Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications

Amit Agarwal; Rex Fernando; Benny Pinkas

doi:10.1007/978-3-032-01881-6_3

Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications

Amit Agarwal
, Rex Fernando
, Benny Pinkas

Department of Computer Science

University of Illinois at Urbana-Champaign
Aptos

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

We propose a new cryptographic primitive called “batched identity-based encryption” (Batched IBE) and its thresholdized version. The new primitive allows encrypting messages with specific identities and batch labels, where the latter can represent, for example, a block number on a blockchain. Given an arbitrary subset of identities for a particular batch, our primitive enables efficient issuance of a single decryption key that can be used to decrypt all ciphertexts having identities that are included in the subset while preserving the privacy of all other ciphertexts. At the heart of our construction is a new technique that enables public aggregation (i.e. without knowledge of any secrets) of any subset of identities, into a succinct digest. This digest is used to derive, via a master secret key, a single succinct decryption key for all identities that were digested in this batch. In a threshold system, where the master key is distributed as secret shares among multiple authorities, our method significantly reduces the communication (and in some cases, computation) of the authorities. It achieves this by making their costs for key issuance independent of the batch size. We present a concrete instantiation of a Batched IBE scheme based on the KZG polynomial commitment scheme by Kate et al. (Asiacrypt’10) and a modified form of the BLS signature scheme by Boneh et al. (Asiacrypt’01). The construction is proven secure in the generic group model (GGM). In a blockchain setting, the new construction can be used for achieving mempool privacy by encrypting transactions to a block, opening only the transactions included in a given block and hiding the transactions that are not included in it. With the thresholdized version, multiple authorities (validators) can collaboratively manage the decryption process. Other possible applications include scalable support via blockchain for fairness of dishonest majority MPC, and conditional batched threshold decryption that can be used for implementing secure Dutch auctions and privacy preserving options trading.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings
Editors	Yael Tauman Kalai, Seny F. Kamara
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	69-100
Number of pages	32
ISBN (Print)	9783032018809
DOIs	https://doi.org/10.1007/978-3-032-01881-6_3
State	Published - 2025
Event	45th Annual International Cryptology Conference, CRYPTO 2025 - Santa Barbara, United States Duration: 17 Aug 2025 → 21 Aug 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	16002 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	45th Annual International Cryptology Conference, CRYPTO 2025
Country/Territory	United States
City	Santa Barbara
Period	17/08/25 → 21/08/25

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2025.

Access to Document

10.1007/978-3-032-01881-6_3

Cite this

Agarwal, A., Fernando, R., & Pinkas, B. (2025). Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications. In Y. Tauman Kalai, & S. F. Kamara (Eds.), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings (pp. 69-100). (Lecture Notes in Computer Science; Vol. 16002 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-01881-6_3

Agarwal, Amit ; Fernando, Rex ; Pinkas, Benny. / Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications. Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. editor / Yael Tauman Kalai ; Seny F. Kamara. Springer Science and Business Media Deutschland GmbH, 2025. pp. 69-100 (Lecture Notes in Computer Science).

@inproceedings{d438181517c74f01adcad9acca5aa382,

title = "Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications",

abstract = "We propose a new cryptographic primitive called “batched identity-based encryption” (Batched IBE) and its thresholdized version. The new primitive allows encrypting messages with specific identities and batch labels, where the latter can represent, for example, a block number on a blockchain. Given an arbitrary subset of identities for a particular batch, our primitive enables efficient issuance of a single decryption key that can be used to decrypt all ciphertexts having identities that are included in the subset while preserving the privacy of all other ciphertexts. At the heart of our construction is a new technique that enables public aggregation (i.e. without knowledge of any secrets) of any subset of identities, into a succinct digest. This digest is used to derive, via a master secret key, a single succinct decryption key for all identities that were digested in this batch. In a threshold system, where the master key is distributed as secret shares among multiple authorities, our method significantly reduces the communication (and in some cases, computation) of the authorities. It achieves this by making their costs for key issuance independent of the batch size. We present a concrete instantiation of a Batched IBE scheme based on the KZG polynomial commitment scheme by Kate et al. (Asiacrypt{\textquoteright}10) and a modified form of the BLS signature scheme by Boneh et al. (Asiacrypt{\textquoteright}01). The construction is proven secure in the generic group model (GGM). In a blockchain setting, the new construction can be used for achieving mempool privacy by encrypting transactions to a block, opening only the transactions included in a given block and hiding the transactions that are not included in it. With the thresholdized version, multiple authorities (validators) can collaboratively manage the decryption process. Other possible applications include scalable support via blockchain for fairness of dishonest majority MPC, and conditional batched threshold decryption that can be used for implementing secure Dutch auctions and privacy preserving options trading.",

author = "Amit Agarwal and Rex Fernando and Benny Pinkas",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 45th Annual International Cryptology Conference, CRYPTO 2025 ; Conference date: 17-08-2025 Through 21-08-2025",

year = "2025",

doi = "10.1007/978-3-032-01881-6\_3",

language = "אנגלית",

isbn = "9783032018809",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "69--100",

editor = "\{Tauman Kalai\}, Yael and Kamara, \{Seny F.\}",

booktitle = "Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings",

address = "גרמניה",

}

Agarwal, A, Fernando, R & Pinkas, B 2025, Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications. in Y Tauman Kalai & SF Kamara (eds), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science, vol. 16002 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 69-100, 45th Annual International Cryptology Conference, CRYPTO 2025, Santa Barbara, United States, 17/08/25. https://doi.org/10.1007/978-3-032-01881-6_3

Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications. / Agarwal, Amit; Fernando, Rex; Pinkas, Benny.
Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. ed. / Yael Tauman Kalai; Seny F. Kamara. Springer Science and Business Media Deutschland GmbH, 2025. p. 69-100 (Lecture Notes in Computer Science; Vol. 16002 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications

AU - Agarwal, Amit

AU - Fernando, Rex

AU - Pinkas, Benny

PY - 2025

Y1 - 2025

N2 - We propose a new cryptographic primitive called “batched identity-based encryption” (Batched IBE) and its thresholdized version. The new primitive allows encrypting messages with specific identities and batch labels, where the latter can represent, for example, a block number on a blockchain. Given an arbitrary subset of identities for a particular batch, our primitive enables efficient issuance of a single decryption key that can be used to decrypt all ciphertexts having identities that are included in the subset while preserving the privacy of all other ciphertexts. At the heart of our construction is a new technique that enables public aggregation (i.e. without knowledge of any secrets) of any subset of identities, into a succinct digest. This digest is used to derive, via a master secret key, a single succinct decryption key for all identities that were digested in this batch. In a threshold system, where the master key is distributed as secret shares among multiple authorities, our method significantly reduces the communication (and in some cases, computation) of the authorities. It achieves this by making their costs for key issuance independent of the batch size. We present a concrete instantiation of a Batched IBE scheme based on the KZG polynomial commitment scheme by Kate et al. (Asiacrypt’10) and a modified form of the BLS signature scheme by Boneh et al. (Asiacrypt’01). The construction is proven secure in the generic group model (GGM). In a blockchain setting, the new construction can be used for achieving mempool privacy by encrypting transactions to a block, opening only the transactions included in a given block and hiding the transactions that are not included in it. With the thresholdized version, multiple authorities (validators) can collaboratively manage the decryption process. Other possible applications include scalable support via blockchain for fairness of dishonest majority MPC, and conditional batched threshold decryption that can be used for implementing secure Dutch auctions and privacy preserving options trading.

AB - We propose a new cryptographic primitive called “batched identity-based encryption” (Batched IBE) and its thresholdized version. The new primitive allows encrypting messages with specific identities and batch labels, where the latter can represent, for example, a block number on a blockchain. Given an arbitrary subset of identities for a particular batch, our primitive enables efficient issuance of a single decryption key that can be used to decrypt all ciphertexts having identities that are included in the subset while preserving the privacy of all other ciphertexts. At the heart of our construction is a new technique that enables public aggregation (i.e. without knowledge of any secrets) of any subset of identities, into a succinct digest. This digest is used to derive, via a master secret key, a single succinct decryption key for all identities that were digested in this batch. In a threshold system, where the master key is distributed as secret shares among multiple authorities, our method significantly reduces the communication (and in some cases, computation) of the authorities. It achieves this by making their costs for key issuance independent of the batch size. We present a concrete instantiation of a Batched IBE scheme based on the KZG polynomial commitment scheme by Kate et al. (Asiacrypt’10) and a modified form of the BLS signature scheme by Boneh et al. (Asiacrypt’01). The construction is proven secure in the generic group model (GGM). In a blockchain setting, the new construction can be used for achieving mempool privacy by encrypting transactions to a block, opening only the transactions included in a given block and hiding the transactions that are not included in it. With the thresholdized version, multiple authorities (validators) can collaboratively manage the decryption process. Other possible applications include scalable support via blockchain for fairness of dishonest majority MPC, and conditional batched threshold decryption that can be used for implementing secure Dutch auctions and privacy preserving options trading.

UR - https://www.scopus.com/pages/publications/105014168167

U2 - 10.1007/978-3-032-01881-6_3

DO - 10.1007/978-3-032-01881-6_3

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:105014168167

SN - 9783032018809

T3 - Lecture Notes in Computer Science

SP - 69

EP - 100

BT - Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings

A2 - Tauman Kalai, Yael

A2 - Kamara, Seny F.

PB - Springer Science and Business Media Deutschland GmbH

T2 - 45th Annual International Cryptology Conference, CRYPTO 2025

Y2 - 17 August 2025 through 21 August 2025

ER -

Agarwal A, Fernando R, Pinkas B. Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications. In Tauman Kalai Y, Kamara SF, editors, Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 69-100. (Lecture Notes in Computer Science). doi: 10.1007/978-3-032-01881-6_3