Full black-box retrievable and accountable identity-based encryption

Publication Name

Computer Standards and Interfaces


Accountable identity-based encryption (A-IBE) was proposed to relieve the key escrow problem caused by the fully trustworthy private-key generator (PKG) in the IBE system, where the true generator of private keys or decoder boxes can be traced back to the PKG or related users. Retrievable A-IBE (RA-IBE) enhances the security of A-IBE by providing retrievability to the master secret key of the PKG when more than one private key of the same user are released. RA-IBE strengthens the deterrent effect of A-IBE against the PKG since disclosure of the master secret key could lead to the breakdown of the entire IBE system. However, current RA-IBE schemes only provide retrievability in a white-box model, which limits the ability to support traceability and retrievability on well-formed private keys only. This overlooks the fact that a malicious PKG can easily conceal a private key within a decoder box, making the inserted private key inaccessible. To overcome this limitation, we propose a full black-box RA-IBE scheme, where traceability and retrievability of decoder boxes are provided while the malicious PKG is allowed to access the decryption oracle in the security model simultaneously. We first give the formal definition and security models of full black-box RA-IBE and then present a concrete construction. In our construction, a user interacts with the PKG to obtain its private key and an additional commitment tuple with which the user can retrieve the master secret key of the PKG using a related decoder box generated by the PKG. Finally, we show that the proposed full black-box RA-IBE scheme is secure in the random oracle model.

Open Access Status

This publication is not available as open access



Article Number


Funding Number


Funding Sponsor

Australian Research Council



Link to publisher version (DOI)