## Documentation ¶

### Overview ¶

SA1019: Package golang.org/x/crypto/bn256 is deprecated: due to its weakened security, new systems should not rely on this elliptic curve. This package is frozen, and not implemented in constant time. There is a more complete implementation at github.com/cloudflare/bn256, but note that it suffers from the same security issues of the underlying curve.

Package ibe implements identity-based encryption.

This package defines interfaces for identity-based-encryption (IBE) and provides specific implementations of those interfaces. The idea was first proposed in 1984 by Adi Shamir in "Identity-Based Cryptosystems And Signature Schemes" (http://discovery.csc.ncsu.edu/Courses/csc774-S08/reading-assignments/shamir84.pdf) and a construction based on the Bilinear Diffie-Hellman problem was described in "Identity-Based Encryption from the Weil Paring" by Dan Boneh and Matthew Franklin (http://crypto.stanford.edu/~dabo/papers/bfibe.pdf).

As described in the those papers, an IBE scheme consists of four operations:

(1) Setup: Which generates global system parameters and a master key.

(2) Extract: Uses the master key and global system parameters to generate the private key corresponding to an arbitrary identity string.

(3) Encrypt: Uses the global system parameters to encrypt messages for a particular identity.

(4) Decrypt: Uses the private key (and global system parameters) to decrypt messages. To be clear, the private key here is for the identity (sometimes referred to as the "identity key" in literature) and not the master secret.

This package defines 3 interfaces: one for Extract, one for Encrypt and one for Decrypt and provides Setup function implementations for different IBE systems (at the time of this writing, only for the Boneh-Boyen scheme).

### Index ¶

### Constants ¶

This section is empty.

### Variables ¶

This section is empty.

### Functions ¶

#### func MarshalMasterKey ¶

MarshalMasterKey encodes the private component of m into a byte slice.

#### func MarshalParams ¶

MarshalParams encodes p into a byte slice.

#### func MarshalPrivateKey ¶

func MarshalPrivateKey(k PrivateKey) ([]byte, error)

MarshalPrivateKey encodes the private component of k into a byte slice.

### Types ¶

#### type Master ¶

type Master interface { Extract(id string) (PrivateKey, error) Params() Params }

Master is the interface used to extract private keys for arbitrary identities.

#### func SetupBB1 ¶

Setup creates an ibe.Master based on the BB1 scheme described in "Efficient Selective Identity-Based Encryption Without Random Oracles" by Dan Boneh and Xavier Boyen (http://crypto.stanford.edu/~dabo/papers/bbibe.pdf).

Specifically, Section 4.3 of the paper is implemented.

In addition, we apply the Fujisaki-Okamoto transformation to the BB-IBE scheme (http://link.springer.com/chapter/10.1007%2F3-540-48405-1_34) in order to obtain CCA2-security (in the random oracle model). The resulting scheme is a CCA2-secure hybrid encryption scheme where BB-IBE is used to encrypt a nonce used to derive a symmetric key, and NaCl/secretbox is used to encrypt the data under the symmetric key.

#### func SetupBB2 ¶

Setup creates an ibe.Master based on the BB2 scheme described in "Efficient Selective Identity-Based Encryption Without Random Oracles" by Dan Boneh and Xavier Boyen (http://crypto.stanford.edu/~dabo/papers/bbibe.pdf).

Specifically, a variant of Section 5.1 (from the section labeled Hash-BDHI construction in Section 5.1) of the paper is implemented.

In addition, we apply the Fujisaki-Okamoto transformation to the BB-IBE scheme (http://link.springer.com/chapter/10.1007%2F3-540-48405-1_34) in order to obtain CCA2-security (in the random oracle model). The resulting scheme is a CCA2-secure hybrid encryption scheme where BB-IBE is used to encrypt a nonce used to derive a symmetric key, and NaCl/secretbox is used to encrypt the data under the symmetric key.

The BB2 scheme uses approximately 30% less CPU for the Decrypt operation compared to the BB1 scheme, and public keys are more compact (3 group elements vs. 5 group elements). The main disadvantage is that it relies on a more complicated assumption on bilinear groups (the hash bilinear Diffie- Hellman inversion assumption). This assumption holds in the generic group model, and to date, there are no known attacks on the assumption other than the generic ones.

#### type Params ¶

type Params interface { // Encrypt encrypts m into C for the identity id. // // The slice C must be of size len(m) + CiphertextOverhead(), and the two // slices must not overlap. Encrypt(id string, m, C []byte) error // The additional space required to encrypt a message, that is, // if a message has length m, the size of the ciphertext is // m + CiphertextOverhead(). CiphertextOverhead() int }

Params represents the global system parameters that are used to encrypt messages for a particular identity.

#### func UnmarshalParams ¶

UnmarshalParams parses an encoded Params object.

#### type PrivateKey ¶

type PrivateKey interface { // Decrypt decrypts ciphertext C into m. // // The slice m must be of size len(C) - CiphertextOverhead(), and the two // sices must not overlap. Decrypt(C, m []byte) error // Params returns the global system parameters of the Master that // was used to extract this private key. Params() Params }

PrivateKey is the interface used to decrypt encrypted messages.

#### func UnmarshalPrivateKey ¶

func UnmarshalPrivateKey(params Params, data []byte) (PrivateKey, error)

UnmarshalPrivateKey parses an encoded PrivateKey object.