Cryptanalysis of Chatterjee-Sarkar hierarchical identity-based encryption scheme at PKC 06

Jong Hwan Park, Dong Hoon Lee

Research output: Contribution to journalArticle

Abstract

In 2006, Chatterjee and Sarkar proposed a hierarchical identity-based encryption (HIBE) scheme which can support an unbounded number of identity levels. This property is particularly useful in providing forward secrecy by embedding time components within hierarchical identities. In this paper we show that their scheme does not provide the claimed property. Our analysis shows that if the number of identity levels becomes larger than the value of a fixed public parameter, an unintended receiver can reconstruct a new valid ciphertext and decrypt the ciphertext using his or her own private key. The analysis is similarly applied to a multi-receiver identity-based encryption scheme presented as an application of Chatterjee and Sarkar's HIBE scheme.

Original languageEnglish
Pages (from-to)1724-1726
Number of pages3
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE92-A
Issue number7
DOIs
Publication statusPublished - 2009 Dec 1

Fingerprint

Protein Kinase C
Identity-based Encryption
Cryptanalysis
Cryptography
Receiver
Valid

Keywords

  • Bilinear pairing
  • Hierarchical identity-based encryption
  • Unbounded delegation

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Graphics and Computer-Aided Design
  • Applied Mathematics
  • Signal Processing

Cite this

@article{b43be53f85c94d0b97f28201d0171661,
title = "Cryptanalysis of Chatterjee-Sarkar hierarchical identity-based encryption scheme at PKC 06",
abstract = "In 2006, Chatterjee and Sarkar proposed a hierarchical identity-based encryption (HIBE) scheme which can support an unbounded number of identity levels. This property is particularly useful in providing forward secrecy by embedding time components within hierarchical identities. In this paper we show that their scheme does not provide the claimed property. Our analysis shows that if the number of identity levels becomes larger than the value of a fixed public parameter, an unintended receiver can reconstruct a new valid ciphertext and decrypt the ciphertext using his or her own private key. The analysis is similarly applied to a multi-receiver identity-based encryption scheme presented as an application of Chatterjee and Sarkar's HIBE scheme.",
keywords = "Bilinear pairing, Hierarchical identity-based encryption, Unbounded delegation",
author = "Park, {Jong Hwan} and Lee, {Dong Hoon}",
year = "2009",
month = "12",
day = "1",
doi = "10.1587/transfun.E92.A.1724",
language = "English",
volume = "E92-A",
pages = "1724--1726",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "7",

}

TY - JOUR

T1 - Cryptanalysis of Chatterjee-Sarkar hierarchical identity-based encryption scheme at PKC 06

AU - Park, Jong Hwan

AU - Lee, Dong Hoon

PY - 2009/12/1

Y1 - 2009/12/1

N2 - In 2006, Chatterjee and Sarkar proposed a hierarchical identity-based encryption (HIBE) scheme which can support an unbounded number of identity levels. This property is particularly useful in providing forward secrecy by embedding time components within hierarchical identities. In this paper we show that their scheme does not provide the claimed property. Our analysis shows that if the number of identity levels becomes larger than the value of a fixed public parameter, an unintended receiver can reconstruct a new valid ciphertext and decrypt the ciphertext using his or her own private key. The analysis is similarly applied to a multi-receiver identity-based encryption scheme presented as an application of Chatterjee and Sarkar's HIBE scheme.

AB - In 2006, Chatterjee and Sarkar proposed a hierarchical identity-based encryption (HIBE) scheme which can support an unbounded number of identity levels. This property is particularly useful in providing forward secrecy by embedding time components within hierarchical identities. In this paper we show that their scheme does not provide the claimed property. Our analysis shows that if the number of identity levels becomes larger than the value of a fixed public parameter, an unintended receiver can reconstruct a new valid ciphertext and decrypt the ciphertext using his or her own private key. The analysis is similarly applied to a multi-receiver identity-based encryption scheme presented as an application of Chatterjee and Sarkar's HIBE scheme.

KW - Bilinear pairing

KW - Hierarchical identity-based encryption

KW - Unbounded delegation

UR - http://www.scopus.com/inward/record.url?scp=84884254517&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84884254517&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.1724

DO - 10.1587/transfun.E92.A.1724

M3 - Article

AN - SCOPUS:84884254517

VL - E92-A

SP - 1724

EP - 1726

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 7

ER -