Content deleted Content added
Dhiraj AMB (talk | contribs) m Just updated the actual URL instead of a dead link. |
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5 |
||
| (5 intermediate revisions by 4 users not shown) | |||
Line 1:
{{Short description|Type of public-key encryption}}
'''
| last = Shamir | first = Adi | author-link = Adi Shamir
| editor1-last = Blakley | editor1-first = G. R.
Line 13 ⟶ 14:
| volume = 196
| year = 1984| doi-access = free
}}</ref> He was however only able to give an instantiation of [[
The [[pairing-based cryptography|pairing]]-based [[Boneh–Franklin scheme]]<ref>{{cite journal
Line 37 ⟶ 38:
| year = 2001}}</ref> based on [[quadratic residue]]s both solved the IBE problem in 2001.
== Usage ==
Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the [[Private Key Generator]] (PKG), generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding '''master private key''' (referred to as ''master key''). Given the master public key, any party can compute a public key corresponding to the identity by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use the identity ''ID'' contacts the PKG, which uses the master private key to generate the private key for identity ''ID''.
Line 86 ⟶ 87:
The steps involved are depicted in this diagram:[[File:Identity Based Encryption Steps.png|center|thumb|600px|ID Based Encryption: Offline and Online Steps]]
== Protocol framework ==
[[Dan Boneh]] and [[Matthew K. Franklin]] defined a set of four algorithms that form a complete IBE system:
* '''Setup''': This algorithm is run by the PKG one time for creating the whole IBE environment. The master key is kept secret and used to derive users' private keys, while the system parameters are made public. It accepts a [[security parameter]] <math>\textstyle k</math> (i.e. binary length of key material) and outputs:
# A set <math>\textstyle \mathcal{P}</math> of system parameters, including the
# a master key <math>\textstyle K_m</math>.
Line 96 ⟶ 97:
* '''Decrypt''': Accepts <math>\textstyle d</math>, <math>\textstyle \mathcal{P}</math> and <math>\textstyle c \in \mathcal{C}</math> and returns <math>\textstyle m \in \mathcal{M}</math>.
=== Correctness constraint ===
In order for the whole system to work, one has to postulate that:
:<math> \forall m \in \mathcal{M}, ID \in \left\{0,1\right\}^*: \mathrm{Decrypt}\left(\mathrm{Extract}\left(\mathcal{P}, K_m, ID\right), \mathcal{P}, \mathrm{Encrypt}\left(\mathcal{P}, m, ID \right) \right) = m </math>
== Encryption schemes ==
The most efficient identity-based encryption schemes are currently based on [[Pairing|bilinear pairings]] on [[elliptic curves]], such as the [[weil pairing|Weil]] or [[Tate pairing|Tate]] pairings. The first of these schemes was developed by [[Dan Boneh]] and [[Matthew K. Franklin]] (2001), and performs [[probabilistic encryption]] of arbitrary ciphertexts using an [[ElGamal encryption|Elgamal]]-like approach. Though the [[BonehFranklinScheme|Boneh-Franklin scheme]] is [[Provable security|provably secure]], the security proof rests on relatively new assumptions about the hardness of problems in certain elliptic curve groups.
Line 108 ⟶ 109:
A third approach to IBE is through the use of lattices.
=== Identity-based encryption algorithms ===
The following lists practical identity-based encryption algorithms
* [[Boneh–Franklin scheme|Boneh–Franklin]] (BF-IBE).
* [[Sakai–Kasahara scheme|Sakai–Kasahara]] (SK-IBE).<ref>{{cite web|last1=Sakai|first1=Ryuichi|last2=Kasahara|first2=Masao|title=ID Based cryptosystems with pairing on elliptic curve|work=Cryptography ePrint Archive|year=2003|volume=2003/054|url=https://eprint.iacr.org/2003/054}}</ref>
* Boneh–Boyen (BB-IBE).<ref>{{cite conference
| last1 = Boneh | first1 = Dan | author1-link = Dan Boneh
Line 126 ⟶ 127:
| volume = 3027
| year = 2004| doi-access = free
}}</ref>
All these algorithms have [[Provable security|security proofs]].
Line 143 ⟶ 144:
* IBE solutions may rely on cryptographic techniques that are insecure against code breaking [[quantum computer]] attacks (see [[Shor's algorithm]]).
== See also ==
* [[
* [[Identity-based conditional proxy re-encryption]]
* [[Attribute-based encryption]]
== References ==
{{Reflist}}
== External links ==
* [https://web.archive.org/web/20201020201238/https://www.crypto.ruhr-uni-bochum.de/lehre/ss14/cryptosem.html.en Seminar 'Cryptography and Security in Banking'/'Alternative Cryptology', Ruhr University Bochum, Germany]
* [https://web.archive.org/web/20170605075501/http://www.ietf.org/rfc/rfc5091.txt RFC 5091 - the IETF RFC defining two common IBE algorithms]
* [http://www.hpl.hp.com/techreports/2003/HPL-2003-21.pdf HP Role-Based Encryption] {{Webarchive|url=https://web.archive.org/web/20031212160232/http://www.hpl.hp.com/techreports/2003/HPL-2003-21.pdf |date=2003-12-12 }}
* [https://web.archive.org/web/20090416044556/http://www.larc.usp.br/~pbarreto/pblounge.html The Pairing-Based Crypto Lounge]
* [https://web.archive.org/web/20090628190353/http://www.voltage.com/vsn/ The Voltage Security Network - IBE encryption web service]
| |||