Building Key-Private Public-Key Encryption Schemes
Source: University of London
In the setting of identity-based encryption with multiple trusted authorities, TA anonymity formally models the inability of an adversary to distinguish two ciphertexts corresponding to the same message and identity, but generated using different TA master public-keys. This security property has applications in the prevention of traffic analysis in coalition networking environments. In this paper, the authors examine the implications of TA anonymity for key-privacy for normal Public-Key Encryption (PKE) schemes. Key-privacy for PKE captures the requirement that ciphertexts should not leak any information about the public keys used to perform encryption. Thus key-privacy guarantees recipient anonymity for a PKE scheme.