Secure Email

securemail in practice what is IBE? how IBE works evolution of cryptography alternatives to IBE

evolution of cryptography

Many attempts have been made to solve the problem of establishing secure communications, from symmetric and traditional public-key cryptography through today’s breakthrough technology, Identity-Based Encryption (IBE).

1960s – 1970s

In the 1970’s, military networks, academic systems, interbank protocols and ATMs were the early adopters of modern cryptography, using systems based on symmetric cryptography. These symmetric cryptosystems, the best known of which is the Data Encryption Standard, or DES, were widely used throughout the 1980’s.

Properties of symmetric cryptographic systems:

• Sender and recipient both use the same key for encryption and decryption
•  Authentication performed via centralized server
• Shortcomings: not scalable; no offline encryption; no interconnection between systems

However, it became clear that while symmetric cryptography was adequate for small contained networks with a limited number of users, it could not handle the volume of traffic brought on by the Internet boom of the 1990’s.

1980s – 1990s

To address these problems, a new class of algorithms (called asymmetric or public-key) were developed; the most well-known of these algorithms is RSA. Systems based on these algorithms, commonly called PKI, were introduced to the market in the late 1980’s. In the PKI model, different keys—a public key and a private key—are used to encrypt and decrypt messages. These public keys are often distributed using certificates, which are issued by a third-party certificate server, to which users must “pre-enroll”.

Properties of PKI systems:

• Sender and recipient use different public keys
• Authentication via Certificates and Certificate Authorities (CAs)
• Shortcomings: not scalable; no offline encryption; skyrocketing administration costs; end users do not like to use.

While PKI has succeeded in certain server-side systems, such as SSL, it has proven to be ill-suited to cross-enterprise usage due to the administrative burden of certificates, revocation lists, and cross-certification problems. PKI's requirement for pre-enrollment of all recipients has prevented its use in many business scenarios and has limited its widespread adoption.

2001– Present

By using identity as the public key, Identity-Based Encryption (IBE) eliminates the need for certificates and overcomes the hurdles of public key infrastructure.

Properties of IBE systems:

• Public key based on commonly known identifiers, such as email addresses
• Authentication and policy enforcement via centrally-administered server
• Benefits: scalable; anytime, anywhere encryption, even offline; simple to administer; simple to use

First published in 2001, the Boneh-Franklin IBE algorithm has received widespread interest from the academic community; over 200 follow-on papers have been published by cryptographers across the world. Voltage Security was founded in 2002 to deliver the first practical solutions built on IBE and continues to be a leader in the IBE community.