Chosen-Ciphertext Security from Identity-Based Encryption

Authors: D. Boneh, R. Canetti, S. Halevi, and J. Katz

We propose simple and efficient "CCA-secure" public-key encryption schemes (i.e., schemes secure against adaptive chosen-ciphertext attacks) based on any identity-based encryption (IBE) scheme. When instantiated with known IBE schemes, our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCA-security; this paradigm avoids "proofs of well-formedness" that have been shown to underlie all previous constructions. Second, using efficient IBE constructions we obtain CCA-secure encryption schemes whose performance is competitive with the best provably-secure solutions to date. Our techniques extend naturally to give an efficient method for securing any hierarchical IBE scheme against adaptive chosen-ciphertext attacks. Coupled with previous work, this gives the most efficient known constructions of CCA-secure IBE schemes.

SIAM J. of Computing (SICOMP), Volume 36, Issue 5, pp. 915-942, 2006

Full paper: pdf         [first posted 6/2006 ]

Related papers: This paper is a merger of two preliminary papers; One in Eurocrypt '04 and the other in RSA-CT '05.