Paper 2005/253

Security Notions for Identity Based Encryption

David Galindo and Ichiro Hasuo

Abstract

Identity Based Encryption (IBE) has attracted a lot of attention since the publication of the scheme by Boneh and Franklin. So far, only indistinguishability based security notions have been considered in the literature, and it has not been investigated whether these definitions are appropriate. For this purpose, we define the goals of semantic security and non-malleability for IBE. We then compare the security notions resulting from combining those goals with the attacks previously considered in the literature (full and selective-identity attacks), providing either an implication or a separation. Remarkably, we show that the strongest security levels with respect to selective-identity attacks (i.e. chosen-ciphertext security) do not imply the weakest full-identity security level (i.e. one-wayness). With the aim of comprehensiveness, notions of security for IBE in the context of encryption of multiple messages and/or to multiple receivers are finally presented, as well as their relationship with the standard IBE security notion. The results obtained substantiate indistinguishability against full-identity chosen ciphertext attacks as the appropriate security notion for IBE.

Note: Major revision: The claim that there was no generic transformation in the Random Oracle Model from IND-sID-CPA security to IND-ID-CPA security was flawed and it has been therefore removed.