Abstract

Key escrow is a major drawback of identity-based encryption (IBE). The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user's identity. This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user's identity. Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009. An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret's shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide. The notion of ACI crucially relies on the privacy of user's identity in the eyes of the KGC. The only privacy leakage allowed in Chow's model is via querying an embedded-identity encryption oracle. In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient's identity. We also give a generic construction on how to achieve this notion when the identity has enough entropy.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.