Paper 2017/054

Attribute-Based Encryption Implies Identity-Based Encryption

Javier Herranz


In this short paper we formally prove that designing attribute-based encryption schemes cannot be easier than designing identity-based encryption schemes. In more detail, we show how an attribute-based encryption scheme which admits, at least, AND policies can be combined with a collision-resistant hash function to obtain an identity-based encryption scheme. Even if this result may seem natural, not surprising at all, it has not been explicitly written anywhere, as far as we know. Furthermore, it may be an unknown result for some people: Odelu et al. \cite{OdKu16,J+17} have proposed both an attribute-based encryption scheme in the Discrete Logarithm setting, without bilinear pairings, and an attribute-based encryption scheme in the RSA setting, both admitting AND policies. If these schemes were secure, then by using the implication that we prove in this paper, we would obtain secure identity-based encryption schemes in both the RSA and the Discrete Logarithm settings, without bilinear pairings, which would be a breakthrough in the area. Unfortunately, we present here complete attacks of the two schemes proposed by Odelu et al. in \cite{OdKu16,J+17}.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. IET Information Security, vol. 11 (6), pp. 332-337, 2017
attribute-based encryptionidentity-based encryption
Contact author(s)
javier herranz @ upc edu
2017-11-28: last of 4 revisions
2017-01-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Javier Herranz},
      title = {Attribute-Based Encryption Implies Identity-Based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2017/054},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.