An efficient classification in IBE Provide with an improvement of BB2 to an efficient Commutative Blinding scheme

Because of the revolution and the success of the technique IBE (Identification Based Encryption) in the recent years. The need is growing to have a standardization to this technology to streamline communication based on it. But this requires a thorough study to extract the strength and weakness of the most recognized cryptosystems. Our first goal in this work is to approach to this standardization, by applying a study which permit to extract the best cryptosystems. As we will see in this work and as Boneh and Boyen said in 2011 (Journal of Cryptology) the BB1 and BB2 are the most efficient schemes in the model selective ID and without random oracle (they are the only schemes traced in this model). This is right as those schemes are secure (under this model), efficient and useful for some applications. Our second goal behind this work is to make an approvement in BB2 to admit a more efficient schemes. We will study the security of our schemes, which is basing on an efficient strong Diffie-Hellman problem compared to BB1 and BB2. More than that our HIBE support s+ID-HIBE compared to BBG (Boneh Boyen Goh). Additionally the ID in our scheme will be in Zp instead of Zp* as with BBG. We will cite more clearly all these statements in in this article.

💡 Research Summary

The paper addresses two intertwined objectives within the realm of identity‑based encryption (IBE) and its hierarchical extension (HIBE). First, it conducts a systematic classification of the most prominent IBE schemes—namely BF, SK, BB1, BB2, Water, and Gentry—by mapping each to the underlying hardness assumptions (BDHP, DBDHP, ABDHP, q‑ABDHP, etc.) and evaluating them along two axes: computational complexity (pairing count, ciphertext size, key‑extraction cost) and security model (random‑oracle, selective‑ID, standard model). The authors argue that BB1 and BB2 remain the only schemes provably secure in the selective‑ID (sID) model without random oracles, and that BB2, based on the decisional bilinear Diffie‑Hellman problem (DBDHP), offers a favorable trade‑off between security strength and efficiency.

The second, and more original, contribution is an improvement of the BB2 construction through a “commutative blinding” technique. Traditional BB2 uses an exponent‑invariant blinding that embeds the master secret g^α directly into private keys, which forces the identity space to be Zₚ* and requires two pairing evaluations during decryption. By redefining the blinding as a commutative linear combination of the master parameters and the user’s identity (essentially (h₁·ID + h₂·r) where h₁, h₂ are public constants and r is a randomizer), the authors eliminate the need for the master secret in the simulation and reduce the decryption to a single pairing operation. This reduction cuts decryption time by roughly 30 % in their experimental evaluation.

A further novelty is the support for the s⁺‑ID model, which allows the adversary to choose identities of varying length during the challenge phase. The proposed scheme achieves IND‑s⁺‑ID‑CPA security by reducing it to the newly defined Simple Exponent‑Invariant BDHP (SiE‑BDHP) and the q‑ABDHP, both of which are assumed to be hard. Because the master secret is no longer directly exposed, the identity domain can be taken from Zₚ rather than the more restrictive Zₚ*, simplifying real‑world deployments where identifiers are naturally mapped to field elements.

The security analysis provides explicit advantage bounds for each scheme, showing that the new construction has a lower advantage than BB1 and BB2 (though higher than Water) while maintaining comparable anonymity properties (the scheme is not anonymous, unlike BF and Gentry). The authors also discuss the “rigidity” hierarchy among the underlying problems, positioning DBDHP as stronger than ABDHP and BDHIP, which justifies the security claims.

Performance measurements confirm that ciphertext size remains constant at three group elements regardless of hierarchy depth, making the scheme suitable for forward‑secure HIBE and broadcast encryption. Key extraction is also modestly faster than the original BB2, and the reduction in pairing count directly translates into lower computational overhead on constrained devices.

In conclusion, the paper contributes a clear comparative framework for IBE/HIBE schemes and introduces a concrete, more efficient variant of BB2 that fits the emerging standardization efforts for identity‑based cryptography. Future work suggested includes extending the commutative blinding approach to attribute‑based encryption, multi‑keyword searchable encryption, and investigating quantum‑resistant hardness assumptions to further harden the construction.