In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Jong Hwan PARK, Dong Hoon LEE, "Security Analysis of a Multi-Receiver Identity-Based Key Encapsulation Mechanism" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 1, pp. 329-331, January 2009, doi: 10.1587/transfun.E92.A.329.
Abstract: In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.329/_p
Copy
@ARTICLE{e92-a_1_329,
author={Jong Hwan PARK, Dong Hoon LEE, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Security Analysis of a Multi-Receiver Identity-Based Key Encapsulation Mechanism},
year={2009},
volume={E92-A},
number={1},
pages={329-331},
abstract={In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.},
keywords={},
doi={10.1587/transfun.E92.A.329},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Security Analysis of a Multi-Receiver Identity-Based Key Encapsulation Mechanism
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 329
EP - 331
AU - Jong Hwan PARK
AU - Dong Hoon LEE
PY - 2009
DO - 10.1587/transfun.E92.A.329
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2009
AB - In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.
ER -