As a special case of public key encryption, identity-based encryption (IBE) takes any public known information as public key for encryption and then decrypts a ciphertext by a well-generated private key from private key generator (PKG). Unlike the traditional IBE using a text-based identity (e-mail, etc.) as public key, in this paper, we aim to design a secure, time-saving and space-saving biometric identity-based encryption (BIBE) regarding the biometric-based identity (face, etc.) as public key. To overcome the challenge introduced by the fuzziness of biometric identities, First, we propose a provable-secure inner-product encryption (IPE) with short ciphertext and show the IPE is indistinguishable against selective identity, adaptive chosen-plaintext attack (IND-sID-CPA). Then, we construct a distance-based encryption (DBE) leveraging the proposed IPE and prove that the DBE captures the same security with the underlying IPE. Furthermore, we optimize the proposed DBE so that it also has short private key. We theoretically analyze the overhead of IPE, DBE, and optimized DBE (ODBE) in terms of time, space, and communication complexities. We also conduct experiments to measure the time and space costs of the proposed ODBE, and experimental results validate its effectiveness and efficiency.

Introduction

Identity-based encryption (IBE) possesses the ability of doing public key encryption without accessing to the public key certificate, and can be deployed in various practical applications. IBE allows for a sender to encrypt a message into a ciphertext using publicly known identity information of the receiver, such as e-mail address, social security number, or physical IP address. At the receiver’s side, he can extract the message from the ciphertext by decrypting it with a key generated from the identity. Figure 1 depicts the basic principle of IBE, where Alice and Bob serve as the sender and the receiver respectively. One common feature of many existing IBE schemes is that they regard identity information as a string that combine the alphabet, numbers and special symbols in any order, and such identities are called textbased identity. The text-based solutions suffer from the following weaknesses: 1) the length of the text style identity information may be too long, it is hard for decryptor to be well-remembered; 2) the identity representations may be different in various situations, the decryptor has to derive different private keys for different representations. To remedy these drawbacks, researchers proposed to employ one’s Biometric-based identities instead of text-based identity in IBE [22, 23], and the corresponding schemes are called biometric identity-based encryption (BIBE). Biometric-based identities, such as face, fingerprint, pupil, etc., can offer many interesting features that text-based identities do not provide. For example, 1) biometric identity is physical, and one does not need to remember it; 2) biometric identity is unique, and one can use the same identity representations in many different situations. Furthermore, both of these features can provide safety, because no other people can forge one’s biometric feature. Therefore, biometric-based identity is more secure and more convenient because it frees the user from remembering the text-style identity information. While biometric-based identity brings a lot of benefits, it is still challenging to leverage these biometric identities as the public keys, due to the fuzziness of the biometric measurements. In traditional IBE, it must be identical between the identity generating the private key for encryption and the other one for decryption. In BIBE, however, these two identities may not be equal but they possibly belong to the same user due to the fuzziness. For this reason, the traditional IBE is out of order, and we are motivated to build a BIBE scheme that works successfully as long as two identities mentioned above are close to each other. A trivial approach is to employ a fuzzy identity-based encryption (FIBE) [42] for fault-tolerance. However, the methods of FIBE do not always suitable for practical deployment. Because the similarity measurements in FIBE are also based on text-style methods, such as Hamming distance, it is not applicable for BIBE when more practical similarity measurements are employed, such as Euclid distance and Mahalanobis distance.