Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Encryption Public-Key, Identity-Based, Attribute-Based.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
Public Key Algorithms …….. RAIT M. Chatterjee.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Identity Based Encryption
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
A Designer’s Guide to KEMs Alex Dent
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Chapter3 Public-Key Cryptography and Message Authentication.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
By Jyh-haw Yeh Boise State University ICIKM 2013.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Cryptography, Authentication and Digital Signatures
James Higdon, Sameer Sherwani
Public-Key Cryptography CS110 Fall Conventional Encryption.
The Dual Receiver Cryptosystem and its Applications Presented by Brijesh Shetty.
Topic 22: Digital Schemes (2)
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Public-Key Encryption
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Digital Signatures, Message Digest and Authentication Week-9.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
Pairing based IBE. Some Definitions Some more definitions.
Key Management Network Systems Security Mort Anvari.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
1 Managing Security Additional notes. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server.
Searchable Encryption in Cloud
Identity Based Encryption
Boneh-Franklin Identity Based Encryption Scheme
Elliptic Curve Cryptography (ECC)
Cryptography Lecture 25.
Elliptic Curve Cryptography (ECC)
Key Management Network Systems Security
Introduction to Cryptography
The power of Pairings towards standard model security
Cryptography Lecture 21.
Presentation transcript:

Boneh-Franklin Identity-based Encryption

2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate: e(g, g) generates G t Efficiently-computable

3 Underlying hard problem Diffie-Hellman Problem Given g, g a, g b, find g ab Bilinear Diffie-Hellman Problem Bilinear e: G 1 G 2 G t Given g, g r, g s, g t, find e(g, g) rst Security parameters need to protect against discrete log attacks in multiple groups Boneh-Franklin IBE uses the BDHP in the most simple and straightforward way possible

4 BasicIdent: who has what? QuantitySenderRecipient s (master secret) t r (sender random) g (public) g t (identity) g st (private key) g r (sender calculates) g s (public) g rt \ Send g r to recipient to let him compute e(g, g) rst

5 Chosen-ciphertext security If we just use c = m Å H 2 (e(g rt, g s )) the system is vulnerable to a chosen-ciphertext attack H 2 (e(g rt, g s )) not a function of the plaintext Attacker has (g r, c), decrypts (g r, c) where c = c Å e to get m Then he can recover m = m Å e Fujisaki-Okamoto transform adds chosen-ciphertext security This is the scheme that we discuss in the following

6 BF-IBE (FullIdent) Assume that identities are bit strings of arbitrary length and messages to be encrypted are of length l Also need four cryptographic hash functions H 1 : {0, 1}* G For hashing an identity H 2 : G t {0, 1} l To XOR with a session key H 3 : {0, 1} l {0, 1} l Z p For deriving a blinding coefficient H 4 : {0, 1} l {0, 1} l To XOR with plaintext

7 BF-IBE Bohen-Franklin IBE comprises four algorithms: Setup Extract Encrypt Decrypt

8 BF-IBE: Setup Select random w Î Z p Set g pub = g w Set params = (g, g pub ) Î G 2 Set maskerk = w

9 BF-IBE: Extract To generate a private key d ID for an identity ID Î {0, 1}* using the master key w The trusted authority computes h ID = H 1 (ID) and d ID = (h ID ) w in G The private key is the group element d ID Î G

10 BF-IBE: Encrypt To encrypt a message M Î {0, 1} l for a recipient with identity ID Î {0, 1} *, the sender does the following: Picks a random s Î {0, 1} l Calculates r = H 3 (s, M) Computes h ID = H 1 (ID) Computes y ID = e(h ID, g pub ) Outputs ciphertext C C = (g r, s Å H 2 (y ID r ), M Å H 4 (s)) Î G {0, 1} l {0, 1} l

11 BF-IBE: Decrypt To decrypt a given ciphertext C = (u, v, w) using the private key d ID, the recipient does the following: Computes v Å H 2 (e(u, d ID )) = s Computes w Å H 4 (s) = M Computes H 3 (s, M) = r If g r ¹ u, the ciphertext is rejected Otherwise outputs M Î {0, 1} l as the decryption of C

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.