Biometric identity-based encryption (Bio-IBE) is a kind of fuzzy
identity-based encryption (fuzzy IBE) where a ciphertext encrypted under an
identity w' can be decrypted using a secret key corresponding to the identity w
which is close to w' as measured by some metric. Recently, Yang et al. proposed
a constant-size Bio-IBE scheme and proved that it is secure against adaptive
chosen-ciphertext attack (CCA2) in the random oracle model. Unfortunately, in
this paper, we will show that their Bio-IBE scheme is even not chosen-plaintext
secure. Specifically, user w using his secret key is able to decrypt any
ciphertext encrypted under an identity w' even though w is not close to w'.Comment: Journal version of the paper will be appearing in International
Journal of Network Securit