Identity-Based Matchmaking Encryption from Standard Lattice Assumptions

Identity-Based Matchmaking Encryption (IB-ME), initially proposed by Ateniese et al. (Crypto 2019), is an extension of Identity-Based Encryption (IBE) that emphasizes privacy and authenticity. It ensures that the content of a message is only revealed when the recipient's identity matches the intended recipient specified by the sender, and when the target sender's identity, chosen by the receiver during decryption, matches the actual sender's identity. In cases where there is a mismatch, no information about the sender, receiver, or message is disclosed.Francati et al. (IndoCrypt 2021) observed that the privacy definition for IB-ME solely guarantees the concealment of the message and sender identity when the receiver's identity does not match the intended recipient specified by the sender. It does not consider whether the target sender's identity matches the actual sender's identity. To overcome this limitation, they proposed an enhanced privacy notion and developed an IB-ME scheme that achieves it in the plain model, even though relying on non-standard assumptions.In this paper, we address the problem of constructing an IB-ME scheme that offers enhanced privacy under standard assumptions with particular emphasis on post quantum security. Specifically, we first show how to obtain an IB-ME that achieves the notion of enhanced privacy using as building blocks any anonymous IBE and reusable computational extractors. Next, we show how to construct an IB-ME starting from an IB-ME satisfying enhanced privacy and a context-hiding homomorphic signature, thereby ensuring not only enhanced privacy but also authenticity. Notably, our framework allows for secure IB-ME schemes to be instantiated in the standard model from lattice assumptions, thus providing also post-quantum security.