Professional Documents
Culture Documents
IBE Sizes
IBE Sizes
Estimating Sizes
12/09/2022
Single Round-Trip: Is it possible?
2/13
Can we avoid certificates?
• SERVER: - We’ll use IBE. Using central authority A’s master public key.
• CLIENT: - How can I trust and authenticate this choice?
3/13
But IBE is useful and has interesting properties
4/13
Classical Algorithms: (IBE, PKI) × (Computation, Communication)
5/13
Post-Quantum Algorithms: (IBE, PKI) × (Computation, Communication)
6/13
Key Exchange: First Message
7/13
Key Exchange: Second Message
And sends ct to the client. It also sends a classical certificate with a classical public
key. The certificate also indicates which KDC we will use for IBE.
If we use Kyber-512, ct has 768 bytes. According with our previous measures, a P256
certificate including PKI components (OCSP, SCT logs) has 1626 bytes.
8/13
Key Exchange: Third Message
Client uses server’s public key pks , its identity and the KDC information to encapsulate
in a hybrid scheme:
9/13
• + Algorithms + Metadata + KDC
• mpk is 2944 bytes but probably will not be included
10/13
Previous Measures
11/13
Previous Measures
12/13
Remarks
13/13