标准模型下可公开验证的匿名IBE方案的安全性分析

现有的可公开验证的匿名基于身份的加密（Identity-Based Encryption，IBE）机制声称解决了在静态困难性假设之上构造紧的选择密文安全的IBE机制的困难性问题.然而，本文发现，由于该机制的密文不具备防扩展性，使得任何敌手可基于已知的有效密文生成任意消息的合法加密密文，导致该机制无法满足其所声称的选择密文安全性.我们根据不同的密文相等判定条件分别提出两种方法对原始方案的安全性进行了分析，同时在分析基础上指出原始安全性证明过程中所存在的不足.

On the Security of Publicly Verifiable Anonymous IBE Scheme in the Standard Model

How to create an identity-based encryption (IBE) scheme with tight chosen-ciphertext attacks (CCA) security based on the static assumption is an open problem.A publicly verifiable anonymous IBE scheme designed in the standard model claimed that the CCA security of proposed scheme was proved based on the classic static assumption.However, in this paper, we demonstrate that the previous IBE scheme cannot achieve the claimed CCA security because the ciphertext was extensile.In other words, a valid encrypted ciphertext can be forged by any adversary from a known ciphertext.To analyze the security of the previous IBE scheme, two methods are proposed based on the criterion of ciphertext equality.Additionally, based on the analysis of the previous IBE scheme, we point out the shortcomings of the original security proof.