Abstract
We introduce the concept of hierarchical identity-based encryption (HIBE)
schemes,
give precise definitions of their security and mention some applications.
A two-level HIBE (2-HIBE) scheme consists of a root private key generator (PKG),
domain PKGs and users, all of which are associated with primitive IDs
(PIDs) that are arbitrary strings.
A user's public key consists of their PID and their domain's PID
(in whole
called an address).
In a regular IBE (which corresponds to a 1-HIBE) scheme, there is only
one PKG that distributes private keys to each user (whose public keys are
their PID).
In a 2-HIBE, users retrieve their private key from their domain PKG.
Domain PKGs can compute the private key of any user in their domain,
provided they have
previously requested their domain secret key from the root PKG (who possesses
a master secret).
We can go beyond two levels by adding subdomains, subsubdomains, and so on.
We present a two-level system with total
collusion resistance at the upper (domain) level and partial
collusion resistance at the lower (user) level, which has chosen-ciphertext
security in the random-oracle model.
Reference
Jeremy Horwitz
and Ben Lynn,
"Toward Hierarchical Identity-Based Encryption", Advances
in Cryptology: EUROCRYPT 2002 (LNCS 2332), pp. 466-481, 2002.
Copies of the paper
PostScript
PDF
gzipped PostScript
Return to ...
my home
page my publications
Department of Mathematics and Computer Science
Santa Clara University
Jeremy Horwitz
Last modified: Mon Dec 27 20:45:34 PST 2004