Paper 2015/862

Idealizing Identity-Based Encryption

Dennis Hofheinz, Christian Matt, and Ueli Maurer

Abstract

We formalize the standard application of identity-based encryption (IBE), namely non-interactive secure communication, as realizing an ideal system which we call delivery controlled channel (DCC). This system allows users to be registered (by a central authority) for an identity and to send messages securely to other users only known by their identity. Quite surprisingly, we show that existing security definitions for IBE are not sufficient to realize DCC. In fact, it is impossible to do so in the standard model. We show, however, how to adjust any IBE scheme that satisfies the standard security definition IND-ID-CPA to achieve this goal in the random oracle model. We also show that the impossibility result can be avoided in the standard model by considering a weaker ideal system that requires all users to be registered in an initial phase before any messages are sent. To achieve this, a weaker security notion, which we introduce and call IND-ID1-CPA, is actually sufficient. This justifies our new security definition and might open the door for more efficient schemes. We further investigate which ideal systems can be realized with schemes satisfying the standard notion and variants of selective security. As a contribution of independent interest, we show how to model features of an ideal system that are potentially available to dishonest parties but not guaranteed, and which such features arise when using IBE.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2015
Keywords
identity-based encryptiondefinitionsimpossibility resultscomposability
Contact author(s)
christian matt @ inf ethz ch
History
2015-09-08: received
Short URL
https://ia.cr/2015/862
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/862,
      author = {Dennis Hofheinz and Christian Matt and Ueli Maurer},
      title = {Idealizing Identity-Based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2015/862},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/862}},
      url = {https://eprint.iacr.org/2015/862}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.