Verifiable Random Functions from Identity-Based Key Encapsulation [chapter]

Michel Abdalla, Dario Catalano, Dario Fiore
2009 Lecture Notes in Computer Science  
We propose a methodology to construct verifiable random functions from a class of identity based key encapsulation mechanisms (IB-KEM) that we call VRF suitable. Informally, an IB-KEM is VRF suitable if it provides what we call unique decryption (i.e. given a ciphertext C produced with respect to an identity ID, all the secret keys corresponding to identity ID , decrypt to the same value, even if ID = ID ) and it satisfies an additional property that we call pseudorandom decapsulation. In a
more » ... hell, pseudorandom decapsulation means that if one decrypts a ciphertext C, produced with respect to an identity ID, using the decryption key corresponding to any other identity ID the resulting value looks random to a polynomially bounded observer. Interestingly, we show that most known IB-KEMs already achieve pseudorandom decapsulation. Our construction is of interest both from a theoretical and a practical perspective. Indeed, apart from establishing a connection between two seemingly unrelated primitives, our methodology is direct in the sense that, in contrast to most previous constructions, it avoids the inefficient Goldreich-Levin hardcore bit transformation.
doi:10.1007/978-3-642-01001-9_32 fatcat:gr7ftwcwibcwphhml3rvas5qce