Black-Box Barriers Behind Registration-Based Encryption

Abstract

Registration-Based Encryption (RBE) is a cryptographic primitive designed to achieve the functionalities of Identity-Based Encryption (IBE) while avoiding the key-escrow problem. In an RBE system, participants generate their own secret and public keys and register their public keys with a transparent entity known as the Key Curator (KC), who does not possess any secret information. The KC’s role is limited to managing the public keys without any secret information, effectively eliminating the central key management issues inherent in IBE. Early constructions of RBE relied on non-black-box techniques, incorporating advanced cryptographic primitives such as indistinguishability obfuscation or garbled circuits. However, non-black-box constructions often face practical inefficiencies. Recent works have shown that black-box constructions of RBE are achievable, though these constructions often involve a relaxed model where the Common Reference String (CRS) can grow with the number of registered users. This work investigates the minimal assumptions needed for black-box constructions of RBE. Specifically, we explore whether it is possible to construct RBE schemes using assumptions comparable to those used in public-key encryption or algebraic assumptions that hold in the generic group model. In our work, we present the first black-box separation results for RBE that extend beyond the implications of the known relationship between RBE and public-key encryption. We demonstrate that neither trapdoor permutations nor generic group model, including Shoup’s model, are sufficient on their own to serve as the basis for constructing RBE schemes. Furthermore, we demonstrate that even a relaxed version of RBE, where all keys are registered and compressed simultaneously, cannot be constructed using these primitives in a black-box manner.