Traceable and Retrievable Identity-Based Encryption

Very recently, the concept of Traceable Identity-based Encryption (IBE) scheme (or Accountable Authority Identity based Encryption scheme) was introduced in Crypto 2007. This concept enables some mechanisms to reduce the trust of a private key generator (PKG) in an IBE system. The aim of this paper is threefold. First, we discuss some subtleties in the first traceable IBE scheme in the Crypto 2007 paper. Second, we present an extension to this work by having the PKG’s master secret key retrieved automatically if more than one user secret key are released. This way, the user can produce a concrete proof of misbehaviour of the PKG in the court. In contrast to previous approach, our idea gives strong incentive for the PKG to strengthen the security of the system since if someone can successfully release a user’s secret key, it means that his security is also compromised. We present a formal model to capture our idea. Third, we present an efficient construction based on Gentry’s IBE that satisfies our model and prove its security. Our construction is proven secure in the random oracle model. Nevertheless, we should emphasize that the aim of this paper is to introduce the new model to strengthen the IBE system.