On the Analysis of the Outsourced Revocable Identity-Based Encryption from Lattices.

For identity-based encryption (IBE) with identity revocation, or simply revocable IBE (R-IBE), an indirect revocation method in which a trusted center (i.e., private key generator, PKG) initially generates all users' long-term private keys and periodically issues time update keys for non-revoked users seems to be a flexible choice, because it invites a sender to generate ciphertexts without caring about revoked (and non-revocked) users. However, these computation and communication overheads in frequent time keys update operations remain as a daunting task for PKG. In order to alleviate the offload of PKG and improve its scalability in the quantum computers attack environment, Dong et al. recently extended the concept of R-IBE to support outsourcing computation with a semi-trusted key update cloud service provider (KU-CSP), and proposed an outsourced revocable lattice-based IBE (OR-IBE) scheme. In this work, we show that the OR-IBE scheme of Dong et al. does not satisfy the correctness property of OR-IBE, meanwhile, it is not decryption key exposure resistance (DKER), a default security requirement for R-IBE. In addition, we provide a modification of their construction to be a correct and secure OR-IBE scheme. In particular, the first lattice-based OR-IBE scheme with DKER is introduced.