Identity-based encryption with efficient revocation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Identity-based encryption with efficient revocation

Full text

Pdf (654 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 15th ACM conference on Computer and communications security table of contents

Alexandria, Virginia, USA

SESSION: Identity-based encryption table of contents

Pages 417-426

Year of Publication: 2008

ISBN:978-1-59593-810-7

Authors

Alexandra Boldyreva	Georgia Institute of Technology, Atlanta, GA, USA
Vipul Goyal	University of California at Los Angeles, Los Angeles, CA, USA
Virendra Kumar	Georgia Institute of Technology, Atlanta, GA, USA

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 51, Downloads (12 Months): 505, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1455770.1455823 What is a DOI?

ABSTRACT

Identity-based encryption (IBE) is an exciting alternative to public-key encryption, as IBE eliminates the need for a Public Key Infrastructure (PKI). The senders using an IBE do not need to look up the public keys and the corresponding certificates of the receivers, the identities (e.g. emails or IP addresses) of the latter are sufficient to encrypt. Any setting, PKI- or identity-based, must provide a means to revoke users from the system. Efficient revocation is a well-studied problem in the traditional PKI setting. However in the setting of IBE, there has been little work on studying the revocation mechanisms. The most practical solution requires the senders to also use time periods when encrypting, and all the receivers (regardless of whether their keys have been compromised or not) to update their private keys regularly by contacting the trusted authority. We note that this solution does not scale well -- as the number of users increases, the work on key updates becomes a bottleneck. We propose an IBE scheme that significantly improves key-update efficiency on the side of the trusted party (from linear to logarithmic in the number of users), while staying efficient for the users. Our scheme builds on the ideas of the Fuzzy IBE primitive and binary tree data structure, and is provably secure.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	William Aiello , Sachin Lodha , Rafail Ostrovsky, Fast Digital Identity Revocation (Extended Abstract), Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.137-152, August 23-27, 1998
	2	Mihir Bellare , Phillip Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.62-73, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168596]
	3	A. Boldyreva, V. Goyal, and V. Kumar. Identity-based encryption with efficient revocation. Full version of this paper. Available from http://www.cc.gatech.edu/ aboldyre/publications.html, 2008.
	4	D. Boneh and X. Boyen. Efficient selective-ID secure identity-based encryption without random oracles. In EUROCRYPT, pages 223---238, 2004.
	5	Dan Boneh , Ran Canetti , Shai Halevi , Jonathan Katz, Chosen-Ciphertext Security from Identity-Based Encryption, SIAM Journal on Computing, v.36 n.5, p.1301-1328, December 2006 [doi>10.1137/S009753970544713X]
	6	Dan Boneh , Xuhua Ding , Gene Tsudik , Chi Ming Wong, A method for fast revocation of public key certificates and security capabilities, Proceedings of the 10th conference on USENIX Security Symposium, p.22-22, August 13-17, 2001, Washington, D.C.
	7	Dan Boneh , Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.213-229, August 19-23, 2001
	8	R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. In EUROCRYPT, pages 207--222, 2004.
	9	Ran Canetti, Shai Halevi, and Jonathan Katz. A forward-secure public-key encryption scheme. In EUROCRYPT, pages 255--271, 2003.
	10	Eiichiro Fujisaki , Tatsuaki Okamoto, How to Enhance the Security of Public-Key Encryption at Minimum Cost, Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, p.53-68, March 01-03, 1999
	11	Eiichiro Fujisaki , Tatsuaki Okamoto, Secure Integration of Asymmetric and Symmetric Encryption Schemes, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.537-554, August 15-19, 1999
	12	Craig Gentry. Certificate-based encryption and the certificate revocation problem. In EUROCRYPT, pages 272--293, 2003.
	13	V. Goyal. Certificate revocation using fine grained certificate space partitioning. In Financial Cryptography, pages 247--259. Springer, 2007.
	14	V. Goyal. Reducing trust in the PKG in identity based cryptosystems. In CRYPTO, pages 430--447, 2007.
	15	Vipul Goyal , Omkant Pandey , Amit Sahai , Brent Waters, Attribute-based encryption for fine-grained access control of encrypted data, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA [doi>10.1145/1180405.1180418]
	16	Y. Hanaoka, G. Hanaoka, J. Shikata, and H. Imai. Identity-based hierarchical strongly key-insulated encryption and its application. In ASIACRYPT, pages 495--514, 2005.
	17	T. Kitagawa, P. Yang, G. Hanaoka, R. Zhang, H. Watanabe,K. Matsuura, and H. Imai. Generic transforms to acquire CCA-security for identity based encryption: The cases of FOpkc and REACT. In ACISP, pages 348--359, 2006.
	18	Benoît Libert , Jean-Jacques Quisquater, Efficient revocation and threshold pairing based cryptosystems, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.163-171, July 13-16, 2003, Boston, Massachusetts [doi>10.1145/872035.872059]
	19	S. Micali, Efficient Certificate Revocation, Massachusetts Institute of Technology, Cambridge, MA, 1996
	20	S. Micali. Novomodo: Scalable certificate validation and simplified PKI management. In PKI Research Workshop, 2002.
	21	Dalit Naor , Moni Naor , Jeffrey B. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.41-62, August 19-23, 2001
	22	Moni Naor , Kobbi Nissim, Certificate revocation and certificate update, Proceedings of the 7th conference on USENIX Security Symposium, p.17-17, January 26-29, 1998, San Antonio, Texas
	23	Matthew Pirretti , Patrick Traynor , Patrick McDaniel , Brent Waters, Secure attribute-based systems, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA [doi>10.1145/1180405.1180419]
	24	A. Sahai and B. Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005.
	25	Adi Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84 on Advances in cryptology, p.47-53, August 1985, Santa Barbara, California, United States
	26	B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005.
	27	P. Yang, T. Kitagawa, G. Hanaoka, R. Zhang, K. Matsuura, andH. Imai. Applying Fujisaki-Okamoto to identity-based encryption. In AAECC, pages 183--192, 2006.