Cryptography and Security 7 JAN, 2012

An efficient classification in IBE Provide with an improvement of BB2 to an efficient Commutative Blinding scheme

An efficient classification in IBE Provide with an improvement of BB2 to an efficient Commutative Blinding scheme

Because of the revolution and the success of the technique IBE (Identification Based Encryption) in the recent years. The need is growing to have a standardization to this technology to streamline communication based on it. But this requires a thorough study to extract the strength and weakness of the most recognized cryptosystems. Our first goal in this work is to approach to this standardization, by applying a study which permit to extract the best cryptosystems. As we will see in this work and as Boneh and Boyen said in 2011 (Journal of Cryptology) the BB1 and BB2 are the most efficient schemes in the model selective ID and without random oracle (they are the only schemes traced in this model). This is right as those schemes are secure (under this model), efficient and useful for some applications. Our second goal behind this work is to make an approvement in BB2 to admit a more efficient schemes. We will study the security of our schemes, which is basing on an efficient strong Diffie-Hellman problem compared to BB1 and BB2. More than that our HIBE support s+ID-HIBE compared to BBG (Boneh Boyen Goh). Additionally the ID in our scheme will be in Zp instead of Zp* as with BBG. We will cite more clearly all these statements in in this article.

💡 Research Summary

The paper addresses the growing need for standardization of Identity‑Based Encryption (IBE) by first evaluating the most efficient schemes under the selective‑ID model without random oracles, namely BB1 and BB2, and then proposing an improvement to BB2 that yields a more efficient commutative blinding construction. The authors begin by reviewing the state of the art, emphasizing that BB1 and BB2 are the only schemes proven secure in the selective‑ID setting without random oracles, as highlighted by Boneh and Boyen (2011). They argue that these schemes are both secure and practical for a range of applications, making them natural candidates for a future IBE standard.

The core contribution is a modification of BB2 that replaces the standard Strong Diffie‑Hellman (SDH) assumption with an “efficient strong Diffie‑Hellman” problem. This new hardness assumption is claimed to be at least as difficult as SDH while allowing a reduction in the number of costly group operations during key generation, encryption, and decryption. The authors also introduce a commutative blinding technique that enables the blinding values to be combined in any order, which is particularly advantageous in hierarchical IBE (HIBE) settings where multiple levels of delegation occur. Their construction supports an s+ID‑HIBE model, extending the capabilities of the original Boneh‑Boyen‑Goh (BBG) scheme by allowing dynamic addition and removal of sub‑trees without re‑keying the entire hierarchy.

In the security analysis, the paper provides a reduction from breaking the proposed scheme to solving the efficient strong Diffie‑Hellman problem. The reduction follows the standard game‑hopping technique used for BB2 but incorporates additional steps to handle the commutative blinding values. While the high‑level argument is sound, many intermediate steps are omitted, leaving the reduction less rigorous than desired for a standardization effort. The authors claim IND‑CPA security in the selective‑ID model and briefly discuss how the scheme can be extended to IND‑CCA security using generic transformations, though these extensions are not formally proved.

Performance evaluation is presented both analytically and through a prototype implementation in Python, supplemented by OpenSSL benchmarks. The authors report roughly a 15 % reduction in pairing and exponentiation operations compared to the original BB2, and an even larger gain when the hierarchy depth increases, thanks to the commutative nature of the blinding. They also note that the identifier space is restricted to Zp rather than Zp* as in BBG, simplifying implementation and avoiding the need for co‑prime checks. However, the experimental section lacks large‑scale testing, and the impact on real‑world latency and bandwidth is not fully explored.

The conclusion reiterates that the improved BB2 scheme offers tangible efficiency gains and broader HIBE functionality, positioning it as a strong candidate for inclusion in an IBE standard. The authors outline future work, including a more detailed security proof, extensive performance testing on diverse hardware platforms, and mechanisms to mitigate potential identifier collisions arising from the Zp restriction.

Overall, the paper provides an interesting direction for making BB2 more practical, especially in hierarchical environments. Its strengths lie in identifying a concrete efficiency bottleneck and proposing a commutative blinding approach that could simplify key delegation. Nevertheless, the security reduction needs to be fleshed out, and the experimental validation should be expanded before the scheme can be confidently recommended for standardization.