Voltage Identity-Based Encryption

Advantages of Identity-Based Encryption:

The power of IBE is in its simplicity. By using well-known identifiers, such as email addresses, as public keys, IBE enables security policies to be encoded directly into encryption and authentication methods, eliminating the need for cumbersome certificates and Certification Authorities. See the difference yourself:

The following is a RSA public key. A certificate is required to bind this key to an identity (i.e. to state that this key belongs to bob@b.com).

Public exponent:
0x10001

Modulus:
13506641086599522334960321627880596993888147560566702752448514
38515265106048595338339402871505719094417982072821644715513736
80419703964191743046496589274256239341020864383202110372958725
76235850964311056407350150818751067659462920556368552947521350
0852879416377328533906109750544334999811150056977236890927563

In contrast, this is an IBE public key. No certificate is required because the key is the identity.

Name = bob@b.com

By eliminating the need for certificates, IBE removes the hurdles of PKI: certificate lookup, lifecycle management, Certificate Revocation Lists, and cross-certification issues. IBE's simplicity enables it to be used in ways PKI could not; IBE can be used to build security systems that are more dynamic, lightweight and scalable.

How Voltage Security Identity-Based Encryption Works:

Information Encryption for Email, Files, Documents and Databases

Identity-Based Encryption (IBE) dramatically simplifies the process of securing sensitive communications. For example, the following diagram illustrates how Alice would send a secure email to Bob using IBE:

Step 1: Alice encrypts the email using Bob’s e-mail address, "bob@b.com", as the public key.

Step 2: When Bob receives the message, he contacts the key server. The key server contacts a directory or other external authentication source to authenticate Bob’s identity and establish any other policy elements.

Step 3: After authenticating Bob, the key server then returns his private key, with which Bob can decrypt the message. This private key can be used to decrypt all future messages received by Bob.

Note that private keys need to be generated only once, upon initial receipt of an encrypted message. All subsequent communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline. Also, because the public key is generated using only Bob's email address, Bob does not need to have downloaded any software before Alice can send him a secure message.

The Math Behind IBE

The mathematical foundation of IBE is a special type of function called a “bilinear map.” A bilinear map is a pairing that has the property:

Pair( a • X, b • Y ) = Pair( b • X, a • Y )

The operator “•” is multiplication of a point on an elliptic curve by integers. While multiplication itself (e.g., calculating a•X) is easy, the inverse operation (finding a given X and a•X) is practically impossible. Two examples of bilinear maps are the Weil Pairing and the Tate Pairing.

The IBE algorithm consists of four operations:

Setup, which initializes a key server
Encrypt, which encrypts a message for a given user
Key Generation, which generates a private key for a given user
Decrypt, which given a private key, decrypts a message

Building Applications Using Voltage Identity-Based Encryption:

Information Encryption for Email, Files, Documents and Databases

The Voltage IBE Toolkit is a set of tools that enable developers to quickly and easily incorporate Identity-Based Encryption into their applications. Using the Toolkit, you can secure an email, file, or other arbitrary data in less than 15 lines of code, without the need for certificates; all you need to know is an email address. Applications built using the Toolkit seamlessly integrate with the Voltage Enterprise Privacy Management Platform, enabling developers to take advantage of its centralized administration, advanced policy management, and key distribution architecture.

The Toolkit provides high-level interfaces for rapid application development as well as lower-level cryptographic APIs for advanced security operations. The Toolkit is suitable both for ISVs looking to integrate robust security into their products as well as enterprises wanting to secure internal applications.

The Toolkit supports all major cryptographic algorithms and is FIPS 140-2 Level 1 certified. It offers a C interface and is supported on Windows and Linux, with additional platform support planned. The Toolkit is offered at no charge, with source code provided.

Voltage IBE Toolkit Benefits

Identity-Based Encryption
The Voltage IBE Toolkit is the only commercially available SDK that implements IBE. IBE enables data to be secured to any user, machine, or entity without the need for certificates or pre-enrollment, enabling an extremely lightweight encryption system.

Platform Integration
Applications built using the Toolkit can transparently leverage the Voltage Enterprise Privacy Management Platform for key management, authentication, and transport. Existing IBE keys can be used for new applications, and data can be secured in formats compatible with existing Voltage applications.

Rapid Application Development
The Toolkit offers high-level APIs that require no knowledge of cryptography or data security algorithms. An email message or file can be encrypted in just a few function calls.

Source Code Provided
Well-documented source is provided, enabling easy debugging. The source code may be modified or extended to suit the specific needs of an application.

FIPS Certification
The Toolkit's Cryptographic Module has been awarded FIPS 140-2 Level 1 certification by NIST. The certifiation specifically validates the following algorithms: DES, Triple-DES, AES, DSA, SHA-1 and Random Number Generation. Voltage’s FIPS 140-2 certification is available online at: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt522.pdf