A Remark on “ Efficient Revocable ID-Based Encryption with a Public Channel”

Abstract

In 2001, Boneh and Franklin realized the first Identity-Based Encryption (IBE), and at the same time they proposed a simple way to revoke users from the system. Later, Boldyreva et al. pointed out that Boneh-Franklin's revocation method is not scalable well and they proposed the first IBE scheme with efficient revocation. Recently, Tseng and Tsai [Computer Journal, Vol.55 No.4, page 475-486, 2012] claimed that Boldyreva et al.'s scheme requires a secure channel between each user and the key generation center in the key update phase, and proposed a new revocable IBE (RIBE) with a public channel by extending the Boneh-Franklin scheme. In this paper, we revisit Tseng and Tsai's result; we first point out that secure channels (except for the initial key setup) are not mandatory in the definition of RIBE scheme formalized by Boldyreva et al. Next, we show that Boldyreva et al.'s scheme does not require any secure channels (except for the initial key setup), which is different from what Tseng and Tsai claimed and so invalidates their contribution of the first RIBE with a public channel. Moreover, we point out that there are simple techniques to remove secure channels from the Boneh-Franklin RIBE. Interestingly, we show that the secure-channel-free Boneh-Franklin RIBE scheme is secure against decryption key exposure, whereas the Tseng-Tsai RIBE scheme is vulnerable to this attack.