Ááááððþþòò Áááòøøøý¹¹¹××× Ò Blockinöýôøøóò ¶

We formalize the standard appli ation of identity-based en ryption (IBE), namely nonintera tive se ure ommuni ation, as realizing an ideal system whi h we all delivery ontrolled hannel (DCC). This system allows users to be registered (by a entral authority) for an identity and to send messages se urely to other users only known by their identity. Quite surprisingly, we show that existing se urity de nitions for IBE are not su ient to realize DCC. In fa t, it is impossible to do so in the standard model. We show, however, how to adjust any IBE s heme that satis es the standard se urity de nition IND-ID-CPA to a hieve this goal in the random ora le model. We also show that the impossibility result an be avoided in the standard model by onsidering a weaker ideal system that requires all users to be registered in an initial phase before any messages are sent. To a hieve this, a weaker se urity notion, whi h we introdu e and all IND-ID1-CPA, is a tually su ient. This justi es our new se urity de nition and might open the door for more e ient s hemes. We further investigate whi h ideal systems an be realized with s hemes satisfying the standard notion and variants of sele tive se urity. As a ontribution of independent interest, we show how to model features of an ideal system that are potentially available to dishonest parties but not guaranteed, and whi h su h features arise when using IBE.