# Post-Quantum Secure Lightweight Revocable IBE with Decryption Key Exposure Resistance

**Authors:** Dandan Zhang, Hongwei Ju, Zixuan Yan, Shanqiang Feng, Fengyin Li

PMC · DOI: 10.3390/e27111160 · Entropy · 2025-11-14

## TL;DR

This paper introduces a new post-quantum secure identity-based encryption system that efficiently handles user revocation and maintains security even if decryption keys are exposed.

## Contribution

A dual-key trapdoor method is proposed to reduce ciphertext redundancy in revocable identity-based encryption with decryption key exposure resistance.

## Key findings

- The proposed scheme generates a single ciphertext per plaintext message, reducing computational and communication overhead.
- The system achieves post-quantum security based on LWE and ISIS hardness assumptions.
- Indirect revocation is enabled through controllable key derivation using identity and time keys.

## Abstract

Revocable Identity-Based Encryption (RIBE) can dynamically revoke users whose secret keys have been compromised, ensuring a system’s backward security. An RIBE scheme with decryption key exposure resistance (DKER) guarantees the confidentiality of ciphertext during any time period where the decryption key remains undisclosed. Existing RIBE schemes with DKER generate O(rlog(N/r)) ciphertexts for each plaintext message. Redundant ciphertexts impose significant computational burdens on users and substantial communication overhead on the system. To reduce high computation and communication overhead in existing schemes, this paper proposes a dual-key combination trapdoor generation method. Based on the proposed method, an indirect RIBE scheme with DKER is constructed, reducing ciphertext redundancy and obtaining computation and communication efficiency. Firstly, this paper proposes a dual-key combination trapdoor generation mechanism. By constructing an Inhomogeneous Small Integer Solution (ISIS) instance, the Key Generation Center (KGC) generates and distributes short bases to users as their identity keys. Subsequently, based on the constructed ISIS instance, a new inverse ISIS instance is derived. Furthermore, during each time period, KGC generates short bases for all non-revoked users as their time keys. By linearly combining their identity key with the corresponding time key, every non-revoked user can derive a re-randomized decryption key, achieving controlled key derivation. Secondly, based on the proposed method, a Post-Quantum Secure, Lightweight RIBE scheme with DKER (PQS-LRIBE-DKER) is constructed. For every non-revoked user, their identity key and time key serve as their own user secret key and key update, respectively. Controllable key derivation enables indirect revocation of the scheme. By adopting an indirect revocation, the PQS-LRIBE-DKER scheme achieves a single ciphertext per plaintext message, significantly reducing the sender’s computational load and the system’s communication overhead. Finally, under the hardness assumptions of the Learning with Errors (LWE) and ISIS problems, we prove that the proposed scheme achieves selective identity security in the standard model.

## Full-text entities

- **Chemicals:** IBE (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12651543/full.md

## Figures

3 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12651543/full.md

## References

26 references — full list in the complete paper: https://tomesphere.com/paper/PMC12651543/full.md

---
Source: https://tomesphere.com/paper/PMC12651543