# Fuzzy identity-based encryption

Lecture Notes in Computer Science, Volume 2004, 2005, Pages 457-473.

EI

Keywords:

biometric inputfuzzy identity-based encryptionselective-id security modelfuzzy ibe schemebiometric identityMore(17+)

Weibo:

Abstract:

We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ ...More

Code:

Data:

Introduction

- One common feature of all previous Identity-Based Encryption systems is that they view identities as a string of characters.
- The error-tolerance property of Fuzzy-IBE allows for a private key to decrypt a ciphertext encrypted with a slightly different measurement of the same biometric.
- The authors define the Selective-ID models of security for Fuzzy Identity Based Encryption.

Highlights

- One common feature of all previous Identity-Based Encryption systems is that they view identities as a string of characters
- In this paper we propose a new type of Identity-Based Encryption that we call Fuzzy Identity-Based Encryption in which we view identities as a set of descriptive attributes
- We introduced the concept of Fuzzy Identity Based Encryption, which allows for error-tolerance between the identity of a private key and the public key used to encrypt a ciphertext
- We described two practical applications of Fuzzy-Identity-Based Encryption (IBE) of encryption using biometrics and attribute-based encryption
- We presented our construction of a Fuzzy IBE scheme that uses set overlap as the distance metric between identities
- The first is whether it is possible to create a Fuzzy IBE scheme where the attributes come from multiple authorities

Results

- If an adversary can break the scheme in the Fuzzy Selective ID Model, a simulator can be constructed to play the Decisional MBDH game with a non-negligible advantage.
- As shown in the construction the simulator’s generation of public parameters and private keys is identical to that of the actual scheme.
- The authors describe a second scheme which uses all elements of Zp∗ as the universe, yet the public parameters only grow linearly in a parameter n, which the authors fix as the maximum size identity the authors can encrypt to.
- The key feature of the scheme is that the number of group elements in the public parameters only grows linearly with, n, the maximum number of attributes that can describe an encryption identity.
- The number of group elements that compose a user’s private key grow linearly with the number of attributes associated with her identity.
- If an adversary can break the scheme in the Fuzzy Selective ID Model, a simulator can be constructed to play the Decisional BDH game with a non-negligible advantage.
- Init B will run A and receive the challenge identity, α, an n element set of members of Zp. Setup The simulator assigns the public parameters g1 = A and g2 = B.
- The distribution of the private key for γ is identical to that of the original scheme since the choices of λi induce a random d − 1 degree polynomial and the construction of the private keys components di and Di. Challenge The adversary, A, will submit two challenge messages M1 and M0 to the simulator.
- The authors introduced the concept of Fuzzy Identity Based Encryption, which allows for error-tolerance between the identity of a private key and the public key used to encrypt a ciphertext.
- The authors presented the construction of a Fuzzy IBE scheme that uses set overlap as the distance metric between identities.

Conclusion

- A Fuzzy-IBE scheme that hides the public key that was used to encrypt the ciphertext [1] is intriguing.
- (The authors note a Hamming-distance construction can be built using the techniques.) An open problem is to build other Fuzzy-IBE schemes that use different distance metrics between identities.
- The authors' scheme uses set-overlap as a similarity measure between identities. (The authors note a Hamming-distance construction can be built using the techniques.) An open problem is to build other Fuzzy-IBE schemes that use different distance metrics between identities

Summary

- One common feature of all previous Identity-Based Encryption systems is that they view identities as a string of characters.
- The error-tolerance property of Fuzzy-IBE allows for a private key to decrypt a ciphertext encrypted with a slightly different measurement of the same biometric.
- The authors define the Selective-ID models of security for Fuzzy Identity Based Encryption.
- If an adversary can break the scheme in the Fuzzy Selective ID Model, a simulator can be constructed to play the Decisional MBDH game with a non-negligible advantage.
- As shown in the construction the simulator’s generation of public parameters and private keys is identical to that of the actual scheme.
- The authors describe a second scheme which uses all elements of Zp∗ as the universe, yet the public parameters only grow linearly in a parameter n, which the authors fix as the maximum size identity the authors can encrypt to.
- The key feature of the scheme is that the number of group elements in the public parameters only grows linearly with, n, the maximum number of attributes that can describe an encryption identity.
- The number of group elements that compose a user’s private key grow linearly with the number of attributes associated with her identity.
- If an adversary can break the scheme in the Fuzzy Selective ID Model, a simulator can be constructed to play the Decisional BDH game with a non-negligible advantage.
- Init B will run A and receive the challenge identity, α, an n element set of members of Zp. Setup The simulator assigns the public parameters g1 = A and g2 = B.
- The distribution of the private key for γ is identical to that of the original scheme since the choices of λi induce a random d − 1 degree polynomial and the construction of the private keys components di and Di. Challenge The adversary, A, will submit two challenge messages M1 and M0 to the simulator.
- The authors introduced the concept of Fuzzy Identity Based Encryption, which allows for error-tolerance between the identity of a private key and the public key used to encrypt a ciphertext.
- The authors presented the construction of a Fuzzy IBE scheme that uses set overlap as the distance metric between identities.
- A Fuzzy-IBE scheme that hides the public key that was used to encrypt the ciphertext [1] is intriguing.
- (The authors note a Hamming-distance construction can be built using the techniques.) An open problem is to build other Fuzzy-IBE schemes that use different distance metrics between identities.
- The authors' scheme uses set-overlap as a similarity measure between identities. (The authors note a Hamming-distance construction can be built using the techniques.) An open problem is to build other Fuzzy-IBE schemes that use different distance metrics between identities

Related work

- Identity-Based Encryption Shamir [15] first proposed the concept of Identity-Based Encryption. However, it wasn’t until much later that Boneh and Franklin [3] presented the first IdentityBased Encryption scheme that was both practical and secure. Their solution made novel use of groups for which there was an efficiently computable bilinear map.

Canetti et al [5] proposed the first construction for IBE that was provably secure outside the random oracle model. To prove security they described a slightly weaker model of security known as the Selective-ID model, in which the adversary declares which identity he will attack before the global public parameters are generated. Boneh and Boyen [2] give two schemes with improved efficiency and prove security in the Selective-ID model without random oracles.

Reference

- Mihir Bellare, Alexandra Boldyreva, Anand Desai, and D. Pointcheval. Key-privacy in publickey encryption. Lecture Notes in Computer Science, 2248, 2001.
- Dan Boneh and Xavier Boyen. Efficient selective-id secure identity based encryption without random oracles. In Proceedings of the International Conference on Advances in Cryptology (EUROCRYPT ’04), Lecture Notes in Computer Science. Springer Verlag, 2004.
- Dan Boneh and Matthew K. Franklin. Identity-based encryption from the Weil pairing. In Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, pages 213–229. Springer-Verlag, 2001.
- Xavier Boyen. Reusable cryptographic fuzzy extractors. In ACM Conference on Computer and Communications Security—CCS 2004, 2004.
- Ran Canetti, Shai Halevi, and Jonathan Katz. A forward-secure public-key encryption scheme. In Proceedings of Eurocrypt 2003. Springer-Verlag, 2003.
- G.I. Davida, Y. Frankel, and B.J. Matt. On enabling secure applications through off-line biometric identification. In IEEE Symposium on Privacy and Security, 1998.
- Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate string keys from biometrics and other noisy data. In Proceedings of the International Conference on Advances in Cryptology (EUROCRYPT ’04), Lecture Notes in Computer Science. Springer Verlag, 2004.
- Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pages 537–554. Springer-Verlag, 1999.
- Ari Juels and Martin Wattenberg. A fuzzy commitment scheme. In Proceedings of the 6th ACM conference on Computer and communications security, pages 28–36. ACM Press, 1999.
- Fabian Monrose, Michael K. Reiter, Q. (Peter) Li, Daniel Lopresti, and Chilin Shih. Towards voice generated cryptographic keys on resource constrained devices. In Proceedings of the 11th USENIX Security Symposium, 2002.
- Fabian Monrose, Michael K. Reiter, Q. (Peter) Li, and Susanne Wetzel. Cryptographic key generation from voice. In Proceedings of the IEEE Conference on Security and Privacy, 2001.
- Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM conference on Computer and communications security, pages 73–82. ACM Press, 1999.
- Amit Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In In Proceedings of 40 IEEE Symp. on Foundations of Computer Science, 1999.
- Adi Shamir. How to share a secret. Communications. ACM, 22(11):612–613, 1979.
- Adi Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on Advances in cryptology, pages 47–53. Springer-Verlag New York, Inc., 1985.
- Brent Waters. Efficient identity based encryption without random oracles. In To Appear in Proceedings Eurocrypt 2005, 2005.
- Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya. Id-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In ACM Conference on Computer and Communications Security—CCS 2004, 2004.

Best Paper

Best Paper of CRYPTO, 2005Best Paper of EUROCRYPT, 2005

Tags

Comments