Paper 2007/235
Blind Identity-Based Encryption and Simulatable Oblivious Transfer
Matthew Green and Susan Hohenberger
Abstract
In an identity-based encryption (IBE) scheme, there is a {\em key extraction} protocol where a user submits an identity string to a master authority who then returns the corresponding secret key for that identity. In this work, we describe how this protocol can be performed efficiently and in a {\em blind} fashion for several known IBE schemes; that is, a user can obtain a secret key for an identity without the master authority learning anything about this identity. We formalize this notion as {\em blind IBE} and discuss the many practical applications of such a scheme. In particular, we build upon the recent work of Camenisch, Neven, and shelat in Eurocrypt 2007 to construct oblivious transfer (OT) schemes which achieve full simulatability for both sender and receiver. OT constructions with comparable efficiency prior to Camenisch et al.\ were proven secure in the weaker half-simulation model. Our OT schemes can be constructed generically from any blind IBE, and thus require only static complexity assumptions (e.g., DBDH) whereas prior comparable schemes require dynamic complexity assumptions (e.g., $q$-PDDH).
Note: An extended abstract of this paper appeared in ASIACRYPT 2007. This is the full version.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- identity-based encryptionoblivious transferblind key extraction
- Contact author(s)
- mgreen @ cs jhu edu
- History
- 2008-05-02: last of 3 revisions
- 2007-06-19: received
- See all versions
- Short URL
- https://ia.cr/2007/235
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/235,
author = {Matthew Green and Susan Hohenberger},
title = {Blind Identity-Based Encryption and Simulatable Oblivious Transfer},
howpublished = {Cryptology {ePrint} Archive, Paper 2007/235},
year = {2007},
url = {https://eprint.iacr.org/2007/235}
}
