Security analysis of a multi-receiver identity-based key encapsulation mechanism

Jong Hwan Park, Dong Hoon Lee

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

Original languageEnglish
Pages (from-to)329-331
Number of pages3
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE92-A
Issue number1
DOIs
Publication statusPublished - 2009 Jan 1

Fingerprint

Identity-based
Encapsulation
Security Analysis
Cryptography
Receiver
Random Oracle
Encryption
Attack
Model

Keywords

  • Identity-based key encapsulation
  • Key distribution
  • Multireceiver setting

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Graphics and Computer-Aided Design
  • Applied Mathematics
  • Signal Processing

Cite this

@article{58def663eab0479e87f6b53ba9e7dddd,
title = "Security analysis of a multi-receiver identity-based key encapsulation mechanism",
abstract = "In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.",
keywords = "Identity-based key encapsulation, Key distribution, Multireceiver setting",
author = "Park, {Jong Hwan} and Lee, {Dong Hoon}",
year = "2009",
month = "1",
day = "1",
doi = "10.1587/transfun.E92.A.329",
language = "English",
volume = "E92-A",
pages = "329--331",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "1",

}

TY - JOUR

T1 - Security analysis of a multi-receiver identity-based key encapsulation mechanism

AU - Park, Jong Hwan

AU - Lee, Dong Hoon

PY - 2009/1/1

Y1 - 2009/1/1

N2 - In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

AB - In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

KW - Identity-based key encapsulation

KW - Key distribution

KW - Multireceiver setting

UR - http://www.scopus.com/inward/record.url?scp=77952361198&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77952361198&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.329

DO - 10.1587/transfun.E92.A.329

M3 - Article

AN - SCOPUS:77952361198

VL - E92-A

SP - 329

EP - 331

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -