Cryptology ePrint Archive: Report 2004/086
Fuzzy Identity Based Encryption
Amit Sahai and Brent Waters
Abstract: We introduce a new type of Identity-Based Encryption
(IBE) scheme that we call Fuzzy Identity-Based Encryption.
In Fuzzy IBE we view an identity as set of descriptive attributes.
A Fuzzy IBE scheme allows for a private key for an identity, $\omega$, to decrypt a ciphertext encrypted with an identity, $\omega'$, if
and only if the identities $\omega$ and $\omega'$ are close to each
other as measured by the ``set overlap'' distance metric.
A Fuzzy IBE scheme can be applied to enable encryption
using biometric inputs as identities; the error-tolerance property
of a Fuzzy IBE scheme is precisely what allows for the use of
biometric identities, which inherently will have some noise each
time they are sampled. Additionally, we show that Fuzzy-IBE can
be used for a type of application that we term ``attribute-based encryption''.
In this paper we present two constructions of Fuzzy IBE schemes. Our
constructions can be viewed as an Identity-Based Encryption of a
message under several attributes that compose a (fuzzy) identity.
Our IBE schemes are both error-tolerant and secure against collusion
attacks. Additionally, our basic construction does not use random
oracles. We prove the security of our schemes under the Selective-ID
Category / Keywords: public-key cryptography / identity based encryption
Date: received 29 Mar 2004, last revised 3 Mar 2005
Contact author: bwaters at cs stanford edu
Available formats: PDF | BibTeX Citation
Note: Revised for Eurocrypt 2005 conference.
Version: 20050303:192404 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]