Hierarchical Identity-based Puncturable Encryption from Lattices with Application to Forward Security

Puncturable encryption (PE), introduced by Green and Miers at IEEE S$&$P 2015, allows recipients to update their decryption keys to revoke decryption capability for selected messages without communicating with senders. In general, it allows users to control which ciphertexts their keys may decrypt. The notion of PE has been found very useful in many applications, such as asynchronous messaging systems, group messaging systems, public-key watermarking schemes, secure cloud emails, and many more. In this paper, we introduce a new primitive called hierarchical identity-based puncturable encryption (HIBPE) that enhances the concept of PE by allowing more general key delegation and flexible key puncture. It enhances the capability of the data owner for multi-level encrypted data sharing within a group of users by delegating the decryption keys of the users in higher-levels to generate decryption keys for the users in lower-levels. Moreover, it allows users to puncture (update) their decryption keys on tags so that a decryption key punctured on a tag can no longer decrypt ciphertexts under this tag. In addition, to control access to the users' data, the higher-level users can further puncture the delegated keys (for lower-level users) with some tags such that the part of the owner's data is labeled by the punctured tags will no longer be accessible by the lower-level users. These features offer an efficient and flexible solution for encrypted data sharing as well as data-access control mechanisms in a hierarchical setting. We propose the formal definition and security model for HIBPE schemes and provide a concrete HIBPE scheme based on the hardness of the learning with errors problem in the standard model. Further, we provide a generic construction of forward secure hierarchical identity-based encryption (fs-HIBE) from HIBPE, which enables the first quantum-safe construction of fs-HIBE in the standard model. Moreover, this is the first fs-HIBE construction by exploring the concept of PE. The proposed fs-HIBE provides quantum-safe protection for secret keys from exposure in multi-level encrypted data sharing by evolving the keys with time.