International Association for Cryptologic Research (IACR)
Abstract
We describe a practical identity-based encryption scheme that is secure in the standard model against chosen-ciphertext (CCA2) attacks. Security is based on an assumption comparable to (but slightly stronger than) Bilinear Decisonal Diffie-Hellman (BDDH).
A comparison shows that our construction outperforms all known identity-based encryption schemes in the standard model and its performance is even comparable with the one from the random-oracle based Boneh/Franklin IBE scheme.
Our proposed IBE scheme has furthermore the property that it fulfills some notion of ``redundancy-freeness , i.e. the encryption algorithm is not only a probabilistic injection but also a surjection. As a consequence the ciphertext overhead is nearly optimal: to encrypt k bit messages for k bit identities and with k bit randomness we get 3k bit ciphertexts to guarantee (roughly) k bits of security