Tighter security proofs for GPV-IBE in the quantum random oracle model (Q5925501)

This paper presents in essence two tighter proofs -- one in the single-challenge and one in the multi-challenge setting. For the single-challenge setting the authors provide a much tighter proof compared to results of \textit{M. Zhandry} [Lect. Notes Comput. Sci. 7417, 758--775 (2012; Zbl 1296.94147)]. Furthermore, the proof requires little knowledge on quantum computing. The key idea is similar to the public key encryption scheme by \textit{R. Cramer} and \textit{V. Shoup} [ibid. 1462, 13--25 (1998; Zbl 0931.94018)]. The authors simulate in a way so that one can create exactly one secret key for every identity. For the multi-challenge setting the authors provide an almost tight proof. This is interesting, because GPV-IBE was not known to have a tight reduction in this setting (regardless of considering the ROM or QROM). They construct an extended LWE instance (consisting of a public matrix A and a set of vectors) and show that this construction is tightly secure with the same efficiency as the single-challenge setting if the extended LWE instance is provided to the reduction algorithm of the challenge. The key idea is to used the ``lossy mode'' of the LWE problem. Interestingly, the main results presented in this paper also carry over naturally to the ring setting, i.e., R-LWE. Further, they explain how to extend the scheme to a multi-bit message variant while maintaining efficiency and tight-security. The paper is clearly written and sound. The arguments are very clear and all concepts are explained in necessary detail. The paper discusses related work properly and develops the theory stepwise. Even readers with little knowledge on the topic in particular quantum computation should be able to work this paper through.