Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Propose a Revocable Identity-Based Encryption Scheme

Posted by timothy on from the now-who-was-I? dept.

jd writes Identity-based public key encryption works on the idea of using something well-known (like an e-mail address) as the public key and having a private key generator do some wibbly-wobbly timey-wimey stuff to generate a secure private key out if it. A private key I can understand, secure is another matter. In fact, the paper notes that security has been a big hassle in IBE-type encryption, as has revocation of keys. The authors claim, however, that they have accomplished both. Which implies the public key can't be an arbitrary string like an e-mail, since presumably you would still want messages going to said e-mail address, otherwise why bother revoking when you could just change address?

Anyways, this is not the only cool new crypto concept in town, but it is certainly one of the most intriguing as it would be a very simple platform for building mostly-transparent encryption into typical consumer apps. If it works as advertised. I present it to Slashdot readers to engender discussion on the method, RIBE in general and whether (in light of what's known) default strong encryption for everything is something users should just get whether they like it or not.

5 of 76 comments (clear)

  1. Not distributed by Animats · · Score: 4, Interesting

    I'm not qualified to judge whether it's secure, but it's not distributed. "Each user is provided by PKG with a set of private keys corresponding to his/her identity for each node on the path from his/her associated leaf to the root of the tree via a secure channel as in IBE scheme." So there's a tree of all users, maintained by somebody. I think; the paper suffered in translation.

  2. Something seems off... by penguinoid · · Score: 4, Interesting

    If the email address is the public key, and then you generate a private key from that... what's to stop someone else from generating your private key from the email address?

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Something seems off... by jarkus4 · · Score: 4, Informative

      from wiki (http://en.wikipedia.org/wiki/ID-based_encryption)

      Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use the identity ID contacts the PKG, which uses the master private key to generate the private key for identity ID.

  3. Oh please. by andyn · · Score: 5, Insightful

    having a private key generator do some wibbly-wobbly timey-wimey stuff to generate a secure private key out if it.

    This is Slashdot. Pretty please stop underestimating our skills.

  4. wibbly-wobbly timey-wimey stuff by thegarbz · · Score: 5, Funny

    Oh thank god for a moment I thought I was going to get a dumbed down news article rather than news for nerds. Good to see they cover the technical details like the "wibbly-wobbly timey-wimey stuff" in the summary.