Identity-based encryption based on DHIES

Abstract: Most traditional public key cryptosystems are constructed upon algebraically rich structures, which makes their key pairs combinable, i.e., the combination of some private keys and their corresponding public keys could form a new key pair. Exploring such combinable property, this paper proposes a novel Identity-Based Encryption (IBE) scheme based on the Diffie-Hellman Integrated Encryption Scheme (DHIES) with quadratic key combination structure from bilinear maps. The new scheme has a number of advantages over… Show more

“…A recent proposal, due to Chen et al [5], has very efficient encryption and decryption and claims to have security based on the security of the DHIES public key encryption scheme. In this paper, we present collusion attacks against the scheme of [5] which recover the Trusted Authority's master secret key.…”

“…A recent proposal, due to Chen et al [5], has very efficient encryption and decryption and claims to have security based on the security of the DHIES public key encryption scheme. In this paper, we present collusion attacks against the scheme of [5] which recover the Trusted Authority's master secret key. These attacks apply even in the weak IBE security model used in [5] and thus completely invalidate the security claims made in [5,Theorem 3.1], the main security result in that paper.…”

“…In this paper, we present collusion attacks against the scheme of [5] which recover the Trusted Authority's master secret key. These attacks apply even in the weak IBE security model used in [5] and thus completely invalidate the security claims made in [5,Theorem 3.1], the main security result in that paper. We explain where the security analysis in [5] is deficient.…”

“…However, it seems that the authors of [5] were already aware of the possibility of collusion attacks against their scheme and set the scheme parameters with the intention of making such attacks inefficient (see Section 3.1 of [5]). We show that their setting of parameters is also flawed by exhibiting a family of efficient collusion attacks against the scheme which applies for their concrete choice of parameters.…”

“…In fact, our attacks allow the various attack parameters to be traded off against one another -such as the number of private keys needed (the size of the collusion), and the amount of computation needed. For example, we exhibit a master key recovery attack against the concrete scheme of [5] that requires a collusion of 2 13 parties, 2 43.3 evaluations of a hash function and 2 30 field operations.…”

Breaking an Identity-Based Encryption Scheme Based on DHIES

“…A recent proposal, due to Chen et al [5], has very efficient encryption and decryption and claims to have security based on the security of the DHIES public key encryption scheme. In this paper, we present collusion attacks against the scheme of [5] which recover the Trusted Authority's master secret key.…”

“…A recent proposal, due to Chen et al [5], has very efficient encryption and decryption and claims to have security based on the security of the DHIES public key encryption scheme. In this paper, we present collusion attacks against the scheme of [5] which recover the Trusted Authority's master secret key. These attacks apply even in the weak IBE security model used in [5] and thus completely invalidate the security claims made in [5,Theorem 3.1], the main security result in that paper.…”

“…In this paper, we present collusion attacks against the scheme of [5] which recover the Trusted Authority's master secret key. These attacks apply even in the weak IBE security model used in [5] and thus completely invalidate the security claims made in [5,Theorem 3.1], the main security result in that paper. We explain where the security analysis in [5] is deficient.…”

“…However, it seems that the authors of [5] were already aware of the possibility of collusion attacks against their scheme and set the scheme parameters with the intention of making such attacks inefficient (see Section 3.1 of [5]). We show that their setting of parameters is also flawed by exhibiting a family of efficient collusion attacks against the scheme which applies for their concrete choice of parameters.…”

“…In fact, our attacks allow the various attack parameters to be traded off against one another -such as the number of private keys needed (the size of the collusion), and the amount of computation needed. For example, we exhibit a master key recovery attack against the concrete scheme of [5] that requires a collusion of 2 13 parties, 2 43.3 evaluations of a hash function and 2 30 field operations.…”

Breaking an Identity-Based Encryption Scheme Based on DHIES

Towards a Secure Multivariate Identity-Based Encryption

On the security of the identity-based encryption based on DHIES from ASIACCS 2010