Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [identity-based-encryption]

In identity-based encryption (IBE) the public key of a user $A$ is some identity string $ID_A$, e.g., an email address. To encrypt a message for this user there is no need to retrieve an authentic copy of the public key, as it is in public key cryptography, but one can simply use the identity string $ID_A$.

Identity-based cryptography (IBC) aims at letting the users public key a public identity string, e.g., the email address, and so to remove the requirement for certificates. In ID based cryptography a user $A$ uses his identity (e.g., his email address) as public key. A trusted authority (the key generation center) computes the private key $sk_A$ that corresponds to the public identity string $ID_A$. Since the private key is generated by another party on behalf of the user, IBC suffers from an inherent key escrow problem. However, there are possibilities to circumvent these issues.

114 questions
12
votes
3 answers

How to prove identity without revealing identity

Let us say Alice publishes a book under the name of Claire. The book becomes wildly popular and now Bob comes along, claiming to be Claire, to reap all the success. How does Alice prove that she wrote the book (and Bob did not) as Claire without…
Thomas Arildsen
  • 221
  • 2
  • 6
11
votes
1 answer

Are pairings still the most efficient implementation for identity and attribute-based encryption?

I read on Wikipedia: [...] pairings have also been used to construct many cryptographic systems for which no other efficient implementation is known, such as identity based encryption or attribute based encryption schemes. Is this still the…
Shalec
  • 407
  • 2
  • 10
9
votes
4 answers

Is there any semantic difference between predicate encryption and functional encryption?

Predicate encryption(PE) arrived as a descendant of attribute based encryption. Attribute based encryption allows the encryptor to embody a policy to the ciphertext (Ciphertext-Policy based encryption) and the receipent to receive a key from a…
curious
  • 6,280
  • 6
  • 34
  • 48
8
votes
1 answer

What is the "artificial abort" technique?

In the security proof of Brent Waters's paper Efficient Identity-Based Encryption Without Random Oracles, he uses a novel “artificial abort” step on page 6. At this point the simulator is still unable to use the output from the adversary. An…
Jiangtao LI
  • 179
  • 8
6
votes
1 answer

How to select corresponding ciphertext in anonymous Identity-based broadcast encryption?

In identity-based broadcast encryption, suppose the broadcast ciphertext $(r_1,r_2,\dots,r_i,U,W,V)$ is sent to the receiver. It does not describe which user corresponds to which ciphertext part. User $i$ should decrypt using the corresponding $r_i$…
myat
  • 353
  • 1
  • 9
5
votes
1 answer

Can I replace DH by a post-quantum key exchange in IBAKE for post-quantum identity-based authenticated key exchange?

IETF RFC 6539 IBAKE - Identity Based Authenticated Key Exchange describes a Hybrid key exchange using both Identity based cryptography and a standard ephemeral elliptic curve Diffie-Hellman key exchange. Since that protocol already is a hybrid could…
Andrea Russo
  • 139
  • 5
5
votes
3 answers

Is Identity-based encryption used in the wild?

I have a curious question. Is Identity-based encryption used in the wild?
mallea
  • 1,715
  • 1
  • 12
  • 23
5
votes
1 answer

Does Identity-Based Encryption actually solve any problem?

Identity-based encryption schemes[*] seem to have great potential in high-latency, delay-tolerant and mobile, ad-hoc networks since they apparently seem to avoid the need for key negotiation and exchanges. Used solely for key exchange, they allow…
Bill
  • 293
  • 2
  • 5
5
votes
1 answer

Generic group model: use of polynomials in the proof of the master theorem

I've been looking at the paper of Boneh, Boyen, Goh Hierarchical Identity Based Encryption with Constant Size Ciphertext which contains a general theorem (Theorem A.2) about the advantage of an attacker in the generic group model. It seems to be…
JT1
  • 395
  • 2
  • 8
4
votes
0 answers

About Cocks IBE

Why doesn't Cocks IBE use the hash function H from ID space to quadratic residue set $\mathbb{QR}_N$ in $\mathbb{Z}/N\mathbb{Z}$ to reduce the ciphertext expansion by half? I think it is also IND-ID-CPA secure in random oracle because we can learn…
Xiaopeng Zhao
  • 101
  • 2
4
votes
3 answers

What crypto system allows for 3 parties: Party 1 who makes an assertion, Party 2 mutates the assertion, Party 3 validates it

I'm looking for the cryptographic equivalent of a Drivers license where the issuer can be verified, the issuer doesn't need to know who you showed the drivers license to, but also allows per-transaction privacy. I would use the standard PKI system,…
makerofthings7
  • 2,631
  • 1
  • 22
  • 37
4
votes
2 answers

How to compare performances of lattice-based and pairing-based IBE schemes

I try to compare the performances (cost of Enc, Dec, ... size of keys, ciphertexts, ...) of IBE schemes using lattices (LWE hardness assumption) or pairing (Diffie-Hellman hardness assumption). I've observed that performances of lattice-based…
permanganate
  • 131
  • 5
4
votes
1 answer

"Shifting" a dual-Regev keypair away from a trapdoored instance

This question pertains to identity-based key encapsulation mechanisms (IB-KEMs). To recap the functionality: $\mathsf{KeyGen}(1^\lambda) \to (\mathsf{msk}, \mathsf{mpk})$ Generates the master keypair $\mathsf{Extract}(\mathsf{mpk}, \mathsf{msk},…
rozbb
  • 570
  • 3
  • 16
3
votes
1 answer

Identity Based Encryption: Known Random Value

Let's consider a situation whereby: Alice generates a ciphertext c from a message m using Bob’s ID. An attacker Carol can get c from the open channel. She knows that c is generated by using Bob’s ID but she does not know Bob’s secret key. On…
Jeevan Pillay
  • 39
  • 3
3
votes
0 answers

Is it possible to verify attributes of encrypted content?

Let's say that Alice has this information about her, { "name": "Alice", "age": 25, "eyes": "brown" } which she encrypts with a key pair so that no one access this text. Later she says Bob that her eyes are brown and Bob should be able to verify…
Maxim Gaina
  • 31
  • 2
1
2 3 4 5 6 7 8