Identity-Based Decryption

Identity-based decryption is an alternative to identity-based encryption, in which Alice encrypts a symmetric key for Bob under a trusted authority’s public key. Alice sends Bob the resulting ciphertext, which Bob can send to the trusted authority. The trusted authority provides Bob the symmetric key only upon verifying Bob’s identity. 1 Identity-Based Encryption Shamir introduced [7] the notion of identity-based encryption (IBE). In contrast to public-key encryption (PKE), a user of IBE does not have a distinct public key. Rather, the user’s identity serves the role of public key. The user’s private key is created by some trusted authority. Boneh and Franklin proposed a practical identity-based encryption scheme [3, 4]. Some of the advantages of identity-based encryption over public-key encryption are: Less initialization: Alice can encrypt messages to Bob even if Bob does not yet have a private key. So, unlike in PKE, Bob does not have to be initialized into the system, that is, he does not already need to have a public key. This is because, upon receipt of such an IBE ciphertext from Alice, Bob can, if he does not already have the private key needed for decryption, obtain his private key from the trusted authority. Also, with a conventional PKE, Bob has only a future, not an immediate, incentive to set up a public key, but in IBE, Bob’s incentive is immediate: to be able read Alice’s ciphertext. Less intercommunication: Bob’s public key does not need to be communicated to Alice. Consequently there is less intercommunication: Bob does not need to send his public key to Alice nor does Alice need to look up Bob’s public key in a directory, whereas in PKE, Alice would typically obtain Bob’s public key by one of these two methods. More customizability: Alice can select and add auxiliary information to Bob’s identity in IBE, such as a date allowed for decryption, or some other condition that Bob must satisfy in order to obtain his private key from the authority. Potentially Less Computational Overhead in Encryption: When, as is often the case, PKE relies on a public-key infrastructure (PKI) to authenticate public keys, it will be the case that Alice can only be sure that a public key actually belongs to Bob by verifying a certificate. ∗Certicom Research