Boneh-Franklin Identity Based Encryption Scheme

Boneh-Franklin Identity Based Encryption Scheme
Parshuram Budhathoki Department of Mathematics Florida Atlantic University 28 March, 2013 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Graduate Student Seminar, Department of Mathematics, FAU
Motivation: Alice wants to send a message to Bob. Securely Alice wants to communicate with Bob securely. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: Alice wants to communicate with Bob securely. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: Private Key Cryptography AES DES Alice wants to communicate with Bob securely. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: Private Key Cryptography Limitation: The Key-Distribution Problem. Key Storage and Secrecy. Problem in Open Systems. Key Distribution Problem: The initial sharing of a secret key can be done using a secure channel that can be implemented, e.g., using a trusted messenger service. This option is likely to be unavailable to the average person, Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: In 1976, Whitfield Diffie and Martin Hellman Public Key Cryptography Public Key Cryptography solves problems in Private Key Cryptography. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: Public Key Cryptography Public Key Private Key RSA Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: Public Key Cryptography RSA Public Key AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYsc8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7rNzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaXfgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQLGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: Public Key Cryptography Before starting communication: Alice has to get Bob’s Public key She has to verify that this Public Key is correct one. So, she needs chain of certificates. Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: In 1984 Adi Shamir suggested Identity Based Cryptography Public Key id : phone : bob Address : 777 Glades Road Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Motivation: In 1984 Adi Shamir suggested Identity Based Cryptography Public Key id : phone : bob Address : 777 Glades Road In 2001 Dan Boneh and Matthew Franklin proposed an encryption scheme. Alice Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Outline Identity Based Cryptography Pairing Hash functions Bilinear Diffie - Hellman problem. BF encryption scheme. 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Cryptography
Setup Extract Encryption Scheme 4. Encrypt 5. Decrypt 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Cryptography
Encryption Scheme: Public Parameter Security Parameter Setup params Master Key Trust Authority Identity, Master Key, params 2. Extract Private Key Message and params 3. Encrypt Ciphertext Private Key, Ciphertext, and params Message 4. Decrypt 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure ID-based encryption scheme:
GAME Challenger uses Setup algorithm to generates params and Master key Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure ID-based encryption scheme:
GAME params Master Key Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Secure Id-based encryption scheme:
GAME params Master Key The Adversary issues m queries - extraction query for < Idi > - decryption query <Idi , Ci > Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

GAME params Master Key The Adversary picks M0 , M1 and a public key ID The Challenger picks a random b ∈ { 0, 1 } and sends C = Encrypt( params , ID, Mb ) Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

GAME params Master Key The Adversary issues m additional queries - extraction query < Idi > - decryption query < Idi , Ci > Adversary Challenger 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

GAME params Master Key The Adversary outputs b’ The Adversary wins if b = b’ |P ( the adversary wins ) – 1/2| should be negligible. Adversary Challenger Semantic security against an adaptive chosen ciphertext and Id attack IND-ID-CCA 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Pairing e(P,Q) e Domain G1 Range V Domain G P Domain G2 Asymmetric Q Domain G Symmetric 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Pairing Let (G,+) and (V, ∙ ) denote cyclic groups of prime order q , P ∈ G, a generator of G and a pairing e: G x G V is a map which satisfies the following properties: Bilinearity : ∀ P, Q , R ∈ G we have e(P+R, Q)= e(P,Q) e(R,Q) and e(P, R+Q)= e(P,R) e(P,Q) 2) Non-degeneracy : There exists P, Q ∈ G such that e(P,Q) ≠1. e is efficiently computable. 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Pairing Important property of bilinearity: ∀ P, R ∈ G and any integer n we have e(nP, R) = e(P + P + … + P, R ) = e(P, R) e(P, R) … e(P, R) = e(P, R)n = e( P, nR) 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Hash Functions: Range H H(x) Fixed size Domain No Inverse x Any size 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Hash Function: One way transformation Input := Any size, Output:= Fixed size H(x1 ) ≠ H(x2) for x1 ≠ x2 , Collision free 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Bilinear Diffie-Hellman Problem:
Let G1 and G2 be two groups of prime order q. Let e: G1 × G G2 be a pairing and let P be a generator of G1 . The BDH problem in <G1 , G2 , e > is a computation of e(P, P ) abc , by using <P, aP, bP, cP > for some a, b, c ∈ Z*q 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Identity Based Encryption Scheme :
Alice wants to communicate with Bob securely. Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Public Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Bob Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Trust Authority Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, H1 , H2 , … > Any One Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, n, H1 , H2 > Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity based encryption scheme :
params : <G1 , G2 ,P, Ppub ,q, e, n, H1 , H2 > Master Key:= s ∈ Z*q k ∈ Z+ Setup Ppub = sP Trust Authority Assume H1 : {0,1}* G1* and H2 : G {0,1}n Message space = {0,1}n Ciphertext space = G1* × {0, 1}n 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

BF Identity Based Encryption Scheme :
params : <G1 , G2 ,P, Ppub ,q, e, n, H1 , H2 > Encrypt To encrypt message M Compute QID = H1 ( ID) choose random r ∈ Z*q Ciphertext C := < rP , M ⨁ H2 ( gr ID ) > Where gID = e( QID , Ppub ) ∈ G2* Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > C := < rP , M ⨁ H2 ( gr ID ) > Bob Alice 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, n, q, H1 , H2 > C Trust Authority Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Extract After getting ID ∈{0,1}* Compute QID = H1 ( ID ) ∈G1* Private Key = dID = s QID Trust Authority 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Extract Trust Authority Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Decrypt Let C = <U, V>, then by using private key dID : V ⨁ H2 ( e(dID , U) = M C := < rP , M ⨁ H2 ( gr ID ) > Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

params : <G1 , G2 ,P, Ppub , e, q, n, H1 , H2 > Correctness of Decryption H2 ( e(dID , U) = H2 ( e ( s H1 ( ID ) , rP)) = H2 ( e(H1 (ID) , P)sr ) = H2 ( e( H1 (ID) , sP)r ) = H2 ( (gID )r ) C := < rP , M ⨁ H2 ( gr ID ) > V ⨁ H2 ( e(dID , U) = M ⨁ H2 ( (gID )r ) ⨁ H2 ( (gID )r ) = M Bob 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Thank You 03/28/2013 Graduate Student Seminar, Department of Mathematics, FAU

Boneh-Franklin Identity Based Encryption Scheme

Similar presentations

Presentation on theme: "Boneh-Franklin Identity Based Encryption Scheme"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Boneh-Franklin Identity Based Encryption Scheme

Similar presentations

Presentation on theme: "Boneh-Franklin Identity Based Encryption Scheme"— Presentation transcript:

Similar presentations

About project

Feedback