Security analysis of a multi-receiver identity-based key encapsulation mechanism

Jong Hwan Park; Dong Hoon Lee

doi:10.1587/transfun.E92.A.329

Security analysis of a multi-receiver identity-based key encapsulation mechanism

Jong Hwan Park, Dong Hoon Lee

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

Original language	English
Pages (from-to)	329-331
Number of pages	3
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E92-A
Issue number	1
DOIs	https://doi.org/10.1587/transfun.E92.A.329
Publication status	Published - 2009 Jan

Keywords

Identity-based key encapsulation
Key distribution
Multireceiver setting

ASJC Scopus subject areas

Signal Processing
Computer Graphics and Computer-Aided Design
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1587/transfun.E92.A.329

Cite this

@article{58def663eab0479e87f6b53ba9e7dddd,

title = "Security analysis of a multi-receiver identity-based key encapsulation mechanism",

abstract = "In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.",

keywords = "Identity-based key encapsulation, Key distribution, Multireceiver setting",

author = "Park, {Jong Hwan} and Lee, {Dong Hoon}",

year = "2009",

month = jan,

doi = "10.1587/transfun.E92.A.329",

language = "English",

volume = "E92-A",

pages = "329--331",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "1",

}

TY - JOUR

T1 - Security analysis of a multi-receiver identity-based key encapsulation mechanism

AU - Park, Jong Hwan

AU - Lee, Dong Hoon

PY - 2009/1

Y1 - 2009/1

N2 - In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

AB - In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.

KW - Identity-based key encapsulation

KW - Key distribution

KW - Multireceiver setting

UR - http://www.scopus.com/inward/record.url?scp=77952361198&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77952361198&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.329

DO - 10.1587/transfun.E92.A.329

M3 - Article

AN - SCOPUS:77952361198

SN - 0916-8508

VL - E92-A

SP - 329

EP - 331

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

IS - 1

ER -

Security analysis of a multi-receiver identity-based key encapsulation mechanism

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this