Identity-based online/offline key encapsulation and encryption

Sherman Sze-Ming Chow, Joseph K Liu, Jianying Zhou

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

43 Citations (Scopus)


An identity-based online/offline encryption (IBOOE) scheme splits the encryption process into two phases. The first phase performs most of the heavy computations, such as modular exponentiation or pairing over points on elliptic curve. The knowledge of the plaintext or the receiver s identity is not required until the second phase, where the ciphertext is produced by only light computations, such as integer addition/multiplication or hashing. This division of computations makes encryption affordable by devices with limited computation power since the preparation works can be executed\offline or possibly by some powerful devices. The identity-based (ID-based) nature of the scheme also allows the preparation of ciphertext without certificate verification. Since efficiency is the main concern, less burden in the computation requirements of all phases (i.e., both phases of encryption and the decryption phase) and smaller ciphertext size are desirable. In this paper, we propose new schemes with improved efficiency over previous schemes by assuming random oracles. Our first construction is a very efficient scheme secure against chosen-plaintext attack (CPA), which is just slightly modified from an existing scheme. We then proceed to propose a new notion called ID-based Online/Offline KEM (IBOOKEM) that allows the key encapsulation process to be split into offline and online stages, in the same way as IBOOE does. We also present a generic transformation to get security against chosen-ciphertext attack (CCA) for IBOOE from any IBOOKEM scheme with one-wayness only. Our schemes (both CPA and CCA) are the most efficient one in the state-of-the-art, in terms of online computation and ciphertext size, which are the two main focuses of online/offline schemes. Our schemes are very suitable to be deployed on embedded devices such as smartcard or wireless sensor which have very limited computation powers and the communication bandwidth is very expensive.
Original languageEnglish
Title of host publicationProceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011)
EditorsRavi Sandhu, Duncan S Wong
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Pages52 - 60
Number of pages9
ISBN (Print)9781450305648
Publication statusPublished - 2011
Externally publishedYes
EventACM Symposium on Information, Computer and Communications Security 2011 - Hong Kong, China
Duration: 22 Mar 201124 Mar 2011
Conference number: 6th


ConferenceACM Symposium on Information, Computer and Communications Security 2011
Abbreviated titleAsiaCCS 2011
CityHong Kong
Internet address

Cite this