At Crypto'07, Goyal introduced the concept of Accountable AuthorityIdentity-Based Encryption as a convenient tool to reduce the amount of trust inauthorities in Identity-Based Encryption. In this model, if the Private KeyGenerator (PKG) maliciously re-distributes users' decryption keys, it runs therisk of being caught and prosecuted. Goyal proposed two constructions: thefirst one is efficient but can only trace well-formed decryption keys to theirsource; the second one allows tracing obfuscated decryption boxes in a model(called weak black-box model) where cheating authorities have no decryptionoracle. The latter scheme is unfortunately far less efficient in terms ofdecryption cost and ciphertext size. In this work, we propose a newconstruction that combines the efficiency of Goyal's first proposal with a verysimple weak black-box tracing mechanism. Our scheme is described in theselective-ID model but readily extends to meet all security properties in theadaptive-ID sense, which is not known to be true for prior black-box schemes.
展开▼
