This invention relates to cryptographic systems, and more particularly, to identity-based-encryption (IBE) systems with improved encryption efficiency.
It is often desirable to encrypt sensitive electronic communications such as email messages. With symmetric key cryptographic arrangements, the sender of a message uses the same key to encrypt the message that the recipient of the message uses to decrypt the message. Symmetric key systems require that each sender and recipient exchange a shared key in a secure manner.
With public key cryptographic systems, two types of keys are used—public keys and private keys. Senders may encrypt messages using the public keys of recipients. Each recipient has a private key that is used to decrypt the messages for that recipient.
To ensure the authenticity of the public keys in traditional public key systems and thereby defeat possible man-in-the-middle attacks, public keys may be provided to senders with a certificate signed by a trusted certificate authority. The certificate may be used to verify that the public key belongs to the intended recipient of the sender's message. Public key encryption systems that use this type of traditional approach are said to use the public key infrastructure (PKI) and are referred to as PKI cryptographic systems.
Identity-based-encryption (IBE) public key cryptographic systems have also been proposed. As with PKI cryptographic systems, a sender in an IBE system may encrypt a message for a given recipient using the recipient's public key. The recipient may then decrypt the message using the recipient's corresponding private key. The recipient can obtain the private key from an IBE private key generator.
Unlike PKI schemes, IBE schemes generally do not require the sender to look up the recipient's public key. Rather, a sender in an IBE system may generate a given recipient's IBE public key based on known rules. For example, a message recipient's email address or other identity-based information may be used as the recipient's public key, so that a sender may create the IBE public key of a recipient by simply determining the recipient's email address.
One IBE scheme that has been proposed is the so-called Boneh-Franklin (BF) scheme. The BF IBE scheme uses bilinear mappings during both encryption and decryption operations. Although the BF scheme is efficient in terms of time and bandwidth, encryption and decryption operations can take longer than corresponding operations in conventional PKI schemes.
It would therefore be desirable to be able to provide IBE schemes with improved efficiency.