Author: AmitabhAmitabh
Date: May 23, 2008 13:55
Hi,
The question I have has most likely been answered in the literature,
so I'd like some references from you knowledgeable folks.
In a standard IBE scheme, we define IND-ID-CCA2 security using
following game:
(1) Setup: (challenger gives IBE master public key to attacker A)
(2) Phase 1 queries:
a. Extract (ID) returns private key of ID to A.
b. Decrypt (ID, c) returns decryption of c (if valid) under ID to
A.
(3)Challenge Phase: A outputs ID*, m_0, m_1 (equal length messages)
and gets c*=encryption of m_b under ID* for b \in {0,1}
(4) Phase 2 queries: as in phase 1.
(5) Output: A outputs bit b'
A wins if b=b', no extract query on ID* and no decrypt query on (ID*,
c*) in Phase 2.
| 
