Hierarchical Identity-Based Lossy Trapdoor Functions

Lossy trapdoor functions, introduced by Peikert and Waters (STOC’08), have received a lot of attention in the last years, because of their wide range of applications in theoretical cryptography. The notion has been recently extended to the identity-based scenario by Bellare et al. (Eurocrypt’12). We provide one more step in this direction, by considering the notion of hierarchical identity-based lossy trapdoor functions (HIB-LTDFs). Hierarchical identity-based cryptography generalizes identitybased cryptography in the sense that identities are organized in a hierarchical way; a parent identity has more power than its descendants, because it can generate valid secret keys for them. Hierarchical identity-based cryptography has been proved very useful both for practical applications and to establish theoretical relations with other cryptographic primitives. In order to realize HIB-LTDFs, we first build a weakly secure hierarchical predicate encryption scheme. This scheme, which may be of independent interest, is then used as a key ingredient to design a HIBLTDF. By appropriately choosing parameters, the resulting function can be proved secure against either selective or adaptive adversaries although the underlying predicate encryption system is only selectively secure. Combining this new function with well-known results in the area, we notably obtain hierarchical identity-based encryption schemes and forward-secure cryptosystems that are deterministic or maintain some security when messages are encrypted using randomness of poor quality.