- Page 1: Construction of (Hierarchical) Iden
- Page 7: ACKNOWLEDGMENT This dissertation ma
- Page 10 and 11: 4.2.1 The Tate Pairing . . . . . .
- Page 13 and 14: Chapter 1 Introduction Science, it
- Page 15 and 16: Shamir posed a challenge to the cry
- Page 17 and 18: Detailed algorithms are presented i
- Page 19 and 20: Chapter 2 Preliminaries In this cha
- Page 21 and 22: advantage ɛ(κ) in solving the BDH
- Page 23 and 24: Decisional Weak Bilinear Diffie-Hel
- Page 25 and 26: 2.4.1 Hierarchical Identity-Based E
- Page 27 and 28: Phase 2: A now issues additional qu
- Page 29 and 30: Challenge: At this stage, A outputs
- Page 31 and 32: it is assumed that, given a securit
- Page 33 and 34: Note that, based on Pr[c = 0] = δ,
- Page 35 and 36: 3.1.1 Hierarchical Identity-Based E
- Page 37 and 38: 3.2 From Random Oracle to Standard
- Page 39 and 40: Initialization: A commits to a targ
- Page 41 and 42: Encrypt: To encrypt a message M ∈
- Page 43 and 44: 3.4 HIBE with Shortened Ciphertext
- Page 45 and 46: 1. Key-Gen(1 κ ) outputs (vk, sk).
- Page 47 and 48: achieve CCA-security. Protocols suc
- Page 49 and 50: efficient algorithm. In comparison,
- Page 51 and 52: (−x, iy) ∈ IF p 2 ×IF p 2 with
- Page 53 and 54:
The ultimate result is raised to th
- Page 55 and 56:
P = (α, β) to obtain P ′ = −P
- Page 57 and 58:
- Cost of Steps 1 and 2 in EncIdbl
- Page 59 and 60:
Thus, for parallel version of pairi
- Page 61 and 62:
Chapter 5 Identity-Based Encryption
- Page 63 and 64:
Decrypt: Let C = (C 1 , C 2 , C 3 )
- Page 65 and 66:
p − mk + x + ∑ l i=1 x iv i , J
- Page 67 and 68:
Let abort be the event of the simul
- Page 69 and 70:
Suppose, |p (l) | (resp. |G (l) 2 |
- Page 71 and 72:
encryption of the message using the
- Page 73 and 74:
If A is successful in forging the s
- Page 75 and 76:
Chapter 6 Extending IBE to HIBE wit
- Page 77 and 78:
Encrypt: Let v = (v 1 , . . . , v j
- Page 79 and 80:
6.3.1 Security Reduction The securi
- Page 81 and 82:
We require B j to be equal to cV j
- Page 83 and 84:
Multiplying (6.3.7) by −1 and put
- Page 85 and 86:
The probability is over the indepen
- Page 87 and 88:
= = = [ h ∗ 1 ∧ Pr (1 + µ l )
- Page 89 and 90:
Chapter 7 Generalization of the Sel
- Page 91 and 92:
2. In the challenge stage, the adve
- Page 93 and 94:
If h > 1, then we have proper HIBE.
- Page 95 and 96:
sensitive identities like sysadmin.
- Page 97 and 98:
Encrypt: Suppose a message M is to
- Page 99 and 100:
plays the security game (h, n ′ )
- Page 101 and 102:
Challenge Generation: The adversary
- Page 103 and 104:
For u + 1 ≤ i ≤ h choose a rand
- Page 105 and 106:
obtain an MR-IBE protocol which is
- Page 107 and 108:
tuple (Q i,1 , . . . , Q i,ni ). Th
- Page 109 and 110:
where n = ∑ h i=1 n i. Proof : We
- Page 111 and 112:
Hence, This shows A = = ∑n i l=1
- Page 113 and 114:
decreases. However, the security of
- Page 115 and 116:
ɛ ≤ 2ɛ ′ /λ; t ′ = t + O(u
- Page 117 and 118:
The security of FullccHIBE is based
- Page 119 and 120:
a suitable large prime. It is an ea
- Page 121 and 122:
Now, suppose in the challenge phase
- Page 123 and 124:
Setup: Let 〈P 〉 = G 1 . Choose
- Page 125 and 126:
Y i = α i P for some random α ∈
- Page 127 and 128:
∑u ′ ( = γ cj P + vjY ∗ h−
- Page 129 and 130:
Decrypt: To decrypt CT = (A, B, C)
- Page 131 and 132:
Y h . So B can compute all these ˜
- Page 133 and 134:
Setup: Let P be a generator of G 1
- Page 135 and 136:
Phase 1: Suppose A asks for the pri
- Page 137 and 138:
Chapter 10 Conclusion We conclude t
- Page 139 and 140:
Table 10.1: Comparison of HIBE Prot
- Page 141 and 142:
Bibliography [1] Michel Abdalla, Mi
- Page 143 and 144:
[20] Dan Boneh and Matthew K. Frank
- Page 145 and 146:
[43] Gerhard Frey, Michael Müller,
- Page 147 and 148:
[68] Benoît Libert and Jean-Jacque