2006 年 1 巻 2 号 p. 929-941
Identity based encryption (ΙΒε) schemes have been flourishing since the very beginning of this century. In ΙΒε, proving the security of a scheme in the sense of IND-ID-CCA2is widely believed to be sufficient to claim that the scheme is also secure in the senses of both SS-ID-CCA2 and NM-ID-CCA2. The justification for this belief is the relations among indistinguishability (IND), semantic security (SS) and non-malleability (NM). However these relations have been proved only for conventional public key encryption (ΡΚε) schemes in previous works. The fact is that ΙΒε and ΡΚε have a difference of special importance, i.e., only in ΙΒε can the adversaries perform a particular attack, namely, the chosen identity attack. In this paper we have shown that security proved in the sense of IND-ID-CCA2 is validly sufficient for implying security in any other sense in ΙΒε. This is to say that the security notion, IND-ID-CCA2, captures the essence of security for all ΙΒε schemes. To show this, we first formally defined the notions of security for ΙΒε, and then determined the relations among IND, SS and NM in ΙΒε, along with rigorous proofs. All of these results take the chosen identity attack into consideration.
