1.
Verifiable Identity Based Encryption
(VIBE)
new-age crypto
for new-age security problems
1

2.
PKI current limitations in IoT
An exponential O(n²) number of transactions are necessary
to share keys among n parties
Complex management of certificates and revocation lists,
is becoming a problem when number of devices is
increasing
Classification : Public 22

3.
VIBE’s key benefits
Simplified Key Management
Authentication at the application layer
3

4.
VERIFIABLE IDENTITY-BASED ENCRYPTION
Identity-Based Encryption (IBE) was proposed in 1984 by
renowned cryptographer, Adi Shamir, and advanced in
the late 1990s as a “breakthrough approach to
encryption key management.”
VIBE dramatically improves on IBE by eliminating the
need to protect the public parameters and adding
authentication at the application layer.
4

5.
The Origin
HP/Voltage IBE patent still in use (HP acquired Voltage Security)
Purpose : asymmetric cryptography using the recipient’s Identity to self-generate
the public key.
Security challenge to distribute the public parameters that are fixed and is a
weakness of the system.
IBE cannot authenticate.
First VIBE patent granted in 2014
The private key of a VIBE system has the capacity of verifying the integrity of the
TC’s public parameters.
VIBE authenticates the sender without any of the TC’s Public parameters.
Man-in-middle attacks are impossible
5

6.
VIBE four algorithms
1. Setup(1λ): Takes as inputs the security parameter (λ)
• Let H : {0,1}* → G be a hash function that maps ID’s to G
• Authority generates secret s where MSK
1
= s and Ppub
2
= gs
2. KeyGen(s,ID): Set gID = H(ID) ϵ G, dID (PrvID)= gID
1/s
3. Verify-Encrypt(PK,ID,m):
• Verify Ppub using PrvID
• Generate random symmetric key σ
• Set V = Ppub
r, where r = H3(σ,M)
• U = σ + H2(e(gID
r, gIdTC
)
• W = εσ (M)
• Y = H2(e(Prvsender, gID) r) ; is a signature with the private key of the data that are encrypted and is
used to authenticate the sender
• Send CT = (U,V,W,Y)
4. Auth-Decrypt(dID, PK, CT): Compute σ = U + H2(e(PrvID, V)); where PrvID= gID
1/s
Y is used to authenticate the sender and validate the integrity of the data
6

7.
Sender
Trusted center
Recipient
CT = (U,V,W,Y)
M = Dσ (W)
Setup:
Output MSK = s, and
Ppub = ga
KeyGen(s,ID):
Set gID = H(ID) ϵ G
dID = gID
1/s
Step 2
Verify-Encrypt(PK,ID,m):
Generate random symmetric key σ
Set V = Ppub
r, where r = H3(σ,M)
U = σ + H2(e(gID
r, gIdTC
)
W = εσ (M)
Y = H2(e(Prvsender, gID) r)
Send CT = (U,V,W,Y)
Step 3
Compute
σ = U + H2(e(PrvID, V)); where
PrvID= gID
1/s
Output: M = Dσ (W)
The recipient verifies the
signature Y using its PrvID and the
sender’s ID
Step 4
In Step 1, TC generates the bilinear group
(G, GT, g, p), Hash functions (H1, H2, H3), a
master secret key (s);
where G and GT are groups of order p and
e satisfies e: GxG ---> GT
Step 1
7

8.
Simplified Key Management
The private key is a fingerprint of the identity, which means that there is
no association between key pairs and objects to maintain
No public key certificates to manage and distribute
The back-end system only needs to keep the identities
The Trusted Centre only needs to protect its master key
Every new object registered to the Trusted Centre can be integrated within
the system
Only the Identity is required to create a secure exchange, the complexity
of the system is proportional to the number of objects 8

9.
VIBE’s easy implementation : smart building
No need for
a trusted and secure central
server to manage
public key/certificates
Secure
Element
Licensed Solution Integrator Operator
Trusted Program House
Control system just
stores registered ID
{1,2,3,4}
VIBE Step 2
Generates ID, private
keys and send them to
Trusted Program House
VIBE Step 1
Generates Secret
Master Key, Public
Parameters.
Private
Key N
9
Private
Key 1
Authentication &
Secure Communication
established from ID
Private
Key 4
Private
Key 3
Private
Key 2
9

10.
Asymmetric encryption
with greatly simplified, certificate-less
Key Management
Authentication at the application layer.
https://VIBEcyber.com 10