NAME
Crypt::PBC::WIBE - Implementation of the Boneh-Gentry-Goh Wildcarded Identity-based Encryption scheme.
SYNOPSIS
use Crypt::PBC::WIBE;
# Create a new instance, generate public, master secret key
my $wibe = new Crypt::PBC::WIBE( L => 2 );
# Derive Key for Alice, Bob
my $alice = $wibe->derive(1);
my $bob = $wibe->derive(2);
# Derive Subkey (notice: same ID!) for friend of alice
my $carol = $alice->derive(1);
# Recap: Alice now has the ID vector [1]
# and carol (friend of alice) has [1,1]
# Pattern: Allow all friends (*)
my $pattern = ['*'];
# Create a random element from Crypt::PBC
my $msg = $wibe->pairing->init_GT->random;
my $cipher = $wibe->encrypt_element($pattern, $msg);
die "Alice should be able to decrypt"
unless $alice->decrypt_element($cipher)->is_eq($msg);
die "Carol must be unable to decrypt"
if $carol->decrypt_element($cipher)->is_eq($msg);
OVERVIEW
This module provides an implementation to the Boneh–Boyen–Goh Wildcarded Identity-Based Encryption scheme as proposed by Abdalla et al., as appeared in Journal of Cryptology: Volume 24, Issue 1 , pp 42-82..
This implementation relies on the PBC library and thus, its Perl bindings Crypt::PBC.
DISCLAIMER
This module is part of a prototype implementation of the Boneh-Gentry-Goh WIBE. While it works fine in my tests, I advise against using it for anything productive other than experimental work.
I appreciate your input on anything you might encounter while using this module.
METHODS
The exposed methods described below follow the four algorithms from the paper closely.
new
Returns a WIBE instance. new()
expects a parameter hash with at least the following pair set:
- L
-
Pattern length / Maximum hierarchy of the encryption scheme.
and the following optional keys:
- pairing
-
A Type-A pairing. Passed directly to Crypt::PBC::new(). May be a pairing string, filehandle or filename.
- SK, MPK
-
Secret and Public Key of the system. If not set, they are generated through
setup()
.
pairing
Returns the Type-A pairing used in this WIBE instance.
See "Pairing-Functions" in Crypt::PBC.
setup
Generates the mpk (public key) and msk (master secret key) of the WIBE system and stores them in the WIBE instance.
derive
Returns a WIBE instance for a derived ID element.
Required Parameters:
- next_id
-
Next Identifier element in the hierarchy.
This serves as a shortcut for the following steps:
Create a derived key
SK[ID0, ... , IDi, next_id] = $self-
key_derive(next_id)>.Create a new WIBE instance with the same public key and the derived secret key
SK[ID0, .., IDi+1]
Returns that instance.
key_derive
Derive a key for the given ID element using the derivable secret key (DSK) of this instance.
Parameters:
- id
-
Next Identifier element in the hierarchy.
Returns the derived key of size (sk - 1), which is a simple hash with the following keys:
- key
-
The element_t secret key for the derived ID.
- ids
-
Hierarchy of the secret key.
Example:
Alice derives an identity 1 (Zp) for Bob using the Master Key. (size |L| + 2)
Bob receives a secret key of size |L| + 1 and its identity.
Bob derives an identity 0 (Zp) for Bob (i.e., the self key).
Bob can decrypt for Pattern [1,*] or [1,0].
encrypt_element
Perform an encryption for an element in G1 using the WIBE scheme.
This key may later be expanded using HKDF and used in a symmetric AE scheme as a hybrid encryption scheme.
Parameters:
- Pattern
-
An arrayref of size L with one of: 1.)
'*'
, wildcard. Can be derived by any containing the parent pattern 2.) An Identifier (int >= 0). Derived only by the owner of that identifier.Example: For L=2, possible patterns are:
['*','*']
: Decrypt possible with patterns matching'X.*'
or'X.Y'
for anyX
.['X','*']
: Decrypt possible for X and any subkeys of idX
.['X', 0 ]
: Decrypt possible for subkey 0 ofX
, which by convention isX.self
.
- m
-
An element of G1 to encrypt.
The resulting ciphertext of the encryption is a hashref.
decrypt_element
Recover the element of GT from the given ciphertext.
Required parameters:
- Ciphertext
-
The ciphertext is a hashref with (P,C1,..C4) keys, as returned from the
encrypt_element
method.
To decrypt, the secret key (SK) is used. It must be of hierarchy length >= |P| in order to be able to decrypt the pattern.
Returns an element of GT. Use Crypt::PBC/Comparison-Functions to determine the success or failure of the decryption.
AUTHOR
Oliver Günther <mail@oliverguenther.de>
COPYRIGHT
Copyright (C) 2014 by Oliver Günther
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
SEE ALSO
http://crypto.stanford.edu/pbc/
http://groups.google.com/group/pbc-devel
2 POD Errors
The following errors were encountered while parsing the POD:
- Around line 58:
Non-ASCII character seen before =encoding in 'Boneh–Boyen–Goh'. Assuming UTF-8
- Around line 504:
alternative text 'Crypt::PBC/Comparison-Functions' contains non-escaped | or /