Efficient (Anonymous) Compact HIBE from Standard Assumptions

We present two hierarchical identity-based encryption (HIBE) schemes, denoted as H-1 and H-2, from Type-3 pairings with constant sized ciphertexts. Scheme H-1 achieves anonymity while H-2 is non-anonymous. The constructions are obtained by extending the IBE scheme recently proposed by Jutla and Roy (Asiacrypt 2013). Security is based on the standard decisional Symmetric eXternal Diffie-Hellman (SXDH) assumption. In terms of provable security properties, previous direct constructions of constant-size ciphertext HIBE had one or more of the following drawbacks: security in the weaker model of selective-identity attacks; exponential security degradation in the depth of the HIBE; and use of non-standard assumptions. The security arguments for H-1 and H-2 avoid all of these drawbacks. Based on the current state-of-the-art, H-1 and H-2 are the schemes of choice for efficient implementation of (anonymous) HIBE constructions.