Secure and {\sl Practical} Identity-Based Encryption
Abstract
In this paper, we present a variant of Waters' Identity-Based Encryption scheme with a much smaller public-key size (only a few kilobytes). We show that this variant is semantically secure against passive adversaries in the standard model.\smallskip
In essence, the new scheme divides Waters' public key size by a factor
ℓ
at the cost of (negligibly) reducing security by
ℓ
bits. Therefore, our construction settles an open question asked by Waters and constitutes the first fully secure {\sl practical} Identity-Based Encryption scheme