## Identity-based encryption and the generic group model

Cybernetica AS

Thursday, 5 January 2012, 14:00

Cybernetica Bldg (Akadeemia tee 21), room B101

Slides from the talk [pdf]

**Abstract**: Identity-based cryptography does away with the
need to distribute public-key certificates because each party's name
can also serve as his/her public key. Identity-based analogues for
various primitives (encryption, signing, etc.) have been proposed;
their usage may reduce the deployment costs of cryptography in some
scenarios.

A *generic group* is an idealized construct, representing a
group where nothing about the internal representation of the group
elements is known. Group operations and equality checks are the only
possible operations with the elements. Several group-theoretic
hardness assumptions are provably valid in the generic group. In
cryptography, generic group model can be used to provide upper bounds
on security of certain constructions, as well as to prove their
security against *generic* attacks.

In this talk, we provide strong evidence that identity-based
encryption schemes cannot be constructed in the generic group model
(as opposed to the generic bilinear group model). This result sheds
some light on which number-theoretic assumptions may serve as the
basis of the construction of which cryptographic primitives.

Tarmo Uustalu

Last update 5.2.2012