International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Direct Chosen Ciphertext Security from Identity-Based Techniques

Xavier Boyen
Qixiang Mei
Brent Waters
Search ePrint
Search Google
Abstract: We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very efficient Identity-Based Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters. Unlike previous CCA2-secure cryptosystems that use IBE as a black box, our approach is endogenous, very simple, and compact. It makes direct use of the underlying IBE structure, and requires no cryptographic primitive other than the IBE scheme itself. This conveys several advantages. We achieve shorter ciphertext size than the best known instantiations of the other methods, and our technique is as efficient as the Boneh and Katz method (and more so than that of Canetti, Halevi, and Katz). Further, our method operates nicely on hierarchical IBE, and since it allows the validity of ciphertexts to be checked publicly, it can be used to construct systems with non-interactive threshold decryption. In this paper we describe two main constructions: a full encryption system based on the Waters adaptive-ID secure IBE, and a KEM based on the Boneh-Boyen selective-ID secure IBE. Both systems are shown CCA2-secure in the standard model, the latter with a tight reduction. We discuss several uses and extensions of our approach, and draw comparisons with other schemes that are provably secure in the standard model.
  title={Direct Chosen Ciphertext Security from Identity-Based Techniques},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / chosen ciphertext security},
  note={An extended abstract is to appear in ACM CCS 2005. 13306 received 26 Aug 2005, last revised 7 Jun 2006},
  author={Xavier Boyen and Qixiang Mei and Brent Waters},