Identity-based-encryption system

US 8,320,559 B1
Filed: 08/06/2009
Issued: 11/27/2012
Est. Priority Date: 06/04/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for using identity-based-encryption (IBE) to support secure communications, comprising:

at a sender, using an IBE encryption engine implemented on computing hardware to encrypt plaintext to produce ciphertext, wherein the IBE encryption engine uses as inputs the plaintext, IBE public parameters, and an IBE public key associated with an intended recipient, wherein the IBE encryption engine produces the ciphertext using group multiplication operations and using group exponentiation operations, and wherein the group exponentiation operations are performed by computing an integer from the IBE public key and by using the computed integer as an exponent in the group exponentiation operations; and

at the recipient, using an IBE decryption engine implemented on computing hardware to decrypt the ciphertext to produce the plaintext, wherein the IBE decryption engine uses as inputs the ciphertext and an IBE private key corresponding to the IBE public key and wherein the IBE decryption engine performs decryption operations using a bilinear map.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for supporting symmetric-bilinear-map and asymmetric-bilinear-map identity-based-encryption (IBE) key exchange and encryption schemes are provided. IBE key exchange schemes use an IBE encapsulation engine to produce a secret key and an encapsulated version of the secret key. An IBE unencapsulation engine is used to unencapsulate the encapsulated key. IBE encryption schemes use an IBE encryption engine to produce ciphertext from plaintext. An IBE decryption engine is used to decrypt the ciphertext to reveal the plaintext. The IBE unencapsulation engine and decryption engines use bilinear maps. The IBE encapsulation and encryption engines perform group multiplication operations without using bilinear maps, improving efficiency. IBE private keys for use in decryption and unencapsulation operations may be generated using a distributed key arrangement in which each IBE private key is assembled from private key shares.

41 Citations

View as Search Results

24 Claims

1. A method for using identity-based-encryption (IBE) to support secure communications, comprising:
- at a sender, using an IBE encryption engine implemented on computing hardware to encrypt plaintext to produce ciphertext, wherein the IBE encryption engine uses as inputs the plaintext, IBE public parameters, and an IBE public key associated with an intended recipient, wherein the IBE encryption engine produces the ciphertext using group multiplication operations and using group exponentiation operations, and wherein the group exponentiation operations are performed by computing an integer from the IBE public key and by using the computed integer as an exponent in the group exponentiation operations; and
  
  at the recipient, using an IBE decryption engine implemented on computing hardware to decrypt the ciphertext to produce the plaintext, wherein the IBE decryption engine uses as inputs the ciphertext and an IBE private key corresponding to the IBE public key and wherein the IBE decryption engine performs decryption operations using a bilinear map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method defined in claim 1 further comprising performing setup operations at an IBE private key generator, wherein the setup operations include generating the IBE public parameters.
  - 3. The method defined in claim 1 further comprising performing setup operations at an IBE private key generator, wherein the setup operations include generating the IBE public parameters using bilinear map computations.
  - 4. The method defined in claim 1 further comprising, at the sender, using the IBE encryption engine to perform bilinear map computations.
  - 5. The method defined in claim 1 further comprising performing setup operations at an IBE private key generator, wherein the setup operations include generating the IBE public parameters using bilinear map computations and wherein using the IBE encryption engine to perform the group exponentiation operations at the sender comprises using the IBE encryption engine to perform the group exponentiation operations without performing bilinear map operations.
  - 6. The method defined in claim 1 further comprising using an IBE private key generator to publish the IBE public parameters by providing the IBE public parameters to an IBE public parameter host.
  - 7. The method defined in claim 1 wherein using the IBE encryption engine comprises using a cryptographic hash function in producing the ciphertext.
  - 8. The method defined in claim 7 wherein using the cryptographic hash function comprises hashing the IBE public key.
  - 9. The method defined in claim 1 wherein the group exponentiation operations used by the IBE encryption engine are performed on fixed bases that depend solely on the IBE public parameters.
  - 10. The method defined in claim 1 further comprising using a private key generator to generate the IBE private key corresponding to the IBE public key, wherein generating the private key comprises using group multiplication and a hash of the IBE public key.
  - 11. The method defined in claim 1 further comprising:
    - using multiple private key generators to generate a plurality of respective private key shares corresponding to the IBE public key; and
      
      at the recipient, assembling the private key shares to form the IBE private key.
  - 12. The method defined in claim 1 wherein using the IBE decryption engine to decrypt the ciphertext to produce the plaintext comprises using an asymmetric bilinear map to decrypt the ciphertext to produce the plaintext.

13. A method for using identity-based-encryption (IBE) to support key exchange operations, comprising:
- at a sender, using an IBE encapsulation engine implemented using computing hardware to produce a secret key and an encapsulated version of the key, wherein the IBE encapsulation engine uses as inputs IBE public parameters and an IBE public key associated with an intended recipient, wherein the IBE encapsulation engine produces the encapsulated key using group multiplication operations and using group exponentiation operations, and wherein the group exponentiation operations are performed by computing an integer from the IBE public key and by using the computed integer as an exponent in the group exponentiation operations; and
  
  at the recipient, using an IBE unencapsulation engine implemented on computing hardware to unencapsulate the encapsulated key to reveal the secret key, wherein the IBE unencapsulation engine uses as inputs the encapsulated key and an IBE private key corresponding to the IBE public key and wherein the IBE unencapsulation engine performs unencapsulation operations using a bilinear map.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method defined in claim 13 further comprising performing setup operations at an IBE private key generator, wherein the setup operations include generating the IBE public parameters.
  - 15. The method defined in claim 13 further comprising performing setup operations at an IBE private key generator, wherein the setup operations include generating the IBE public parameters using bilinear map computations.
  - 16. The method defined in claim 13 further comprising, at the sender, using the IBE encapsulation engine to perform bilinear map computations.
  - 17. The method defined in claim 13 further comprising performing setup operations at an IBE private key generator, wherein the setup operations include generating the IBE public parameters using bilinear map computations and wherein using the IBE encapsulation engine to perform the group exponentiation operations at the sender comprises using the IBE encapsulation engine to perform the group exponentiation operations without performing bilinear map operations.
  - 18. The method defined in claim 13 further comprising using an IBE private key generator to publish the IBE public parameters by providing the IBE public parameters to an IBE public parameter host.
  - 19. The method defined in claim 13 wherein using the IBE encapsulation engine comprises using a cryptographic hash function in producing the encapsulated key.
  - 20. The method defined in claim 19 wherein using the cryptographic hash function comprises hashing the IBE public key.
  - 21. The method defined in claim 13 wherein the exponentiation operations used by the IBE encapsulation engine are performed on fixed bases that depend solely on the IBE public parameters.
  - 22. The method defined in claim 13 further comprising using a private key generator to generate the IBE private key corresponding to the IBE public key, wherein generating the private key comprises using group multiplication and a hash of the IBE public key.
  - 23. The method defined in claim 13 further comprising:
    - using multiple private key generators to generate a plurality of respective private key shares corresponding to the IBE public key; and
      
      at the recipient, assembling the private key shares to form the IBE private key.
  - 24. The method defined in claim 13 wherein using the IBE unencapsulation engine to unencapsulate the encapsulated key to reveal the secret key comprises using an asymmetric bilinear map to unencapsulate the encapsulated key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Voltage Security Incorporated (HP Inc.)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Boneh, Dan, Boyen, Xavier
Primary Examiner(s)
Pham, Luu

Application Number

US12/537,231
Time in Patent Office

1,209 Days
Field of Search

None
US Class Current

380/30
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3073   involving pairings, e.g. id...

Identity-based-encryption system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based-encryption system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links