Identity Base Encryption (IBE) scheme is a public-key cryptosystem where any string is a valid public key. In particular, email addresses and dates can be public keys. The IBE email system is based on the first practical IBE scheme. The cryptosystem has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.
The IBE email system has some nice properties such as:
- Senders can send mail to recipients who have not yet setup a public key,
- When sending email there is no need for an online lookup to obtain the recipient’s certificate,
- Senders can send email that can only be read at some specified time in the future, and
- The system proactively refreshes the recipient’s private key every short time period.
Encryption schemes of this type are called Identity Based Encryption (IBE). Shamir’s original motivation for identity-based encryption was to simplify certificate management in e-mail systems. When Alice sends mail to Bob at firstname.lastname@example.org she simply encrypts her message using the public key string “email@example.com”. There is no need for Alice to obtain Bob’s public key certificate. When Bob receives the encrypted mail he contacts a third party, which we call the Private Key Generator (PKG). Bob authenticates himself to the PKG in the same way he would authenticate himself to a CA and obtains his private key from the PKG. Bob can then read his e-mail. Note that unlike the existing secure e-mail infrastructure, Alice can send encrypted mail to Bob even if Bob has not yet setup his public key certificate. However, in this scenario the IBE system provides key escrow since the PKG knows Bob’s private key. In more detail, an IBE scheme consists of four algorithms: (1) Setup generates global system parameters and a master-key, (2) Extract uses the master-key to generate the private key corresponding to an arbitrary public key string ID, (3) Encrypt encrypts messages using the public key ID, and (4) Decrypt decrypts messages using the corresponding private key.
The IBE email system uses a new fully functional identity-based encryption scheme. The performance of the cryptosystem is comparable to the performance of ElGamal encryption. The security of the system is based on a natural analogue of the computational Diffie-Hellman assumption on elliptic curves. Based on this assumption we show that the new system has chosen ciphertext security in the random oracle model. Using standard techniques from threshold cryptography the PKG in the system can be distributed so that the master-key is never available in a single location. This enhances security of the master-key stored at the PKG.