University of Tartu - **©2011 Rafik Chaabouni** - Last update: 09.10.2012 07:28

**Date:** 17/10/2012 **Location:** J. Liivi 2, room 317 (next to the coffee room)

**Speaker:**
Peeter Laud

**Title:**
No identity-based encryption in the generic group model

**Abstract:**

Identity-based cryptography does away with the need to distribute public-key certificates because each party's name can also serve as his/her public key. Identity-based analogues for various primitives (encryption, signing, etc.) have been proposed; their usage may reduce the deployment costs of cryptography in some scenarios. A generic group is an idealized construct, representing a group where nothing about the internal representation of the group elements is known. Group operations and equality checks are the only possible operations with the elements. Several group-theoretic hardness assumptions are provably valid in the generic group. In cryptography, generic group model can be used to provide upper bounds on security of certain constructions, as well as to prove their security against generic attacks. In this talk we show that identity-based encryption (IBE) schemes cannot be constructed in the generic group model. In other words, for any purported IBE scheme there exists an adversary that breaks its security. The adversary is not necessarily efficient, but it is constrained to perform only a small number of group operations. The result shows that the security of an IBE scheme cannot be based on any hardness assumption that is valid in the generic group.