Cryptology ePrint Archive: Report 2004/086

Fuzzy Identity Based Encryption

Amit Sahai and Brent Waters

Abstract: We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, $\omega$, to decrypt a ciphertext encrypted with an identity, $\omega'$, if and only if the identities $\omega$ and $\omega'$ are close to each other as measured by the ``set overlap'' distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term ``attribute-based encryption''.

In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

Category / Keywords: public-key cryptography / identity based encryption

Date: received 29 Mar 2004, last revised 3 Mar 2005

Contact author: bwaters at cs stanford edu

Available formats: PDF | BibTeX Citation

Note: Revised for Eurocrypt 2005 conference.

Version: 20050303:192404 (All versions of this report)

Discussion forum: Show discussion | Start new discussion