Abstract
We generalize the decisional problem that was used to prove the security of a well-known hierarchical identity-based encryption scheme by Boneh, Boyen and Goh. We argue that our new problem is strictly harder than the original problem, and thus the security of the aforementioned cryptographic primitive is laid on even stronger foundations.
Notes
1. Notice that for ℓ=1, the maximum appearance degree of the variable X equals 1 in both inputs. This is why the impossibility argument does not hold for ℓ=1, and indeed we have proven that .