A Variant of Boneh-Gentry-Hamburg's Pairing-Free Identity Based Encryption Scheme

  • Authors:

  • Mahabir Prasad Jhanwar;Rana Barua

  • Affiliations:

  • Stat-Math Unit, Indian Statistical Institute, Kolkata, India;Stat-Math Unit, Indian Statistical Institute, Kolkata, India

  • Venue:
  • Information Security and Cryptology
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

In 2001, Cocks presented an elegent Identity Based Encryption (IBE) system based on standard quadratic residuocity problem modulo an RSA composite N. This is the first IBE system that does not use pairings on elliptic curves. Cocks’ IBE, however, requires 2ℓ elements of ℤ/Nℤ and 2ℓ additional bits for an ℓ-bit plaintext. At FOCS’07, Boneh-Gentry-Hamburg (BGH) presented a space-efficient IBE system without pairings thus solving a long standing open problem. The ciphertext length was reduced to just a single element of ℤ/Nℤ plus ℓ + 1 additional bits. However, the encryption time of the concrete instantiation of their IBE is not ideal. The encryptor must solve ℓ + 1 equations of the form $RX^2+SY^2=1\bmod N$ given R,S ∈ ℤ/Nℤ; while the decryptor needs a solution of ℓ of these equations. Solving such equations seems to be the main bottleneck. In this paper we first show that the encryptor can find a random solution to an equation of the above type using only one inversion in ℤ/Nℤ. We then present a variant of the concrete instantiation of “BasicIBE” of BGH where (1) the private key consists of a single element of ℤ/Nℤ instead of ℓ elements; (2) the encryptor needs to solve only $2\lceil \sqrt{\ell}\rceil$ equations of the form $Rx^2+Sy^2=1\bmod N$; (3) the decryptor can decrypt without solving any such equations and (4) the ciphertext size increases from a single element of ℤ/Nℤ to $2\lceil \sqrt{\ell}\rceil$ elements of ℤ/Nℤ.