Theory of Cryptography

Volume 6597 of the series Lecture Notes in Computer Science pp 235-252

Identity-Based Encryption Secure against Selective Opening Attack

  • Mihir BellareAffiliated withDepartment of Computer Science and Engineering, University of California
  • , Brent WatersAffiliated withDepartment of Computer Science, University of Texas
  • , Scott YilekAffiliated withDepartment of Computer and Information Sciences, University of St. Thomas


We present the first IBE schemes that are proven secure against selective opening attack (SOA). This means that if an adversary, given a vector of ciphertexts, adaptively corrupts some fraction of the senders, exposing not only their messages but also their coins, the privacy of the unopened messages is guaranteed. Achieving security against such attacks is well-known to be challenging and was only recently done in the PKE case. We show that IBE schemes having a property we call 1-sided public openability (1SPO) yield SOA secure IBE schemes and then provide two 1SPO IBE schemes, the first based on the Boyen-Waters anonymous IBE and the second on Waters’ dual-system approach.