Identity-based encryption and the generic group model

Peeter Laud

Cybernetica AS

Thursday, 5 January 2012, 14:00
Cybernetica Bldg (Akadeemia tee 21), room B101

Slides from the talk [pdf]

Abstract: Identity-based cryptography does away with the need to distribute public-key certificates because each party's name can also serve as his/her public key. Identity-based analogues for various primitives (encryption, signing, etc.) have been proposed; their usage may reduce the deployment costs of cryptography in some scenarios.

A generic group is an idealized construct, representing a group where nothing about the internal representation of the group elements is known. Group operations and equality checks are the only possible operations with the elements. Several group-theoretic hardness assumptions are provably valid in the generic group. In cryptography, generic group model can be used to provide upper bounds on security of certain constructions, as well as to prove their security against generic attacks.

In this talk, we provide strong evidence that identity-based encryption schemes cannot be constructed in the generic group model (as opposed to the generic bilinear group model). This result sheds some light on which number-theoretic assumptions may serve as the basis of the construction of which cryptographic primitives.

Tarmo Uustalu
Last update 5.2.2012