# Efficient Hierarchical Identity-Based Encryption System for Internet of Things Infrastructure

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Applications

#### 1.2. Our Contributions

#### 1.3. Related Work

#### 1.4. Paper Organization

## 2. Preliminaries

#### 2.1. Bilinear Groups

- (Bilinear) $\forall g,h\in \mathbb{G},a,b\in {\mathbb{Z}}_{N},e({g}^{a},{h}^{b})=e{(g,h)}^{ab}$.
- (Non-degenerate) $\exists g\in \mathbb{G}$ such that $e(g,g)$ has order N in ${\mathbb{G}}_{T}$.

#### 2.2. Complexity Assumptions

**Assumption**

**1.**

**Definition**

**1.**

**Assumption**

**2.**

**Definition**

**2.**

**Assumption**

**3.**

**Definition**

**3.**

#### 2.3. Hierarchical Identity-Based Encryption

**GlobalSetup**(${1}^{k}$): On input ${1}^{k}$ where k is a security parameter, it returns the public parameters $PK$ and a master secret key $MSK$.**KeyGen**($MSK,ID=(I{D}_{1},\dots ,I{D}_{j})$): On input $MSK$ and an identity $ID=(I{D}_{1},\dots ,I{D}_{j})$ of depth j, it returns a private key $SK$ of $ID=(I{D}_{1},\dots ,I{D}_{j})$.**Delegate**$(PK,S{K}_{ID=(I{D}_{1},\dots ,I{D}_{j})},I{D}_{j+1})$: On input $PK$, a private key for $ID=(I{D}_{1},\dots ,I{D}_{j})$, and an identity $I{D}_{j+1}$, it returns a private key for $ID$=($I{D}_{1},\dots ,I{D}_{j+1}$).**Encrypt**($PK,M,(I{D}_{1},\dots ,I{D}_{j})$): On input message M, $PK$, and identity $(I{D}_{1},\dots ,I{D}_{j})$, it returns a ciphertext C.**Decrypt**$(S{K}_{ID=(I{D}_{1},\dots ,I{D}_{j})},C)$: On input $S{K}_{ID=(I{D}_{1},\dots ,I{D}_{j})}$ and C, it returns the message M.

#### 2.4. Security Definition

**Setup:**The challenger $\mathcal{C}$ runs the

**GlobalSetup**algorithm and obtains the public parameters. $\mathcal{C}$ also maintains a set S for private keys it has created. Initially, $S=\varnothing $. $\mathcal{C}$ gives the public parameters to $\mathcal{A}$.

**Phase 1:**$\mathcal{A}$ issues the following queries:

**Create:**The identity vector $ID=(I{D}_{1},\dots ,I{D}_{j})$ of depth j is given to $\mathcal{C}$ by $\mathcal{A}$. $\mathcal{C}$ runs the**KeyGen**algorithm to generate the key for this identity vector. The key is then added in the set S. A reference of this key is returned to $\mathcal{A}$.**Delegate:**$\mathcal{A}$ specifies a private key $S{K}_{ID}$ in S and gives an identity $I{D}_{j+1}$ to $\mathcal{C}$. $\mathcal{C}$ runs the**Delegate**algorithm to generate a new private key for $ID$=($I{D}_{1},\dots ,I{D}_{j+1})$ and adds this key to S. It returns a reference of this key to $\mathcal{A}$.**Reveal:**$\mathcal{A}$ specifies an element of the set S. $\mathcal{C}$ gives this private key to $\mathcal{A}$ and removes it from S. At this point, $\mathcal{A}$ no longer needs to make delegation queries for this private key, as it can run the**Delegate**algorithm by itself.

**Challenge:**$\mathcal{A}$ gives two equal-length messages ${M}_{0}$ and ${M}_{1}$, as well as a challenge identity $I{D}^{\ast}$ to $\mathcal{C}$. The restriction is that no revealed identity in Phase 1 is a prefix of this challenge identity. $\mathcal{C}$ flips a coin $\beta \in \{0,1\}$ and encrypts ${M}_{\beta}$ under $I{D}^{\ast}$. It gives the resulting ciphertext ${C}^{\ast}$ to $\mathcal{A}$.

**Phase 2:**This phase is identical to Phase 1 with the restriction that any revealed identity must not be a prefix of the challenge identity $I{D}^{\ast}$.

**Guess.**$\mathcal{A}$ outputs a guess ${\beta}^{\prime}\in \{0,1\}$.

**Definition**

**4.**

## 3. Our Improved HIBE System

#### 3.1. Construction

**GlobalSetup**(${1}^{k}$): Let k be the security parameter, ${g}_{1},{h}_{1},{u}_{1}\in {\mathbb{G}}_{{q}_{1}},{U}_{3}\in {\mathbb{G}}_{{q}_{3}}$, and $\alpha \in {\mathbb{Z}}_{N}$. The public parameters $PK$ and master secret key $MSK$ are generated as:$$PK=\{N,{g}_{1},{h}_{1},{u}_{1},{U}_{3},e{({g}_{1},{g}_{1})}^{\alpha}\},MSK=\alpha .$$**KeyGen**($MSK,ID=(I{D}_{1},\dots ,I{D}_{j})$): The key generation algorithm first selects a random $r\in {\mathbb{Z}}_{N}$ and random elements ${R}_{3},{R}_{3}^{\prime},{R}_{3}^{\u2033}$ of ${\mathbb{G}}_{{q}_{3}}$. It then generates the private key for an identity $ID=(I{D}_{1},\dots ,I{D}_{j})$ of depth j by computing:$${K}_{1}={g}_{1}^{r}{R}_{3},{K}_{2}={g}_{1}^{\alpha}{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{r}{R}_{3}^{\prime},E={u}_{1}^{r}{R}_{3}^{\u2033}.$$**Delegate**$(PK,S{K}_{ID=(I{D}_{1},\dots ,I{D}_{j})},I{D}_{j+1})$: Given a private key $SK=({K}_{1}^{\prime},{K}_{2}^{\prime},{E}^{\prime})$ for ($I{D}_{1},\dots ,I{D}_{j}$), a new key for ($I{D}_{1},\dots ,I{D}_{j+1}$) is created as follows. The delegation algorithm selects a random ${r}^{\prime}\in {\mathbb{Z}}_{N}$ and random elements ${\tilde{R}}_{3},{\tilde{R}}_{3}^{\prime},{\tilde{R}}_{3}^{\u2033}\in {\mathbb{G}}_{{q}_{3}}$. The new key is computed as: ${K}_{1}={K}_{1}^{\prime}{g}_{1}^{{r}^{\prime}}{\tilde{R}}_{3},$ ${K}_{2}={K}_{2}^{\prime}{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{{r}^{\prime}}{\left({E}^{\prime}\right)}^{I{D}_{j+1}}{u}_{1}^{{r}^{\prime}I{D}_{j+1}}{\tilde{R}}_{3}^{\prime},$ $E={E}^{\prime}{u}_{1}^{{r}^{\prime}}{\tilde{R}}_{3}^{\u2033}.$ It outputs the private key for $ID=(I{D}_{1},\dots ,I{D}_{j},I{D}_{j+1})$ as $SK=({K}_{1},{K}_{2},E)$. We fully rerandomize this new key, i.e., the new key is only related to the values $I{D}_{1},\dots ,I{D}_{j}$ of the previous key.**Encrypt**($PK,M,(I{D}_{1},\dots ,I{D}_{j})$): To encrypt a message M under the public key $(I{D}_{1},\dots ,I{D}_{j})$, the encryption algorithm selects a random $s\in {\mathbb{Z}}_{N}$. It computes:$${C}_{0}=M\xb7e{({g}_{1},{g}_{1})}^{\alpha s},{C}_{1}={({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{s},{C}_{2}={g}_{1}^{s}.$$**Decrypt**$(S{K}_{ID=(I{D}_{1},\dots ,I{D}_{j})},C)$: Given an identity $(I{D}_{1},\dots ,I{D}_{j})$ and a ciphertext $C=({C}_{0},{C}_{1},{C}_{2})$, it decrypts the ciphertext with the private key $S{K}_{ID}=({K}_{1},{K}_{2},E)$ by first computing:$$\begin{array}{ccc}\hfill A& =& \frac{e({K}_{2},{C}_{2})}{e({K}_{1},{C}_{1})}\hfill \\ \hfill & =& \frac{e({g}_{1}^{\alpha}{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{r}{R}_{3}^{\prime},{g}_{1}^{s})}{e({g}_{1}^{r}{R}_{3},{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{s})}\hfill \\ \hfill & =& \frac{e{({g}_{1},{g}_{1})}^{\alpha s}\xb7e{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1},{g}_{1})}^{rs}\xb7e({R}_{3}^{\prime},{g}_{1}^{s})}{e{({g}_{1},{u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{rs}\xb7e({R}_{3},{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{s})}\hfill \\ \hfill & =& e{({g}_{1},{g}_{1})}^{\alpha s}\hfill \\ \hfill \end{array}$$The message is then recovered by computing:$${C}_{0}/A=M$$

#### 3.2. Semi-Functional Algorithms

## 4. Security Analysis

**:**The first game is the usual security game used for defining HIBE security. In this game, normal private keys and the challenge ciphertext are used between $\mathcal{A}$ and $\mathcal{C}$.

**:**This game is the same as ${\mathbf{Game}}_{\mathbf{Real}}$ with the exception that all key queries will be answered by fresh calls to the key generation algorithm (the challenger $\mathcal{C}$ will not be asked to delegate keys in a particular way).

**:**This game is almost identical to ${\mathbf{Game}}_{{\mathbf{Real}}^{\prime}}$ except that the adversary $\mathcal{A}$ is restricted from making key queries for identities, which are prefixes of the challenge identity modulo ${q}_{2}$.

**:**${\mathbf{Game}}_{k}$ is similar to ${\mathbf{Game}}_{\mathbf{Restricted}}$, except the following changes: 1. The first k keys are semi-functional for k from 0–w, where w denotes the number of key queries made by $\mathcal{A}$. The rest of the keys are normal. 2. The ciphertext given to $\mathcal{A}$ is semi-functional. In ${\mathbf{Game}}_{0}$, all of the keys are normal. and a semi-functional challenge ciphertext is given to $\mathcal{A}$. In ${\mathbf{Game}}_{w}$, all the keys and challenge ciphertext given to $\mathcal{A}$ are semi-functional.

**:**This game is the same as ${\mathbf{Game}}_{w}$, except that the challenger gives a semi-functional encryption of a random message to $\mathcal{A}$ as the challenge ciphertext. The random message is independent of the messages provided by $\mathcal{A}$.

**Lemma**

**1.**

**Proof.**

**Delegate**algorithm from a previous key or from a fresh call to the

**KeyGen**algorithm. $\mathcal{A}$’s view in ${\mathbf{Game}}_{{\mathbf{Real}}^{\prime}}$ is identical to its view in ${\mathbf{Game}}_{\mathbf{Real}}$. □

**Lemma**

**2.**

**Proof.**

- one of $a,b$ is ${q}_{1}$, and the other is ${q}_{2}{q}_{3}$;
- one of $a,b$ is ${q}_{2}$, and the other is ${q}_{1}{q}_{3}$;
- one of $a,b$ is ${q}_{3}$, and the other is ${q}_{1}{q}_{2}$.

- Case 1: $\mathcal{B}$ first tests whether ${\left({V}_{2}{V}_{3}\right)}^{a}=1$ or ${\left({V}_{2}{V}_{3}\right)}^{b}=1$. If either one of these equalities holds, then Case 1 occurs. $\mathcal{B}$ subsequently tests whether $e({T}^{a},{U}_{1}{U}_{2})=1$ (we assume without loss of generality that $a={q}_{1}$ and $b={q}_{2}{q}_{3}$). If the equality holds, $\mathcal{B}$ determines that $T\in {\mathbb{G}}_{{q}_{1}{q}_{3}}$. Otherwise, $T\in \mathbb{G}$.
- Case 2: $\mathcal{B}$ first tests whether ${\left({U}_{1}{U}_{2}\right)}^{a}=1$ or ${\left({U}_{1}{U}_{2}\right)}^{b}=1$. If neither of these holds and the test for Case 1 fails, then Case 2 occurs. Next, $\mathcal{B}$ can determine which of a, b is equal to ${q}_{1}{q}_{3}$ by testing which of ${g}_{1}^{a}$, ${g}_{1}^{b}$ is the identity. Without loss of generality, we assume that $a={q}_{2}$ and $b={q}_{1}{q}_{3}$. $\mathcal{B}$ subsequently tests whether ${T}^{b}=1$. If the equality holds, $\mathcal{B}$ determines that $T\in {\mathbb{G}}_{{q}_{1}{q}_{3}}$. Otherwise, $T\in \mathbb{G}$.
- Case 3: If the tests for Cases 1 and 2 fail, then Case 3 occurs. $\mathcal{B}$ can then determine which of a, b is equal to ${q}_{3}$ by testing which of ${U}_{3}^{a}$, ${U}_{3}^{b}$ is the identity. We assume without loss of generality that $a={q}_{3}$. $\mathcal{B}$ subsequently tests whether $e({T}^{a},{V}_{2}{V}_{3})=1$. If the equality holds, $\mathcal{B}$ determines that $T\in {\mathbb{G}}_{{q}_{1}{q}_{3}}$. Otherwise, $T\in \mathbb{G}$.

**Lemma**

**3.**

**Proof.**

**Lemma**

**4.**

**Proof.**

- For $i<k$, $\mathcal{B}$ selects random exponents $r,z,t,v\in {\mathbb{Z}}_{N}$ first and then creates a semi-functional key as: ${K}_{1}={g}_{1}^{r}{({V}_{2}{V}_{3})}^{t},$ ${K}_{2}={g}_{1}^{\alpha}{({u}_{1}^{I{D}_{1}+\dots +I{D}_{j}}{h}_{1})}^{r}{\left({V}_{2}{V}_{3}\right)}^{z},$ $E={u}_{1}^{r}{\left({V}_{2}{V}_{3}\right)}^{v}.$The semi-functional key is properly distributed with ${g}_{2}^{\gamma}={V}_{2}^{t}$. We note that values of t and zmodulo ${q}_{1}$ and modulo ${q}_{3}$ are uncorrelated by the Chinese remainder theorem.
- For $i>k$, $\mathcal{B}$ runs the
**KeyGen**algorithm to generate a normal key. - For $i=k$, $\mathcal{B}$ sets ${z}_{k}=a(I{D}_{1}+\cdots +I{D}_{j})+b$ first and then creates the following key by choosing random exponents ${w}_{k},w\in {\mathbb{Z}}_{N}$:$${K}_{1}=T,{K}_{2}={g}_{1}^{\alpha}{T}^{{z}_{k}}{U}_{3}^{{w}_{k}},E={T}^{a}{U}_{3}^{w}.$$

**Lemma**

**5.**

**Proof.**

**Theorem**

**1.**

**Proof.**

## 5. Performance Comparison

**KeyGen**,

**Encrypt**, and

**Decrypt**algorithms.

**Decrypt**algorithm for [7,22,25] and our improved HIBE systems are all independent of the hierarchy depth. However, our improved HIBE system achieves better computation efficiency for the

**KeyGen**and

**Encrypt**algorithms as they are independent of the depth of the hierarchy and identity vector, respectively.

**KeyGen**and

**Encrypt**algorithms for different hierarchy depths ($n=1,5,10,\dots ,50$) and recorded the run time as shown in Table 2 and Table 3, respectively. As shown in Figure 2 and Figure 3, the run times of the

**KeyGen**and

**Encrypt**algorithms for our improved HIBE system were much faster than the original HIBE system in [7].

## 6. Conclusions and Future Work

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Shamir, A. Identity-Based Cryptosystems and Signature Schemes. In Advances in Cryptology; Springer: Berlin/Heidelberg, Germany, 1984; pp. 47–53. [Google Scholar]
- Boneh, D.; Franklin, M. Identity-Based Encryption from the Weil Pairing. In Advances in Cryptology-CRYPTO 2001; Springer: Berlin/Heidelberg, Germany, 2001; pp. 213–229. [Google Scholar] [Green Version]
- Boneh, D.; Boyen, X. Secure Identity Based Encryption Without Random Oracles. In Advances in Cryptology—CRYPTO 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 443–459. [Google Scholar] [Green Version]
- Gentry, C. Practical Identity-Based Encryption Without Random Oracles. In Advances in Cryptology—EUROCRYPT 2006; Springer: Berlin/Heidelberg, Germany, 2006; pp. 445–464. [Google Scholar] [Green Version]
- Waters, B. Efficient Identity-Based Encryption Without Random Oracles. In Advances in Cryptology—EUROCRYPT 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 114–127. [Google Scholar] [Green Version]
- Horwitz, J.; Lynn, B. Towards Hierarchical Identity-Based Encryption. In Advances in Cryptology—EUROCRYPT 2002; Springer: Berlin/Heidelberg, Germany, 2002; pp. 466–481. [Google Scholar]
- Lewko, A.; Waters, B. New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts. In Theory of Cryptography—TCC2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 455–479. [Google Scholar] [Green Version]
- Daniel, R.M.; Rajsingh, E.B.; Silas, S. Analysis of Hierarchical Identity Based Encryption Schemes and Its Applicability to Computing Environments. J. Inf. Secur. Appl.
**2017**, 36, 20–31. [Google Scholar] [CrossRef] - Li, Y.; Wang, Y.; Zhang, Y. SecHome: A Secure Large-Scale Smart Home System Using Hierarchical Identity Based Encryption. In Information and Communications Security; Springer: Cham, Switzerland, 2018; pp. 339–351. [Google Scholar]
- Sha, K.; Wei, W.; Yang, T.A.; Wang, Z.; Shi, W. On Security Challenges and Open Issues in Internet of Things. Future Gener. Comput. Syst.
**2018**, 83, 326–337. [Google Scholar] [CrossRef] - Trnka, M.; Cerny, T.; Stickney, N. Survey of Authentication and Authorization for the Internet of Things. Secur. Commun. Netw.
**2018**, 2018, 4351603. [Google Scholar] [CrossRef] - Yu, F.R.; Tang, H.; Mason, P.C.; Wang, F. A Hierarchical Identity Based Key Management Scheme in Tactical Mobile Ad Hoc Networks. IEEE Trans. Netw. Serv. Manag.
**2010**, 7, 258–267. [Google Scholar] [CrossRef] - Ning, H.; Liu, H.; Yang, L.T. Aggregated-Proof Based Hierarchical Authentication Scheme for the Internet of Things. IEEE Trans. Parallel Distrib. Syst.
**2015**, 26, 657–667. [Google Scholar] [CrossRef] - Yang, L.T.; Liu, H.; Ning, H. Cyberentity Security in the Internet of Things. Computer
**2013**, 46, 46–53. [Google Scholar] - Gentry, C.; Silverberg, A. Hierarchical ID-Based Cryptography. In Advances in Cryptology—ASIACRYPT 2002; Springer: Berlin/Heidelberg, Germany, 2002; pp. 548–566. [Google Scholar]
- Boneh, D.; Boyen, X. Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In Advances in Cryptology—EUROCRYPT 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 223–238. [Google Scholar] [Green Version]
- Chatterjee, S.; Sarkar, P. HIBE With Short Public Parameters Without Random Oracle. In Advances in Cryptology—ASIACRYPT 2006; Springer: Berlin/Heidelberg, Germany, 2006; pp. 145–160. [Google Scholar]
- Sarkar, P.; Chatterjee, S. Construction of a Hybrid HIBE Protocol Secure against Adaptive Attacks: without Random Oracle. In First International Conference on Provable Security—ProvSec 2007; Springer: Berlin/Heidelberg, Germany, 2007; pp. 51–67. [Google Scholar]
- Waters, B. Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions. In Advances in Cryptology—CRYPTO 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 619–636. [Google Scholar] [Green Version]
- De Caro, A.; Iovino, V.; Persiano, G. Fully Secure Anonymous HIBE and Secret-Key Anonymous IBE with Short Ciphertexts. In Pairing-Based Cryptography—Pairing 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 347–366. [Google Scholar]
- Chen, J.; Wee, H. Dual System Groups and its Applications—Compact HIBE and More. 2014. Available online: https://eprint.iacr.org/2014/265.pdf (accessed on 18 June 2019).
- Lee, K.; Park, J.H.; Lee, D.H. Anonymous HIBE with Short Ciphertexts: Full Security in Prime Order Groups. Designs Codes Cryptogr.
**2015**, 74, 395–425. [Google Scholar] [CrossRef] - Park, J.H.; Lee, D.H. Anonymous HIBE: Compact Construction Over Prime-Order Groups. IEEE Trans. Inf. Theory
**2013**, 59, 2531–2541. [Google Scholar] [CrossRef] - Zhang, L.; Mu, Y.; Wu, Q. Compact Anonymous Hierarchical Identity-Based Encryption with Constant Size Private Keys. Comput. J.
**2016**, 59, 452–461. [Google Scholar] [CrossRef] - Hu, X.; Wang, J.; Xu, H.; Yang, Y. Constant Size Ciphertext and Private Key HIBE without Random Oracles. J. Inf. Sci. Eng.
**2014**, 30, 333–345. [Google Scholar] - Seo, J.H.; Emura, K. Revocable Hierarchical Identity-based Encryption. Theor. Comput. Sci.
**2014**, 542, 44–62. [Google Scholar] [CrossRef] - Jia, H.; Chen, Y.; Lan, J.; Huang, K.; Wang, J. Efficient Revocable Hierarchical Identity-Based Encryption using Cryptographic Accumulators. Int. J. Inf. Secur.
**2018**, 17, 477–490. [Google Scholar] [CrossRef] - Lee, K.; Park, S. Revocable Hierarchical Identity-Based Encryption with Shorter Private Keys and Update Keys. Designs Codes Cryptogr.
**2018**, 86, 2407–2440. [Google Scholar] [CrossRef] - Park, S.; Lee, D.H.; Lee, K. Revocable Hierarchical Identity-Based Encryption from Multilinear Maps. arXiv
**2016**, arXiv:1610.07948. [Google Scholar] - Wang, C.; Li, Y.; Jiang, S.; Wu, J. An Efficient Adaptive-ID Secure Revocable Hierarchical Identity-Based Encryption Scheme. In Proceedings of the International Conference on Smart Computing and Communication (SmartCom 2016), Shenzhen, China, 17–19 December 2019; pp. 506–515. [Google Scholar]
- Xing, Q.; Wang, B.; Wang, X.; Chen, P. Unbounded Revocable Hierarchical Identity-Based Encryption with Adaptive-ID Security. In Proceedings of the IEEE 18th International Conference on High Performance Computing and Communications, Sydney, Austrilia, 12–14 Decmber 2016; pp. 430–437. [Google Scholar]
- Xing, Q.; Wang, B.; Wang, X.; Tao, J. Unbounded and Revocable Hierarchical Identity-Based Encryption with Adaptive Security, Decryption Key Exposure Resistant, and Short Public Parameters. PLoS ONE
**2018**, 13, e0195204. [Google Scholar] [CrossRef] [PubMed] - Boneh, D.; Goh, E.-J.; Nissim, K. Evaluating 2-DNF Formulas on Ciphertexts. In Theory of Cryptography—TCC2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 325–341. [Google Scholar] [Green Version]
- Shi, E.; Waters, B. Delegating Capabilities in Predicate Encryption Systems. In Automata, Languages and Programming—ICALP2008; Springer: Berlin/Heidelberg, Germany, 2008; pp. 560–578. [Google Scholar] [Green Version]

**Figure 1.**Hierarchical Identity-Based Encryption (HIBE) application scenario. NDC, National Data Center; LDC, Local Data Center; IDC, Industry Data Center; UDC, Unit Data Center; PKG, Private Key Generator.

Scheme | $\mathit{P}\mathit{K}$ Size | $\mathit{S}\mathit{K}$ Size | $\mathit{C}\mathit{T}$ Size | KeyGen | Encrypt | Decrypt |
---|---|---|---|---|---|---|

[19] | $O\left(n\right)$ | $O\left(d\right)$ | $O\left(d\right)$ | $(4d+11)E$ | $(3d+11)E+1{E}_{T}$ | $(2d+7)P$ |

[7] | $O\left(n\right)$ | $O(n-d)$ | $O\left(1\right)$ | $(n+3)E$ | $(d+2)E+1{E}_{T}$ | $2P$ |

[25] | $O\left(bn\right)$ | $O\left(1\right)$ | $O\left(1\right)$ | $(2bd+6)E$ | $(2bd+3)E+2{E}_{T}$ | $2P+1{E}_{T}$ |

[22] | $O\left(n\right)$ | $O(n-d)$ | $O\left(1\right)$ | $8n-6d+17$ | $(3d+4)E+1{E}_{T}$ | $6P$ |

Ours | $O\left(1\right)$ | $O\left(1\right)$ | $O\left(1\right)$ | $5E$ | $3E+1{E}_{T}$ | $2P$ |

**Table 2.**The private key generation time of [7] and our improved HIBE system.

Depth | [7] (s) | Ours (s) |
---|---|---|

1 | 38.851 | 2.444 |

5 | 184.653 | 12.122 |

10 | 348.413 | 23.886 |

15 | 493.993 | 36.009 |

20 | 616.044 | 47.865 |

25 | 734.034 | 59.715 |

30 | 834.744 | 72.646 |

35 | 886.534 | 85.998 |

40 | 975.188 | 98.309 |

45 | 1012.288 | 108.427 |

50 | 1028.230 | 125.729 |

**Table 3.**The encryption time of [7] and our improved HIBE system.

Depth | [7] (s) | Ours (s) |
---|---|---|

1 | 0.887 | 0.857 |

5 | 0.949 | 0.840 |

10 | 1.051 | 0.825 |

15 | 1.132 | 0.839 |

20 | 1.289 | 0.831 |

25 | 1.427 | 0.828 |

30 | 1.517 | 0.841 |

35 | 1.536 | 0.852 |

40 | 1.635 | 0.840 |

45 | 1.755 | 0.842 |

50 | 1.817 | 0.882 |

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Guo, L.; Wang, J.; Yau, W.-C.
Efficient Hierarchical Identity-Based Encryption System for Internet of Things Infrastructure. *Symmetry* **2019**, *11*, 913.
https://doi.org/10.3390/sym11070913

**AMA Style**

Guo L, Wang J, Yau W-C.
Efficient Hierarchical Identity-Based Encryption System for Internet of Things Infrastructure. *Symmetry*. 2019; 11(7):913.
https://doi.org/10.3390/sym11070913

**Chicago/Turabian Style**

Guo, Lifeng, Jing Wang, and Wei-Chuen Yau.
2019. "Efficient Hierarchical Identity-Based Encryption System for Internet of Things Infrastructure" *Symmetry* 11, no. 7: 913.
https://doi.org/10.3390/sym11070913