Jhanwar-Barua’s identity-based encryption revisited
In FOCS'07, Boneh, Gentry and Hamburg presented an identity- based encryption (IBE) system (BasicIBE) based on the quadratic resid- uosity (QR) assumption. A BasicIBE encryption of an l-bit message has a short ciphertext of log2 N + 2l bits where N is an RSA composite. However, it is not time-efficient due to solving l + 1 equations in the form Rx2 + Sy2 =1 (mod N). Jhanwar and Barua presented a variant of BasicIBE in which the encryptor only solves 2 (tick)l such equations. In additionm the decryption key is decreased to only one element in ZN. However, the ciphertext size increases from a singel element to 2 (tick)l elements in ZN. In this paper, we revisit the Jhanwar-Barua (JB) system and review its security. We prove that this system is not IND-ID-CPA secure and present a solution to the security flaw of this system. We also point out a flaw in the security proof of the JB system and propose two different security proofs for the fixed system. We prove that it has the same security as the original BasicIBE system.