Boneh–Franklin scheme
The Boneh–Franklin scheme is an identity-based encryption system proposed by Dan Boneh and Matthew K. Franklin in 2001. This article refers to the protocol version called BasicIdent. It is an application of pairings over elliptic curves and finite fields.
Groups and parameters
As the scheme is based upon pairings, all computations are performed in two groups, and :For, let be prime, and consider the elliptic curve over. Note that this curve is not singular as only equals for the case which is excluded by the additional constraint.
Let be a prime factor of and find a point of order. is the set of points generated by :
is the subgroup of order of. We do not need to construct this group explicitly and thus don't have to find a generator.
is considered an additive group, being a subgroup of the additive group of points of, while is considered a multiplicative group, being a subgroup of the multiplicative group of the finite field.
Protocol description
Setup
The public key generator chooses:- the public groups and as stated above, with the size of depending on security parameter,
- the corresponding pairing,
- a random private master-key,
- a public key,
- a public hash function,
- a public hash function for some fixed and
- the message space and the cipher space
Extraction
To create the public key for, the PKG computes- and
- the private key which is given to the user.
Encryption
Given, the ciphertext is obtained as follows:- ,
- choose random,
- compute and
- set.
Decryption
Given, the plaintext can be retrieved using the private key:Correctness
The primary step in both encryption and decryption is to employ the pairing and to generate a mask that is xor'ed with the plaintext. So in order to verify correctness of the protocol, one has to verify that an honest sender and recipient end up with the same values here.The encrypting entity uses, while for decryption, is applied. Due to the properties of pairings, it follows that: