On the security of the identity-based encryption based on DHIES from ASIACCS 2010

Abstract: In ASIACCS 2010, Chen, Charlemagne, Guan, Hu and Chen proposed an interesting construction of identity-based encryption based on DHIES, whose key extraction algorithm makes use of the multivariate quadratic equation. They proved that their scheme is selective-ID secure against chosen ciphertext attack, i.e. secure in the sense of IND-sID-CCA. Unfortunately, in this paper, we demonstrate that Chen et al.'s scheme is insecure in the sense of IND-sID-CCA by showing that the private key extraction algorithm of the… Show more

“…As with our attacks, this invalidates the security claims made in [5]. However, our attacks are considerably more flexible, much more efficient than the attack in [10] and exploit more structure of the particular construction proposed in [5]. Moreover, we provide concrete attack costs for the parameters proposed in [5] (something that was omitted in [10]), we highlight the flaw in the security proof given in [5], and we show that there is a design flaw in the construction of private keys in the scheme which enables attacks beyond straight-forward system solving.…”

“…In [10], Susilo and Baek also present an attack against the scheme of [5]. We stress that our work was done independently of and in parallel to [10].…”

“…We stress that our work was done independently of and in parallel to [10]. The attack in [10] is an application of the observation in Section 3.1 of [5] using more precise complexity results than the authors of the original scheme. As with our attacks, this invalidates the security claims made in [5].…”

“…However, our attacks are considerably more flexible, much more efficient than the attack in [10] and exploit more structure of the particular construction proposed in [5]. Moreover, we provide concrete attack costs for the parameters proposed in [5] (something that was omitted in [10]), we highlight the flaw in the security proof given in [5], and we show that there is a design flaw in the construction of private keys in the scheme which enables attacks beyond straight-forward system solving. Finally, we note that [10] repeats some of the wrong claims made in [5] about the complexity of Gröbner basis algorithms and the relation of the XL algorithm to standard Gröbner basis algorithms.…”

“…Moreover, we provide concrete attack costs for the parameters proposed in [5] (something that was omitted in [10]), we highlight the flaw in the security proof given in [5], and we show that there is a design flaw in the construction of private keys in the scheme which enables attacks beyond straight-forward system solving. Finally, we note that [10] repeats some of the wrong claims made in [5] about the complexity of Gröbner basis algorithms and the relation of the XL algorithm to standard Gröbner basis algorithms. In order to correct these misunderstandings, which seem to be quite widely shared in the research community, we include in Section 3 a detailed account of the state-of-the-art for complexity results for polynomial system solving.…”

Breaking an Identity-Based Encryption Scheme Based on DHIES

“…As with our attacks, this invalidates the security claims made in [5]. However, our attacks are considerably more flexible, much more efficient than the attack in [10] and exploit more structure of the particular construction proposed in [5]. Moreover, we provide concrete attack costs for the parameters proposed in [5] (something that was omitted in [10]), we highlight the flaw in the security proof given in [5], and we show that there is a design flaw in the construction of private keys in the scheme which enables attacks beyond straight-forward system solving.…”

“…In [10], Susilo and Baek also present an attack against the scheme of [5]. We stress that our work was done independently of and in parallel to [10].…”

“…We stress that our work was done independently of and in parallel to [10]. The attack in [10] is an application of the observation in Section 3.1 of [5] using more precise complexity results than the authors of the original scheme. As with our attacks, this invalidates the security claims made in [5].…”

“…However, our attacks are considerably more flexible, much more efficient than the attack in [10] and exploit more structure of the particular construction proposed in [5]. Moreover, we provide concrete attack costs for the parameters proposed in [5] (something that was omitted in [10]), we highlight the flaw in the security proof given in [5], and we show that there is a design flaw in the construction of private keys in the scheme which enables attacks beyond straight-forward system solving. Finally, we note that [10] repeats some of the wrong claims made in [5] about the complexity of Gröbner basis algorithms and the relation of the XL algorithm to standard Gröbner basis algorithms.…”

“…Moreover, we provide concrete attack costs for the parameters proposed in [5] (something that was omitted in [10]), we highlight the flaw in the security proof given in [5], and we show that there is a design flaw in the construction of private keys in the scheme which enables attacks beyond straight-forward system solving. Finally, we note that [10] repeats some of the wrong claims made in [5] about the complexity of Gröbner basis algorithms and the relation of the XL algorithm to standard Gröbner basis algorithms. In order to correct these misunderstandings, which seem to be quite widely shared in the research community, we include in Section 3 a detailed account of the state-of-the-art for complexity results for polynomial system solving.…”

Breaking an Identity-Based Encryption Scheme Based on DHIES

An efficient protocol for two‐party explicit authenticated key agreement

An Efficient Provably Secure Password-Based Authenticated Key Agreement