Identity-based online/offline encryption

Abstract

We consider a scenario of identity-based encryption (IBE) where the encryption device (such as a smartcard) has low power. To improve the computation efficiency, it is desirable that part of computation can be done prior to knowing the message and the recipient (its identity or public key). The real encryption can be conducted efficiently once the message and the recipient's identity become available. We borrow the notion of online/offline signatures introduced by Even, Goldreich and Micali in 1990 and call this kind of encryption identity-based online/offline encryption (IBOOE), in the sense that the pre-computation is referred to as offline phase and the real encryption is considered as online phase. We found that this new notion is not trivial, since all previously proposed IBE schemes cannot be separated into online and offline phases so that the online phase is very efficient. However, we also found that with a proper transformation, some existing identity-based encryption schemes can be converted into IBOOE schemes with or without random oracles. We look into two schemes in our study: Boneh-Boyen IBE (Eurocrypt 2004), and Gentry IBE (Eurocrypt 2006). © 2008 Springer-Verlag Berlin Heidelberg.