π€ AI Summary
This work proposes a lattice-based forward-secure identity-based encryption scheme grounded in the Ring Learning With Errors (RLWE) assumption to address the high overhead of traditional public key infrastructure in the Internet of Things (IoT) and the challenge of simultaneously achieving post-quantum security and lightweight efficiency in existing forward-secure constructions. By integrating, for the first time in ring-lattice structures, a binary tree-based minimal cover mechanism with trapdoor delegation techniques, the scheme enables efficient key updates and communication. It significantly reduces the sizes of public keys, private keys, and ciphertexts, thereby offering strong post-quantum security while remaining highly suitable for resource-constrained IoT devices.
π Abstract
The rapid expansion of the Internet of Things (IoT) has led to an unprecedented scale of data exchange across heterogeneous and resource-constrained devices. Ensuring confidentiality and secure key management in such environments is challenging. Traditional public-key infrastructures require heavy certificate-handling overhead. Identity-Based Encryption (IBE) offers a lightweight alternative by deriving public keys directly from device identities, making it attractive for IoT deployments. However, IoT devices are highly vulnerable to side-channel and key-extraction attacks, motivating the need for Forward-Secure IBE(FS-IBE), where the compromise of a current secret key does not threaten past communications. Existing FS-IBE constructions based on classical hardness assumptions are not secure in the era of post-quantum, while the lattice-based (LWE-based) forward-secure scheme suffer from large key and ciphertext sizes, limiting their suitability for constrained IoT systems. Here, we propose a new lattice-based fs-IBE scheme in the ring setting, relying on the RLWE assumption to achieve post-quantum security and significant efficiency gains. Our design uses trapdoor delegation with a minimal-cover mechanism over a binary tree. It results in compact public parameters and efficient per-epoch key updates. Compared to prior LWE-based constructions, our scheme reduces public key, secret key, and ciphertext sizes, and thus, making it better suited for practical IoT environments.