research-article

Identity-based encryption with efficient revocation

Authors:

Alexandra Boldyreva,

Virendra KumarAuthors Info & Claims

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 417 - 426

https://doi.org/10.1145/1455770.1455823

Published: 27 October 2008 Publication History

Abstract

Identity-based encryption (IBE) is an exciting alternative to public-key encryption, as IBE eliminates the need for a Public Key Infrastructure (PKI). The senders using an IBE do not need to look up the public keys and the corresponding certificates of the receivers, the identities (e.g. emails or IP addresses) of the latter are sufficient to encrypt. Any setting, PKI- or identity-based, must provide a means to revoke users from the system. Efficient revocation is a well-studied problem in the traditional PKI setting. However in the setting of IBE, there has been little work on studying the revocation mechanisms. The most practical solution requires the senders to also use time periods when encrypting, and all the receivers (regardless of whether their keys have been compromised or not) to update their private keys regularly by contacting the trusted authority. We note that this solution does not scale well -- as the number of users increases, the work on key updates becomes a bottleneck. We propose an IBE scheme that significantly improves key-update efficiency on the side of the trusted party (from linear to logarithmic in the number of users), while staying efficient for the users. Our scheme builds on the ideas of the Fuzzy IBE primitive and binary tree data structure, and is provably secure.

References

[1]

W. Aiello, S. Lodha, and R. Ostrovsky. Fast digital identity revocation (extended abstract). In CRYPTO, pages 137--152, 1998.

Digital Library

[2]

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security, pages 62--73, 1993.

Digital Library

[3]

A. Boldyreva, V. Goyal, and V. Kumar. Identity-based encryption with efficient revocation. Full version of this paper. Available from http://www.cc.gatech.edu/ aboldyre/publications.html, 2008.

[4]

D. Boneh and X. Boyen. Efficient selective-ID secure identity-based encryption without random oracles. In EUROCRYPT, pages 223---238, 2004.

[5]

D. Boneh, R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. SIAM J. Comput., 36(5):1301--1328, 2006.

Digital Library

[6]

D. Boneh, X. Ding, G. Tsudik, and M. Wong. A method for fast revocation of public key certificates and security capabilities. In USENIX Security Symposium, pages 22--22, 2001.

Digital Library

[7]

D. Boneh and M. K. Franklin. Identity-based encryption from the Weil pairing. In CRYPTO, pages 213--229, 2001.

Digital Library

[8]

R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. In EUROCRYPT, pages 207--222, 2004.

[9]

Ran Canetti, Shai Halevi, and Jonathan Katz. A forward-secure public-key encryption scheme. In EUROCRYPT, pages 255--271, 2003.

Digital Library

[10]

E. Fujisaki and T. Okamoto. How to enhance the security of public-key encryption at minimum cost. In Public Key Cryptography, pages 53--68, 1999.

[11]

E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In CRYPTO, pages 537--554, 1999.

Digital Library

[12]

Craig Gentry. Certificate-based encryption and the certificate revocation problem. In EUROCRYPT, pages 272--293, 2003.

Digital Library

[13]

V. Goyal. Certificate revocation using fine grained certificate space partitioning. In Financial Cryptography, pages 247--259. Springer, 2007.

Digital Library

[14]

V. Goyal. Reducing trust in the PKG in identity based cryptosystems. In CRYPTO, pages 430--447, 2007.

Digital Library

[15]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In ACM Conference on Computer and Communications Security, pages 89--98, 2006.

Digital Library

[16]

Y. Hanaoka, G. Hanaoka, J. Shikata, and H. Imai. Identity-based hierarchical strongly key-insulated encryption and its application. In ASIACRYPT, pages 495--514, 2005.

Digital Library

[17]

T. Kitagawa, P. Yang, G. Hanaoka, R. Zhang, H. Watanabe,K. Matsuura, and H. Imai. Generic transforms to acquire CCA-security for identity based encryption: The cases of FOpkc and REACT. In ACISP, pages 348--359, 2006.

Digital Library

[18]

B. Libert and J.-J. Quisquater. Efficient revocation and threshold pairing based cryptosystems. In PODC, pages 163--171, 2003.

Digital Library

[19]

S. Micali. Efficient certificate revocation. Technical Report MIT/LCS/TM-542b, 1996.

[20]

S. Micali. Novomodo: Scalable certificate validation and simplified PKI management. In PKI Research Workshop, 2002.

[21]

D. Naor, M. Naor, and J. Lotspiech. Revocation and tracing schemes for stateless receivers. In CRYPTO, 2002.

Digital Library

[22]

M. Naor and K. Nissim. Certificate revocation and certificate update. In USENIX Security Symposium, 1998.

Digital Library

[23]

M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In ACM Conference on Computer and Communications Security, pages 99--112, 2006.

Digital Library

[24]

A. Sahai and B. Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005.

Digital Library

[25]

A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984.

Digital Library

[26]

B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005.

Digital Library

[27]

P. Yang, T. Kitagawa, G. Hanaoka, R. Zhang, K. Matsuura, andH. Imai. Applying Fujisaki-Okamoto to identity-based encryption. In AAECC, pages 183--192, 2006.

Digital Library

Cited By

Comb MMartin A(2024)Mining digital identity insights: patent analysis using NLPEURASIP Journal on Information Security10.1186/s13635-024-00172-52024:1Online publication date: 3-Jul-2024
https://doi.org/10.1186/s13635-024-00172-5
Chai BYu JYan BYu YWang S(2024)BSCDA: Blockchain-Based Secure Cross-Domain Data Access Scheme for Internet of ThingsIEEE Transactions on Network and Service Management10.1109/TNSM.2024.338577721:4(4006-4023)Online publication date: Aug-2024
https://doi.org/10.1109/TNSM.2024.3385777
Li CChen RWang YXing QWang B(2024)REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3353811(1-18)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3353811
Show More Cited By

Index Terms

Identity-based encryption with efficient revocation

Recommendations

Adaptive-ID Secure Revocable Identity-Based Encryption
CT-RSA '09: Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology

Identity-Based Encryption (IBE) offers an interesting alternative to PKI-enabled encryption as it eliminates the need for digital certificates. While revocation has been thoroughly studied in PKIs, few revocation mechanisms are known in the IBE setting. ...
Unbounded Hierarchical Identity-Based Encryption with Efficient Revocation
WISA 2015: Revised Selected Papers of the 16th International Workshop on Information Security Applications - Volume 9503

Hierarchical identity-based encryption HIBE is an extension of identity-based encryption IBE where an identity of a user is organized as a hierarchical structure and a user can delegate the private key generation to another user. Providing a revocation ...
On the security of a strong provably secure identity-based encryption scheme without bilinear pairing

The identity-based encryption scheme enables a sender to generate the ciphertext using a receiver's identity and system's parameters. Because of its convenience, the identity-based encryption scheme has been widely used in many practical applications. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

590 pages

ISBN:9781595938107

DOI:10.1145/1455770

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27 - 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

410
Total Citations
View Citations
2,718
Total Downloads

Downloads (Last 12 months)175
Downloads (Last 6 weeks)10

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Comb MMartin A(2024)Mining digital identity insights: patent analysis using NLPEURASIP Journal on Information Security10.1186/s13635-024-00172-52024:1Online publication date: 3-Jul-2024
https://doi.org/10.1186/s13635-024-00172-5
Chai BYu JYan BYu YWang S(2024)BSCDA: Blockchain-Based Secure Cross-Domain Data Access Scheme for Internet of ThingsIEEE Transactions on Network and Service Management10.1109/TNSM.2024.338577721:4(4006-4023)Online publication date: Aug-2024
https://doi.org/10.1109/TNSM.2024.3385777
Li CChen RWang YXing QWang B(2024)REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3353811(1-18)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3353811
Zhang LXie SWu QRezaeibagha F(2024)Enhanced Secure Attribute-Based Dynamic Data Sharing Scheme With Efficient Access Policy Hiding and Policy Updating for IoMTIEEE Internet of Things Journal10.1109/JIOT.2024.339973411:16(27435-27447)Online publication date: 15-Aug-2024
https://doi.org/10.1109/JIOT.2024.3399734
Chen SLi JZhang YHan J(2024)Efficient Revocable Attribute-Based Encryption With Verifiable Data IntegrityIEEE Internet of Things Journal10.1109/JIOT.2023.332599611:6(10441-10451)Online publication date: 15-Mar-2024
https://doi.org/10.1109/JIOT.2023.3325996
Cui HYi X(2024)Secure Internet of Things in Cloud Computing via Puncturable Attribute-Based Encryption With User RevocationIEEE Internet of Things Journal10.1109/JIOT.2023.329799711:2(3662-3670)Online publication date: 15-Jan-2024
https://doi.org/10.1109/JIOT.2023.3297997
Zhang LLi XWu QRezaeibagha F(2024)Blockchain-Aided Anonymous Traceable and Revocable Access Control Scheme With Dynamic Policy Updating for the Cloud IoTIEEE Internet of Things Journal10.1109/JIOT.2023.328719011:1(526-542)Online publication date: 1-Jan-2024
https://doi.org/10.1109/JIOT.2023.3287190
Liang XLiu YNing J(2024)An Access Control Scheme With Privacy-Preserving Authentication and Flexible Revocation for Smart HealthcareIEEE Journal of Biomedical and Health Informatics10.1109/JBHI.2024.339121828:6(3269-3278)Online publication date: Jun-2024
https://doi.org/10.1109/JBHI.2024.3391218
Moy MHylton AKassouf-Short RCleveland JHwang JCurry JRonnenberg MLopez MChiriac O(2024)A Proposed Clock Synchronization Method for the Solar System Internet2024 IEEE Aerospace Conference10.1109/AERO58975.2024.10521325(1-17)Online publication date: 2-Mar-2024
https://doi.org/10.1109/AERO58975.2024.10521325
Singamaneni KMuhammad GAli Z(2024)A Novel Quantum Hash-Based Attribute-Based Encryption Approach for Secure Data Integrity and Access Control in Mobile Edge Computing-Enabled Customer Behavior AnalysisIEEE Access10.1109/ACCESS.2024.337364812(37378-37397)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3373648
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents