This invention relates to cryptographic systems, and more particularly, to identity-based-encryption (IBE) systems with partial attribute matching.
It is often desirable to encrypt sensitive electronic communications such as email messages. With symmetric key cryptographic arrangements, the sender of a message uses the same key to encrypt the message that the recipient of the message uses to decrypt the message. Symmetric key systems require that each sender and recipient exchange a shared key in a secure manner.
With public key cryptographic systems, two types of keys are used—public keys and private keys. Senders may encrypt messages using the public keys of recipients. Each recipient has a private key that is used to decrypt the messages for that recipient.
To ensure the authenticity of the public keys in traditional public key systems and thereby defeat possible man-in-the-middle attacks, public keys may be provided to senders with a certificate signed by a trusted certificate authority. The certificate may be used to verify that the public key belongs to the intended recipient of the sender's message. Public key encryption systems that use this type of traditional approach are said to use the public key infrastructure (PKI) and are referred to as PKI cryptographic systems.
Identity-based-encryption (IBE) public key cryptographic systems have also been proposed. As with PKI cryptographic systems, a sender in an IBE system may encrypt a message for a given recipient using the recipient's public key. The recipient may then decrypt the message using the recipient's corresponding private key. The recipient can obtain the private key from an IBE private key generator.
Unlike PKI schemes, IBE schemes generally do not require the sender to look up the recipient's public key. Rather, a sender in an IBE system may generate a given recipient's IBE public key based on known rules. For example, a message recipient's email address or other identity-based information may be used as the recipient's public key, so that a sender may create the IBE public key of a recipient by simply determining the recipient's email address.
It may be desirable to construct IBE public keys from attributes that represent real-world conditions that the recipient of an IBE-encrypted message needs to satisfy before being permitted to perform decryption operations. When this type of IBE scheme is used, the IBE public keys contain sets of attributes. When a recipient requests an IBE private key from an IBE private key generator, the recipient provides credentials to the IBE private key generator that establish that the recipient properly satisfies the conditions embodied in the attributes. After the IBE private key generator has successfully authenticated the recipient, the IBE private key generator provides the recipient with the requested IBE private key. The recipient may then use the requested IBE private key to perform decryption operations.
As the number of attributes used in an IBE system increases, system complexity grows rapidly with the number of possible combinations of the attributes. It would be desirable to be able to provide an IBE scheme that efficiently scales with increasing attribute complexity and that is flexible enough to handle situations in which a given recipient might not have all of the same attributes that were used during encryption, or might possess additional attributes.