| Full text | Click to download. |
| Citation | IACR eprint, report, 2002
|
| Author | Ben Lynn
|
Suppose Alice wishes to send a message to Bob using an identity-based encryption scheme (recall
such a scheme is a public key cryptosystem where any string is a valid public key), but desires
integrity as well as security. In other words, Alice wants Bob to know that only she could have
sent the message. Furthermore, suppose she does not want the non-repudiation property that would
necessarily be present if she simply used an identity-based signature scheme i.e. she does not want
Bob to be able to prove to a third party that she is the sender.
We augment the system of Boneh and Franklin [2] to allow communication with integrity without
nonrepudiation. We formalize notions of security and integrity for our scheme, and show that new
encryption and decryption algorithms are more ecient, despite being equally secure and authenticated.