Cryptology ePrint Archive: Report 2005/253
Security Notions for Identity Based Encryption
David Galindo and Ichiro Hasuo
Abstract: Identity Based Encryption (IBE) has attracted a lot of attention since the publication of the scheme by Boneh and Franklin. So far, only indistinguishability based security notions have been considered in the literature, and it has not been investigated whether these definitions are appropriate. For this purpose, we define the goals of semantic security and non-malleability for IBE. We then compare the security notions resulting from combining those goals with the attacks
previously considered in the literature (full and selective-identity attacks), providing either an implication or a separation. Remarkably, we show that the strongest security levels with respect to selective-identity attacks (i.e. chosen-ciphertext security) do not imply the weakest full-identity security level (i.e. one-wayness). With the aim of comprehensiveness, notions of security for IBE in the context of encryption of multiple messages and/or to multiple receivers are finally presented, as well as their relationship with the standard IBE security notion. The results obtained substantiate indistinguishability against full-identity chosen ciphertext attacks
as the appropriate security notion for IBE.
Category / Keywords: foundations / identity-based encryption, one-wayness, indistinguishability, non-malleability, semantic security, selective-identity attacks, full-identity attacks, implications and separations.
Date: received 8 Aug 2005, last revised 20 Sep 2005
Contact author: d galindo at cs ru nl
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: Major revision: The claim that there was no generic transformation in the Random Oracle Model from IND-sID-CPA security to IND-ID-CPA security was flawed and it has been therefore removed.
Version: 20050920:125505 (All versions of this report)
Short URL: ia.cr/2005/253
[ Cryptology ePrint archive ]