public key, are more and more used as substitute to cryptography based on certificates, it is important to provide an IBE scheme that has such a structure preserving property.
The problem is to construct an IBE where the message space is the group , where the arguments of the bilinear map are chosen, instead of the target group T. The scheme should also make it possible to efficiently prove (using the Groth-Sahai techniques as proposed for example in the article: “Efficient Non-interactive Proof Systems for Bilinear Groups” by J. Groth et al., published in the proceedings of the conference Eurocrypt 2008) that a committed group element coincides with an IBE-encrypted message.
The present disclosure aims to provide a fully collusion-resistant IBE scheme which is structure-preserving. This makes it possible to efficiently prove properties about encrypted messages using the non-interactive proof systems of Groth and Sahai. By “fully collusion-resistant”, we mean that the adversary is allowed to corrupt an a priori unbounded number of identities before attacking another identity. So far, such structure-preserving IBE schemes only resist a bounded number of corrupted users and the size of public parameters depends on the pre-determined bound.
At last, the present disclosure can be used as a primitive in order to construct a group signature scheme with message-dependent opening, as Sakai et al. showed in the article “Group Signatures with Message Dependent Opening”, published in the proceedings of the 5th International Conference on Pairing-Based Cryptography (Pairing 2012), that such an IBE was necessary to obtain it. Indeed, for lack of a satisfactory solution, the authors of this mentioned article used the q-resilient IBE system of Heng and Kurosawa detailed in the article “k-Resilient Identity-Based Encryption in the Standard Model.” by Heng et al., and published in CT-RSA'04, which is only secure against adversaries that are allowed at most q private key queries (and has public parameters of size O(q)). Hence, the present disclosure is a basic brick for providing the first efficient instantiation of a fully anonymous group signature with message-dependent opening. Indeed, the only available efficient construction is restricted to provide a weaker level of anonymity where the adversary is allowed an a priori bounded number of queries. As a consequence, if the adversary is allowed q queries, the group public key has size at least O(q). If we had a fully collusion-resistant Groth-Sahai-friendly IBE, we would avoid this overhead.