Construction of a Multi-domain Functional Encryption System on Functional Information Infrastructure

Abstract

Identity-based encryption (IBE) and cryptographic systems based on IBE, timed-release encryption (TRE), attribute-based encryption (ABE), and functional encryption (FE), use information that identify individuals or groups (e.g., identities, attributes) for encryption and decryption. One significant advantage of FE is the fact that identity and attributes management leads to key management. If an infrastructure for managing identity and attributes existed, we could encrypt a message with identity and attributes (Functional Information, FI) for FE on it. With an infrastructure for FE, we can utilize existing FEs issued for FE and reduce the cost of issuing/managing a new FI only for FE. That is, we could regard FE as a service on the infrastructures in order to delegate management of FI to it. For PKG, a conventional IBE player, we propose a framework that divides it into three entities to enable it to correspond with complex FE systems that federate each function among several FE systems. We also examine use cases in which there are more than one instances of each entity in the same domain, and domain-use cases in which each entity coexists under multi-domain, and apply them to multiple FE systems among different domains. Consequently, we discover challenges that are not described in RFC 5408, also referred to as standardization scalability. On the basis of the use cases, to examine the management of these multi-domains, we develop ABE systems on ID management infrastructure with open protocols for authentication/authorization (OAuth and OpenID Connect) and demonstrate the feasibility of the framework in FE.