## Towards hierarchical identity-based encryption (2002)

### Cached

### Download Links

Venue: | In Proceedings of Asiacrypt 2002, LNCS 2501 |

Citations: | 115 - 0 self |

### BibTeX

@INPROCEEDINGS{Horwitz02towardshierarchical,

author = {Jeremy Horwitz and Ben Lynn},

title = {Towards hierarchical identity-based encryption},

booktitle = {In Proceedings of Asiacrypt 2002, LNCS 2501},

year = {2002},

pages = {466--481},

publisher = {SpringerVerlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. We introduce the concept of hierarchical identity-based encryption (HIBE) schemes, give precise definitions of their security and mention some applications. A two-level HIBE (2-HIBE) scheme consists of a root private key generator (PKG), domain PKGs and users, all of which are associated with primitive IDs (PIDs) that are arbitrary strings. A user’s public key consists of their PID and their domain’s PID (in whole called an address). In a regular IBE (which corresponds to a 1-HIBE) scheme, there is only one PKG that distributes private keys to each user (whose public keys are their PID). In a 2-HIBE, users retrieve their private key from their domain PKG. Domain PKGs can compute the private key of any user in their domain, provided they have previously requested their domain secret key from the root PKG (who possesses a master secret). We can go beyond two levels by adding subdomains, subsubdomains, and so on. We present a two-level system with total collusion resistance at the upper (domain) level and partial collusion resistance at the lower (user) level, which has chosen-ciphertext security in the random-oracle model. 1

### Citations

796 |
Identity-based Cryptosystems and Signature Schemes
- Shamir
- 1984
(Show Context)
Citation Context ...ollusion resistance at the lower (user) level, which has chosen-ciphertext security in the random-oracle model. 1 Introduction Shamir asked for an identity-based encryption (IBE) cryptosystem in 1984 =-=[9]-=-, but a fully-functional IBE scheme was not found until recent work by Boneh and Franklin [1] and Cocks [4]. Recall that an IBE scheme is a public-key cryptosystem where any arbitrary string is a vali... |

597 | Short signature from the Weil pairing - Boneh, Lynn, et al. - 2001 |

282 |
A One Round Protocol for Tripartite Diffie-Hellman
- Joux
- 2000
(Show Context)
Citation Context ...n the Weil pairing. (In their construction, G1 is a group of points on a certain elliptic curve and G2 is a certain subgroup of F × p 2, for some prime p.) This assumption was implicitly used by Joux =-=[7]-=- to build a one-round threeparty Diffie-Hellman protocol. Other constructions also require the BDH assumption ([8, 10, 11]). Additionally, a bilinear function is needed in a recently described short s... |

232 |
Identity based encryption from the Weil pairing
- Boneh, Franklin
(Show Context)
Citation Context ...ndom-oracle model. 1 Introduction Shamir asked for an identity-based encryption (IBE) cryptosystem in 1984 [9], but a fully-functional IBE scheme was not found until recent work by Boneh and Franklin =-=[1]-=- and Cocks [4]. Recall that an IBE scheme is a public-key cryptosystem where any arbitrary string is a valid public key. The corresponding private keys must be computed by a trusted third party called... |

193 | Cryptosystems based on pairing - Sakai, Ohgishi, et al. - 2000 |

181 | Secure Integration of Asymmetric and Symmetric Encryption Schemes
- Fujisaki, Okamoto
- 1999
(Show Context)
Citation Context ...ms, N = 〈S, T 〉, a ciphertext C = 〈g r , V 〉, and a user’s private key k := mk 〈S,T 〉 ∈ G1. Output: M = V ⊕ H3(e(k, g r )). It can be shown that this scheme is ID-OWE. By applying the FujisakiOkamoto =-=[6]-=- transformation, we obtain a scheme which is ID-CCA. Though finding a linear e-one-way function h remains an open problem, we are able to construct an h such that the linear e-one-way problem for a fi... |

162 |
Information technology - Open Systems Interconnection - Systems management overview
- ISOIEC
- 1998
(Show Context)
Citation Context ...key infrastructure associated with standard publickey cryptosystems also includes a trusted third party (in the form of a root certificate authority) and allows a hierarchy of certificate authorities =-=[12]-=-: the root certificate authority can issue certificates for other certificate authorities, who in turn can issue certificates for users in their respective domains. The original system of Boneh and Fr... |

122 | On the exact security of full domain hash
- Coron
- 2000
(Show Context)
Citation Context ..., is essentially as strong as an arbitrary attacker A. We do so in a manner similar to that used in the analysis of the Boneh-Franklin scheme [1], which is itself partly based on a technique of Coron =-=[5]-=-. In Lemma 2, we define the Bilinear Polynomial DiffieHellman (BPDH) game, and give a reduction from the attack by the B described above to an attack by (an attacker) C on the BPDH game. Lastly we pro... |

82 | Evidence that XTR is more secure than supersingular elliptic curve cryptosystems
- Verheul
(Show Context)
Citation Context ...n subgroup of F × p 2, for some prime p.) This assumption was implicitly used by Joux [7] to build a one-round threeparty Diffie-Hellman protocol. Other constructions also require the BDH assumption (=-=[8, 10, 11]-=-). Additionally, a bilinear function is needed in a recently described short signature scheme [3]. 3.2 A Game Transformation The BDH assumption is closely tied to the CDH assumption. Recall that the C... |

51 | Self-blindable credential certificates from the weil pairing
- Verheul
- 2001
(Show Context)
Citation Context ...n subgroup of F × p 2, for some prime p.) This assumption was implicitly used by Joux [7] to build a one-round threeparty Diffie-Hellman protocol. Other constructions also require the BDH assumption (=-=[8, 10, 11]-=-). Additionally, a bilinear function is needed in a recently described short signature scheme [3]. 3.2 A Game Transformation The BDH assumption is closely tied to the CDH assumption. Recall that the C... |

42 | A one round protocol for tripartite Die-Hellman - Joux - 2000 |

9 | Identity Based Encryption from the Weil Pairing”, Cryptology ePrint Archive, Report 2001/090 - Boneh, Franklin - 2001 |

6 | Self-Blindable Credential Certi from the Weil Pairing - Verheul - 2001 |

3 | Identity Based Encryption from the Weil Pairing", Cryptology ePrint Archive, Report 2001/090 - Boneh, Franklin - 2001 |

3 | An Identity Based Encryption Based on Quadratic Residues - Cocks - 2002 |

1 |
An Identity Based Encryption Based on
- Cocks
- 2002
(Show Context)
Citation Context ...del. 1 Introduction Shamir asked for an identity-based encryption (IBE) cryptosystem in 1984 [9], but a fully-functional IBE scheme was not found until recent work by Boneh and Franklin [1] and Cocks =-=[4]-=-. Recall that an IBE scheme is a public-key cryptosystem where any arbitrary string is a valid public key. The corresponding private keys must be computed by a trusted third party called the private k... |