What is the main difference between Anonymous HIBE and Anonymous Predicate Encryption? In my opinion, both work for the same concept in different ways.
Asked
Active
Viewed 90 times
1 Answers
2
Identity-based encryption (IBE) uses the receiver's identity as a public key. The sender specifies an identity that the receiver with a matching identity already has. An IBE scheme is anonymous if a ciphertext does not reveal the identity of the recipient.
"Hierarchical IBE (HIBE) is a generalization of IBE that mirrors an organizational hierarchy. An identity at level $k$ of the hierarchy tree can issue private keys to its descendant identities, but cannot decrypt messages intended for other identities."[1] (p.1; details are given in Section 2.1) (HIBE) is a scheme "in which an identity is a vector of strings $id= (id_1, \ldots,id_l)$ with the understanding that when $l = 0$ this is the empty vector $()$." See this paper, especially pp. 19 and 20, for the quote and more information. For more about IBE, see Adi Shamir's Identity-based cryptosystems and signature scheme (1984).
Anonymous IBE (A-IBE) aims to hide attributes. It is an early example of public key predicate encryption. Anonymous HIBE offers hierarchical key delegation and fully anonymous ciphertexts.[2] Anonymous HIBE is a form of IBE that does not leak the identity of the sender. D. Bonah et al. have characterized the security of HIBE as IND-ID-CCA and IND-ID-CPA (p.4; paper listed below).
In predicate encryption (PE), secret keys correspond to predicates. The master secret key owner can issue tokens that allow access to specific data. This scheme can be useful in controlling access to classified information--think of keywords associated with classified data. It is also used in biometric matching and secure cloud storage. Predicate encryption generalizes attribute-based encryption (ABE). ABE has to do with access that follows from the data's attributes, and is probably based on an access roster and policy. ABE treats a set of attributes as if it were an identity. Again, PE is useful for precise access control over encrypted data--namely, who gets to see what. Anonymous predicate encryption hides the users' identity; for example, from a server that controls users' access privileges.
The main difference between anonymous HIBE and anonymous PE is that the latter offers granular access control over encrypted data.
[1] D. Boneh, X. Boyen, and E. Goh. Hierarchical Identity Based Encryption with Constant Size Ciphertext. In Advances in Cryptology—EURO-CRYPT 2005.
[2] X. Boyen and B. Waters. Anonymous hierarchical identity-based encryption (with-out random oracles). In Advances in Cryptology — Crypto 2006.
