Paper 2015/1035

CARIBE: Cascaded IBE for Maximum Flexibility and User-side Control

Britta Hale, Christopher Carr, and Danilo Gligoroski


Mass surveillance and a lack of end-user encryption, coupled with a growing demand for key escrow under legal oversight and certificate authority security concerns, raise the question of the appropriateness of continued general dependency on PKI. Under this context, we examine Identity-Based Encryption (IBE) as an alternative to public-key encryption. Cascade encryption, or sequential multiple encryption, is the concept of layering encryption such that the ciphertext from one encryption step is the plaintext of the next. We describe CARIBE, a cascaded IBE scheme, for which we also provide a cascaded CCA security experiment, IND-ID-C.CCA, and prove its security in the computational model. CARIBE combines the ease-of-use of IBE with key escrow, limited to the case when the entire set of participating PKGs collaborate. Furthermore, we describe a particular CARIBE scheme, CARIBE-S, where the receiver is a self-PKG – one of the several PKGs included in the cascade. CARIBE-S inherits IND-ID-C.CCA from CARIBE, and avoids key escrow entirely. In essence, CARIBE-S offers the maximum flexibility of the IBE paradigm and gives the users complete control without the key escrow problem.

Note: Extensions and discussion additions.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MAJOR revision.MyCrypt 2016
identity-based encryptioncascade ciphersPKIpractice-oriented provable securitymass-surveillance
Contact author(s)
ccarr @ item ntnu no
2017-01-16: revised
2015-10-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Britta Hale and Christopher Carr and Danilo Gligoroski},
      title = {CARIBE: Cascaded IBE for Maximum Flexibility and User-side Control},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1035},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.