Abstract
In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.
| Original language | English |
|---|---|
| Pages (from-to) | 329-331 |
| Number of pages | 3 |
| Journal | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences |
| Volume | E92-A |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 2009 Jan |
Keywords
- Identity-based key encapsulation
- Key distribution
- Multireceiver setting
ASJC Scopus subject areas
- Signal Processing
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering
- Applied Mathematics