Practical Identity-Based Encryption (IBE) in Multiple PKG Environments and Its Applications

In this paper, we present a new identity-based encryption (IBE) scheme using bilinear pairings. Our IBE scheme enjoys the same \textsf{Key Extraction} and \textsf{Decryption} algorithms with the famous IBE scheme of Boneh and Franklin (BF-IBE for short), while differs from the latter in that it has modified \textsf{Setup} and \textsf{Encryption} algorithms. Compared with BF-IBE, we show that ours are more practical in a multiple private key generator (PKG) environment, mainly due to that the session secret $g_{ID}$ could be pre-computed \emph{before} any interaction, and the sender could encrypt a message using $g_{ID}$ prior to negotiating with the intended recipient(s). As an application of our IBE scheme, we also derive an escrowed ElGamal scheme which possesses certain good properties in practice.

[1]  Joonsang Baek,et al.  Identity-Based Threshold Decryption , 2004, Public Key Cryptography.

[2]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[3]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[4]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Sunder Lal,et al.  Security Proof for Shengbao Wang's Identity-Based Encryption Scheme , 2007, IACR Cryptol. ePrint Arch..

[7]  David Galindo,et al.  Boneh-Franklin Identity Based Encryption Revisited , 2005, IACR Cryptol. ePrint Arch..

[8]  Joonsang Baek,et al.  Efficient Multi-receiver Identity-Based Encryption and Its Application to Broadcast Encryption , 2005, Public Key Cryptography.

[9]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[10]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[11]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[12]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[13]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[14]  Kenneth G. Paterson,et al.  Certiflcateless Public Key Cryptography , 2003 .

[15]  Paulo S. L. M. Barreto,et al.  A New Two-Party Identity-Based Authenticated Key Agreement , 2005, CT-RSA.

[16]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[17]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[18]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[19]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.