Security Analysis of a Multi-Receiver Identity-Based Key Encapsulation Mechanism

Jong Hwan PARK  Dong Hoon LEE  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E92-A   No.1   pp.329-331
Publication Date: 2009/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E92.A.329
Print ISSN: 0916-8508
Type of Manuscript: LETTER
Category: Cryptography and Information Security
key distribution,  identity-based key encapsulation,  multi-receiver setting,  

Full Text: PDF>>
Buy this Article

In INDOCRYPT 2006, Chatterjee and Sarkar suggested a multi-receiver identity-based key encapsulation mechanism that is secure in the full model without random oracles. Until now, it has been believed that their scheme is the only one to provide such a security feature, while achieving sub-linear size ciphertext. In this letter, we show that their scheme is insecure in the sense that any revoked user can retrieve a message encryption key, even without colluding with other revoked users. Our attack comes from an analysis of a publicly computable surjective function used in the scheme.