Generic Mediated Encryption

We propose a generic mediated encryption (GME) system that converts any identity based encryption (IBE) to a mediated IBE. This system is based on enveloping an IBE encrypted message using a user’s identity into another IBE envelope, using the identity of a security mediator (SEM) responsible for checking users for revocation. We present two security models based on the role of the adversary whether it is a revoked user or a hacked SEM. We prove that GME is as secure as the SEM’s IBE (the envelope) against a revoked user and as secure as the user’s IBE (the letter) against a hacked SEM. We also present two instantiations of GME. The first instantiation is based on the Boneh-Franklin (BF) FullIBE system, which is a pairing-based encryption system. The second instantiation is based on the Boneh, Gentry and Hamburg (BGH) system, which is a non pairing-based encryption system.

[1]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[2]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[3]  Patricia L. V. Ribeiro,et al.  SPACE-EFFICIENT IDENTITY-BASED ENCRYPTION , 2009 .

[4]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[5]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[6]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[7]  Peter Gemmell,et al.  Efficient and Fresh Cerification , 2000, Public Key Cryptography.

[8]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[9]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[10]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[11]  Dan Boneh,et al.  Fine-grained control of security capabilities , 2004, TOIT.

[12]  S. Micali Eecient Certiicate Revocation , 1996 .

[13]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[14]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[15]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[16]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[19]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.