Download presentation

Presentation is loading. Please wait.

Published byJaden Lane Modified over 4 years ago

1
Boneh-Franklin Identity-based Encryption

2
2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate: e(g, g) generates G t Efficiently-computable

3
3 Underlying hard problem Diffie-Hellman Problem Given g, g a, g b, find g ab Bilinear Diffie-Hellman Problem Bilinear e: G 1 G 2 G t Given g, g r, g s, g t, find e(g, g) rst Security parameters need to protect against discrete log attacks in multiple groups Boneh-Franklin IBE uses the BDHP in the most simple and straightforward way possible

4
4 BasicIdent: who has what? QuantitySenderRecipient s (master secret) t r (sender random) g (public) g t (identity) g st (private key) g r (sender calculates) g s (public) g rt \ Send g r to recipient to let him compute e(g, g) rst

5
5 Chosen-ciphertext security If we just use c = m Å H 2 (e(g rt, g s )) the system is vulnerable to a chosen-ciphertext attack H 2 (e(g rt, g s )) not a function of the plaintext Attacker has (g r, c), decrypts (g r, c) where c = c Å e to get m Then he can recover m = m Å e Fujisaki-Okamoto transform adds chosen-ciphertext security This is the scheme that we discuss in the following

6
6 BF-IBE (FullIdent) Assume that identities are bit strings of arbitrary length and messages to be encrypted are of length l Also need four cryptographic hash functions H 1 : {0, 1}* G For hashing an identity H 2 : G t {0, 1} l To XOR with a session key H 3 : {0, 1} l {0, 1} l Z p For deriving a blinding coefficient H 4 : {0, 1} l {0, 1} l To XOR with plaintext

7
7 BF-IBE Bohen-Franklin IBE comprises four algorithms: Setup Extract Encrypt Decrypt

8
8 BF-IBE: Setup Select random w Î Z p Set g pub = g w Set params = (g, g pub ) Î G 2 Set maskerk = w

9
9 BF-IBE: Extract To generate a private key d ID for an identity ID Î {0, 1}* using the master key w The trusted authority computes h ID = H 1 (ID) and d ID = (h ID ) w in G The private key is the group element d ID Î G

10
10 BF-IBE: Encrypt To encrypt a message M Î {0, 1} l for a recipient with identity ID Î {0, 1} *, the sender does the following: Picks a random s Î {0, 1} l Calculates r = H 3 (s, M) Computes h ID = H 1 (ID) Computes y ID = e(h ID, g pub ) Outputs ciphertext C C = (g r, s Å H 2 (y ID r ), M Å H 4 (s)) Î G {0, 1} l {0, 1} l

11
11 BF-IBE: Decrypt To decrypt a given ciphertext C = (u, v, w) using the private key d ID, the recipient does the following: Computes v Å H 2 (e(u, d ID )) = s Computes w Å H 4 (s) = M Computes H 3 (s, M) = r If g r ¹ u, the ciphertext is rejected Otherwise outputs M Î {0, 1} l as the decryption of C

Similar presentations

Presentation is loading. Please wait....

OK

Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google

Ppt on biogeochemical cycle carbon cycle Ppt on 9/11 conspiracy movie Ppt on school library management system Ppt on noun for class 2 Ppt on different types of computer softwares available Ppt on principles of object-oriented programming php Ppt on types of parallelograms pictures Ppt on automatic water level controller using microcontroller Ppt on overhead service connection Doc convert to ppt online ticket