Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A course in computational algebraic number theory
A course in computational algebraic number theory
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
An Identity Based Encryption Scheme Based on Quadratic Residues
Proceedings of the 8th IMA International Conference on Cryptography and Coding
Efficient solution of rational conics
Mathematics of Computation
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Space-Efficient Identity Based EncryptionWithout Pairings
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
Generic Constructions of Identity-Based and Certificateless KEMs
Journal of Cryptology
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Practical identity-based encryption without random oracles
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
In 2001, Cocks presented an elegent Identity Based Encryption (IBE) system based on standard quadratic residuocity problem modulo an RSA composite N. This is the first IBE system that does not use pairings on elliptic curves. Cocks’ IBE, however, requires 2ℓ elements of ℤ/Nℤ and 2ℓ additional bits for an ℓ-bit plaintext. At FOCS’07, Boneh-Gentry-Hamburg (BGH) presented a space-efficient IBE system without pairings thus solving a long standing open problem. The ciphertext length was reduced to just a single element of ℤ/Nℤ plus ℓ + 1 additional bits. However, the encryption time of the concrete instantiation of their IBE is not ideal. The encryptor must solve ℓ + 1 equations of the form $RX^2+SY^2=1\bmod N$ given R,S ∈ ℤ/Nℤ; while the decryptor needs a solution of ℓ of these equations. Solving such equations seems to be the main bottleneck. In this paper we first show that the encryptor can find a random solution to an equation of the above type using only one inversion in ℤ/Nℤ. We then present a variant of the concrete instantiation of “BasicIBE” of BGH where (1) the private key consists of a single element of ℤ/Nℤ instead of ℓ elements; (2) the encryptor needs to solve only $2\lceil \sqrt{\ell}\rceil$ equations of the form $Rx^2+Sy^2=1\bmod N$; (3) the decryptor can decrypt without solving any such equations and (4) the ciphertext size increases from a single element of ℤ/Nℤ to $2\lceil \sqrt{\ell}\rceil$ elements of ℤ/Nℤ.