Identity-based server-aided decryption

Abstract

Identity-Based Cryptosystem plays an important role in the modern cryptography world, due to the elimination of the costly certificate. However, all practical identity-based encryption schemes require pairing operation in the decryption stage. Pairing is a heavy mathematical algorithm, especially for resource-constrained devices such as smart cards or wireless sensors. In other words, decryption can hardly be done in these devices if identity-based cryptosystem is employed. We solve this problem by proposing a new notion called Identity-Based Server-Aided Decryption. It is similar to normal identity-based encryption scheme, but it further enables the receiver to decrypt the ciphertext without needing to compute pairing with the assistance of an external server. Secure mechanisms are provided to detect whether the server has computed correctly and prevent the server from getting any information about the plaintext or the user secret key. We give two concrete instantiations of this notion. © 2011 Springer-Verlag.