Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [identity-based-encryption]

In identity-based encryption (IBE) the public key of a user $A$ is some identity string $ID_A$, e.g., an email address. To encrypt a message for this user there is no need to retrieve an authentic copy of the public key, as it is in public key cryptography, but one can simply use the identity string $ID_A$.

Identity-based cryptography (IBC) aims at letting the users public key a public identity string, e.g., the email address, and so to remove the requirement for certificates. In ID based cryptography a user $A$ uses his identity (e.g., his email address) as public key. A trusted authority (the key generation center) computes the private key $sk_A$ that corresponds to the public identity string $ID_A$. Since the private key is generated by another party on behalf of the user, IBC suffers from an inherent key escrow problem. However, there are possibilities to circumvent these issues.

110 questions
4
votes
3 answers

Is Identity-based encryption used in the wild?

I have a curious question. Is Identity-based encryption used in the wild?
mallea
  • 1,605
  • 1
  • 9
  • 21
3
votes
1 answer

How to distribute system parameters in identity-based encryption

Identity-based encryption papers describe that system parameters are declared as public. However,in real scenario, how to distribute system parameters to users?
La Yate May
  • 321
  • 1
  • 8
3
votes
1 answer

Question on Waters IBE

I'm reading “Efficient Identity-Based Encryption Without Random Oracles” by Brent Waters. In Page 9, I don't know how…
Jonghyun Kim
  • 477
  • 2
  • 8
2
votes
1 answer

Anonymous Multi-Receiver Identity-Based Authenticated Encryption with CCA Security?

OK, I am confused. Does it mean that that the various anonymous multi-receiver IBE implementations actually do not have single public key per Identity, as as is the in the original IBE implementation? Example paper: Anonymous Multi-Receiver…
Vega4
  • 234
  • 2
  • 9
2
votes
1 answer

Which one is correct probability formula for the same master secret value in identity-based encryption

Assume two servers $(n=2)$ use the same domain curve parameters and same hash function $H:\{0,1\}^{*} \rightarrow G_{1}$ . Then the hash value for the same identity falls in same result and let it be P by assuming $P \in G_{1}$. Then the probability…
La Yate May
  • 321
  • 1
  • 8
2
votes
1 answer

Identity-Based Encryption consist of four algorithms. Extract phase is one of them and it is done by PKG or receiver?

The Identity-Based Encryption consist of four randomized algorithms: Setup, Extract, Encrypt, Decryption. The Setup phase is done by Private-key generator, Encrypt by sender and Decryption by receiver. the Extract phase is done by PKG or receiver?
Aria
  • 711
  • 3
  • 9
  • 18
1
vote
1 answer

Why is Boneh-Franklin IBE scheme secure? What should an adversary do to break it?

Even after reading their paper I am still not able to understand why the scheme is secure and what an adversary should do to break it. This question might look stupid to most of you but I don't have mathematics background to delve this deep into…
user1108
  • 61
  • 2
1
vote
0 answers

identity based encryption-Private key

PKG will be sending the Private key,so it may not be secure,some one may get the private key,how to overcome this problem in IBE. Please help am unable to justify.
ramesh ch
  • 11
  • 2
1
vote
1 answer

Selecting secret value in certificateless identity-based encryption

In certificateless identity-based cryptography, selecting secret value $$x_i \in Z_p$$ and declaring public key of individual users such as $$Pub_i=g^{x_i}$$ $g$ is public parameter. I think there will be some kind of collision in selecting secret…
myat
  • 333
  • 1
  • 9
1
vote
0 answers

Some Question about Security Proof of authenticated identity-based encryption

In authenticated identity-based encryption by Benn Lynn, in proof of security, I have a little difficulties in understanding. In key extraction queries,if attacker request for guessed ID, then B fails. I think this is because B cannot generate…
La Yate May
  • 321
  • 1
  • 8
1
vote
1 answer

Do any Identity-based Encryption Systems support messaging between domains?

Identity Based Encryption is covered under RFC 5091 (specifying the algorithm), 5408 (specifying data structures), and 5409 (using IBE with Cryptographic Message Syntax). However, every IBE implementation that I've seen and used are nothing more…
vy32
  • 439
  • 3
  • 13
0
votes
1 answer

Advantage of attacker in CPA secure IBE

In CPA secure IBE systems, the advantage of attacker (A) is defined as absolute value of $$Pr[b=b^{'}]-\frac{1}{2}$$ Can someone please explain this to me in a few words? Where exactly does that absolute value come from? And how common is this…
myat
  • 333
  • 1
  • 9
0
votes
0 answers

Why not consider modification in ciphertext part in identity-based encryption

In identity-based broadcast encryption system, the ciphertext is $$ C=$$ There can be a man-in-the-middle who can modify one or all of the $c1,c2,...,cn$ values so that the receiver can not get the correct plaintext. Why isn’t…
La Yate May
  • 321
  • 1
  • 8
0
votes
0 answers

Notation of * in hash function of identity-based encryption

$H:\{0,1\}^{*} \rightarrow Z_{p}^{*}$ $H:\{0,1\}^{*} \rightarrow Z_{p}$ $H:\{0,1\}^{*} \rightarrow G_{1}^{*}$ $H:\{0,1\}^{*} \rightarrow G_{1}$ Difference meaning of $Z_{p}^{*}, Z_{p},G_{1}^{*},G_{1}$ ??
myat
  • 333
  • 1
  • 9
0
votes
1 answer

Hash Function representation in identity-based encryption

Some describe as $H:F_{q}\times G_{2}\rightarrow \{0,1\}^{n}$.Some describe as $H:\{0,1\}^{*}\times\{0,1\}^{*}\rightarrow F_{q}$. What is the meaning of product function? what kind of operation does it refer to?
myat
  • 333
  • 1
  • 9
1
2