Paper 2004/086

Fuzzy Identity Based Encryption

Amit Sahai and Brent Waters


We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, $\omega$, to decrypt a ciphertext encrypted with an identity, $\omega'$, if and only if the identities $\omega$ and $\omega'$ are close to each other as measured by the ``set overlap'' distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term ``attribute-based encryption''. In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

Note: Revised for Eurocrypt 2005 conference.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
identity based encryption
Contact author(s)
bwaters @ cs stanford edu
2005-03-03: last of 13 revisions
2004-04-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amit Sahai and Brent Waters},
      title = {Fuzzy Identity Based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2004/086},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.