Applying Fujisaki-Okamoto to Identity-Based Encryption
نویسندگان
چکیده
The Fujisaki-Okamoto (FO) conversion is widely known to be able to generically convert a weak public key encryption scheme, say one-way against chosen plaintext attacks (OW-CPA), to a strong one, namely, indistinguishable against adaptive chosen ciphertext attacks (IND-CCA). It is not known that if the same holds for identity-based encryption (IBE) schemes, though many IBE and variant schemes are in fact specifically using the FO conversion. In this paper, we investigate this issue and confirm that the FO conversion is generically effective also in the IBE case. However, straightforward application of the FO conversion only leads to an IBE scheme with a loose (but polynomial) reduction. We then propose a simple modification to the FO conversion, which results in considerably more efficient security reduction.
منابع مشابه
Generic Transforms to Acquire CCA-Security for Identity Based Encryption: The Cases of FOpkc and REACT
Fujisaki-Okamoto (FOpkc) conversion [14] and REACT conversion [18] are widely known to be able to generically convert a weak public key encryption scheme to a strong encryption scheme, i.e., indistinguishable against adaptive chosen ciphertext attacks (IND-CCA). In this paper, we discuss applications of Fujisaki-Okamoto (FOpkc) conversion and REACT conversion to Identity Based Encryptions (IBE)...
متن کاملPost-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms
In this paper, we present a hybrid encryption scheme that is chosen ciphertext secure in the quantum random oracle model. Our scheme is a combination of an asymmetric and a symmetric encryption scheme that are secure in a weak sense. It is a slight modification of the Fujisaki-Okamoto transform that is secure against classical adversaries. In addition, we modify the OAEP-cryptosystem and prove ...
متن کاملSecurity Proof of Sakai-Kasahara's Identity-Based Encryption Scheme
Identity-based encryption (IBE) is a special asymmetric encryption method where a public encryption key can be an arbitrary identifier and the corresponding private decryption key is created by binding the identifier with a system’s master secret. In 2003 Sakai and Kasahara proposed a new IBE scheme, which has the potential to improve performance. However, to our best knowledge, the security of...
متن کاملSecurity and Anonymity of Identity-Based Encryption with Multiple Trusted Authorities
We consider the security of Identity-Based Encryption (IBE) in the setting of multiple Trusted Authorities (TAs). In this multi-TA setting, we envisage multiple TAs sharing some common parameters, but each TA generating its own master secrets and master public keys. We provide security notions and security models for the multi-TA setting which can be seen as natural extensions of existing notio...
متن کاملEfficient Implementation of a CCA2-Secure Variant of McEliece Using Generalized Srivastava Codes
In this paper we present efficient implementations of McEliece variants using quasi-dyadic codes. We provide secure parameters for a classical McEliece encryption scheme based on quasi-dyadic generalized Srivastava codes, and successively convert our scheme to a CCA2-secure protocol in the random oracle model applying the Fujisaki-Okamoto transform. In contrast with all other CCA2-secure code-b...
متن کامل