Full text | Click to download. |
Citation | In Proc. of 12th ACM Conference on Computer and Communications
Security (CCS 2005), ACM Press, 2005.
|
Authors | Xavier Boyen
Qixiang Mei Brent Waters |
We describe a new encryption technique that is secure in the standard model
against adaptive chosen ciphertext (CCA2) attacks. We base our method on two
very efficient Identity-Based Encryption (IBE) schemes without random oracles
due to Boneh and Boyen, and Waters.
Unlike previous CCA2-secure cryptosystems that use IBE as a black box, our
approach is endogenous, very simple, and compact. It makes direct use of the
underlying IBE structure, and requires no cryptographic primitive other than
the IBE scheme itself. This conveys several advantages. We achieve shorter
ciphertext size than the best known instantiations of the other methods, and
our technique is as efficient as the Boneh and Katz method (and more so than
that of Canetti, Halevi, and Katz). Further, our method operates nicely on
hierarchical IBE, and since it allows the validity of ciphertexts to be
checked publicly, it can be used to construct systems with non-interactive
threshold decryption.
In this paper we describe two main constructions: a full encryption system
based on the Waters adaptive-ID secure IBE, and a KEM based on the Boneh-
Boyen selective-ID secure IBE. Both systems are shown CCA2-secure in the
standard model, the latter with a tight reduction. We discuss several uses
and extensions of our approach, and draw comparisons with other schemes that
are provably secure in the standard model.