Provable Security

Volume 6980 of the series Lecture Notes in Computer Science pp 68-83

Verifiable Security of Boneh-Franklin Identity-Based Encryption

  • Gilles BartheAffiliated withIMDEA Software Institute
  • , Federico OlmedoAffiliated withIMDEA Software Institute
  • , Santiago Zanella BéguelinAffiliated withIMDEA Software Institute

* Final gross prices may vary according to local VAT.

Get Access


Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an encryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. Although the concept of IBE was introduced by Shamir in 1981, constructing a practical IBE scheme remained an open problem for years. The first satisfactory solution was proposed by Boneh and Franklin in 2001 and constitutes one of the most prominent applications of pairing-based cryptography. We present a game-based machine-checked reduction of the security of the Boneh-Franklin IBE scheme to the Bilinear Diffie-Hellman assumption, and analyze its tightness by providing an exact security bound. Our proof simplifies and clarifies the original proof by Boneh and Franklin and can be automatically verified by running a trusted checker.


Bilinear Diffie-Hellman problem Boneh-Franklin scheme CertiCrypt iddentity-based encryption pairing-based cryptography verifiable security