Chosen-ciphertext security from identity-based encryption

Ran Canetti, Shai Halevi, Jonathan Katz

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

Abstract

We propose a simple and efficient construction of a CCAsecure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme. Our construction requires the underlying IBE scheme to satisfy only a relatively "weak" notion of security which is known to be achievable without random oracles; thus, our results provide a new approach for constructing CCA-secure encryption schemes in the standard model. Our approach is quite different from existing ones; in particular, it avoids non-interactive proofs of "well-formedness" which were shown to underlie most previous constructions. Furthermore, applying our conversion to some recently-proposed IBE schemes results in CCA-secure schemes whose efficiency makes them quite practical. Our technique extends to give a simple and reasonably efficient method for securing any binary tree encryption (BTE) scheme against adaptive chosen-ciphertext attacks. This, in turn, yields more efficient CCA-secure hierarchical identity-based and forward-secure encryption schemes in the standard model.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsChristian Cachin, Jan Camenisch
PublisherSpringer Verlag
Pages207-222
Number of pages16
ISBN (Print)3540219358, 9783540219354
DOIs
StatePublished - 2004
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3027
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • Chosen-ciphertext security
  • Forward-secure encryption
  • Identitybased encryption
  • Public-key encryption

Fingerprint

Dive into the research topics of 'Chosen-ciphertext security from identity-based encryption'. Together they form a unique fingerprint.

Cite this