Security of a biometric identity-based encryption scheme
Miaomiao Tian, Wei Yang, Liusheng Huang
TL;DR
This paper critically examines a recent biometric identity-based encryption scheme, revealing that it is vulnerable to chosen-plaintext attacks despite claims of security against adaptive chosen-ciphertext attacks.
Contribution
The paper demonstrates that the proposed Bio-IBE scheme is not secure against chosen-plaintext attacks, challenging previous security claims and highlighting the need for more robust designs.
Findings
The scheme is vulnerable to chosen-plaintext attacks.
User secret keys can decrypt ciphertexts under unrelated identities.
Previous security proofs do not hold under practical attack scenarios.
Abstract
Biometric identity-based encryption (Bio-IBE) is a kind of fuzzy identity-based encryption (fuzzy IBE) where a ciphertext encrypted under an identity w' can be decrypted using a secret key corresponding to the identity w which is close to w' as measured by some metric. Recently, Yang et al. proposed a constant-size Bio-IBE scheme and proved that it is secure against adaptive chosen-ciphertext attack (CCA2) in the random oracle model. Unfortunately, in this paper, we will show that their Bio-IBE scheme is even not chosen-plaintext secure. Specifically, user w using his secret key is able to decrypt any ciphertext encrypted under an identity w' even though w is not close to w'.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBiometric Identification and Security · Chaos-based Image/Signal Encryption · User Authentication and Security Systems