Boneh-Franklin Identity Based Encryption Scheme

Slides:



Advertisements
Similar presentations
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Advertisements

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Parshuram Budhathoki FAU October 25, /25/2012 Ph.D. Preliminary Exam, Department of Mathematics, FAU.
Encryption Public-Key, Identity-Based, Attribute-Based.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Identity Based Encryption
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Public Encryption: RSA
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Model 8. Cryptography part 2.
Dan Boneh Authenticated Encryption Definitions Online Cryptography Course Dan Boneh.
8. Data Integrity Techniques
An Efficient Identity-based Cryptosystem for
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Public-Key Encryption
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Center for Information Security Technologies ID-based Authenticated Key Exchange for Low-Power Mobile Devices K. Y. Choi, J. Y. Hwang, D. H. Lee CIST,
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Scott CH Huang COM 5336 Lecture 7 Other Public-Key Cryptosystems Scott CH Huang COM 5336 Cryptography Lecture 7.
Cryptanalysis of Some Proxy Signature Schemes without Certificates Wun-She Yap, Swee-Huay Heng Bok-Min Goi Multimedia University.
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Key Management Network Systems Security Mort Anvari.
Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)
Searchable Encryption in Cloud
최신정보보호기술 경일대학교 사이버보안학과 김 현성.
An Introduction to Pairing Based Cryptography
Key Exchange References: Applied Cryptography, Bruce Schneier
Privacy & Security.
Identity Based Encryption
Certificateless signature revisited
Public Key Encryption and Digital Signatures
Public-Key Cryptography and RSA
Public Key Encryption and the RSA Algorithm
Group theory exercise.
Identity-based deniable authentication protocol
Basic Network Encryption
An Introduction to Pairing Based Cryptography
Elliptic Curve Cryptography (ECC)
Introduction to Symmetric-key and Public-key Cryptography
Cryptography Lecture 25.
Elliptic Curve Cryptography (ECC)
Key Management Network Systems Security
Appendix 5: Cryptography p
A New Provably Secure Certificateless Signature Scheme
Lecture 10: Network Security.
Chapter 3 - Public-Key Cryptography & Authentication
Chapter 29 Cryptography and Network Security
Introduction to Cryptography
The power of Pairings towards standard model security
Oblivious Transfer.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Secure Diffie-Hellman Algorithm
Cryptography Lecture 23.
How to Use Charm Crypto Lib
Presentation transcript:

Boneh-Franklin Identity Based Encryption Scheme Parshuram Budhathoki Department of Mathematics Florida Atlantic University 28 March, 2013 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Alice wants to send a message to Bob. Securely Alice wants to communicate with Bob securely. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Alice wants to communicate with Bob securely. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Private Key Cryptography AES DES Alice wants to communicate with Bob securely. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Private Key Cryptography Limitation: The Key-Distribution Problem. Key Storage and Secrecy. Problem in Open Systems. Key Distribution Problem: The initial sharing of a secret key can be done using a secure channel that can be implemented, e.g., using a trusted messenger service. This option is likely to be unavailable to the average person, Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: In 1976, Whitfield Diffie and Martin Hellman Public Key Cryptography Public Key Cryptography solves problems in Private Key Cryptography. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Public Key Cryptography Public Key Private Key RSA Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Public Key Cryptography RSA Public Key AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYsc8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7rNzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaXfgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQLGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: Public Key Cryptography Before starting communication: Alice has to get Bob’s Public key She has to verify that this Public Key is correct one. So, she needs chain of certificates. Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: In 1984 Adi Shamir suggested Identity Based Cryptography Public Key email id : bob@fau.edu phone : 561297-0bob Address : 777 Glades Road Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Motivation: In 1984 Adi Shamir suggested Identity Based Cryptography Public Key email id : bob@fau.edu phone : 561297-0bob Address : 777 Glades Road In 2001 Dan Boneh and Matthew Franklin proposed an encryption scheme. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Outline Identity Based Cryptography Pairing Hash functions Bilinear Diffie - Hellman problem. BF encryption scheme. 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Cryptography Setup Extract Encryption Scheme 4. Encrypt 5. Decrypt 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Cryptography Encryption Scheme: Public Parameter Security Parameter Setup params Master Key Trust Authority Identity, Master Key, params 2. Extract Private Key Message and params 3. Encrypt Ciphertext Private Key, Ciphertext, and params Message 4. Decrypt 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure ID-based encryption scheme: GAME Challenger uses Setup algorithm to generates params and Master key Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure ID-based encryption scheme: GAME params Master Key Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure Id-based encryption scheme: GAME params Master Key The Adversary issues m queries - extraction query for < Idi > - decryption query <Idi , Ci > Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure Id-based encryption scheme: GAME params Master Key The Adversary picks M0 , M1 and a public key ID The Challenger picks a random b ∈ { 0, 1 } and sends C = Encrypt( params , ID, Mb ) Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure Id-based encryption scheme: GAME params Master Key The Adversary issues m additional queries - extraction query < Idi > - decryption query < Idi , Ci > Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure Id-based encryption scheme: GAME params Master Key The Adversary outputs b’ The Adversary wins if b = b’ |P ( the adversary wins ) – 1/2| should be negligible. Adversary Challenger Semantic security against an adaptive chosen ciphertext and Id attack IND-ID-CCA 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Pairing e(P,Q) e Domain G1 Range V Domain G P Domain G2 Asymmetric Q Domain G Symmetric 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Pairing Let (G,+) and (V, ∙ ) denote cyclic groups of prime order q , P ∈ G, a generator of G and a pairing e: G x G V is a map which satisfies the following properties: Bilinearity : ∀ P, Q , R ∈ G we have e(P+R, Q)= e(P,Q) e(R,Q) and e(P, R+Q)= e(P,R) e(P,Q) 2) Non-degeneracy : There exists P, Q ∈ G such that e(P,Q) ≠1. e is efficiently computable. 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Pairing Important property of bilinearity: ∀ P, R ∈ G and any integer n we have e(nP, R) = e(P + P + … + P, R ) = e(P, R) e(P, R) … e(P, R) = e(P, R)n = e( P, nR) 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Hash Functions: Range H H(x) Fixed size Domain No Inverse x Any size 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Hash Function: One way transformation Input := Any size, Output:= Fixed size H(x1 ) ≠ H(x2) for x1 ≠ x2 , Collision free 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Bilinear Diffie-Hellman Problem: Let G1 and G2 be two groups of prime order q. Let e: G1 × G1 G2 be a pairing and let P be a generator of G1 . The BDH problem in <G1 , G2 , e > is a computation of e(P, P ) abc , by using <P, aP, bP, cP > for some a, b, c ∈ Z*q 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : Alice wants to communicate with Bob securely. Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Public Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Bob Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Trust Authority bob@fau.edu Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Trust Authority Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Any One Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, n, H1 , H2 > Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity based encryption scheme : params : <G1 , G2 ,P, Ppub ,q, e, n, H1 , H2 > Master Key:= s ∈ Z*q k ∈ Z+ Setup Ppub = sP Trust Authority Assume H1 : {0,1}* G1* and H2 : G2 {0,1}n Message space = {0,1}n Ciphertext space = G1* × {0, 1}n 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub ,q, e, n, H1 , H2 > Encrypt To encrypt message M Compute QID = H1 ( ID) choose random r ∈ Z*q Ciphertext C := < rP , M ⨁ H2 ( gr ID ) > Where gID = e( QID , Ppub ) ∈ G2* Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > C := < rP , M ⨁ H2 ( gr ID ) > Bob Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, n, q, H1 , H2 > bob@fau.edu C Trust Authority Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Extract After getting ID ∈{0,1}* Compute QID = H1 ( ID ) ∈G1* Private Key = dID = s QID bob@fau.edu Trust Authority 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > dbob@fau.edu Extract Trust Authority Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Decrypt Let C = <U, V>, then by using private key dID : V ⨁ H2 ( e(dID , U) = M dbob@fau.edu C := < rP , M ⨁ H2 ( gr ID ) > Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme : params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Correctness of Decryption H2 ( e(dID , U) = H2 ( e ( s H1 ( ID ) , rP)) = H2 ( e(H1 (ID) , P)sr ) = H2 ( e( H1 (ID) , sP)r ) = H2 ( (gID )r ) dbob@Fau.edu C := < rP , M ⨁ H2 ( gr ID ) > V ⨁ H2 ( e(dID , U) = M ⨁ H2 ( (gID )r ) ⨁ H2 ( (gID )r ) = M Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU Thank You 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.