Editing Identity-based encryption (section)

== Protocol framework ==
[[Dan Boneh]] and [[Matthew K. Franklin]] defined a set of four algorithms that form a complete IBE system:
* '''Setup''': This algorithm is run by the PKG one time for creating the whole IBE environment. The master key is kept secret and used to derive users' private keys, while the system parameters are made public. It accepts a [[security parameter]] <math>\textstyle k</math> (i.e. binary length of key material) and outputs:
# A set <math>\textstyle \mathcal{P}</math> of system parameters, including the message space and ciphertext space <math>\textstyle \mathcal{M}</math> and <math>\textstyle \mathcal{C}</math>,
# a master key <math>\textstyle K_m</math>.

* '''Extract''': This algorithm is run by the PKG when a user requests his private key. Note that the verification of the [[Authentication|authenticity]] of the requestor and the secure transport of <math>\textstyle d</math> are problems with which IBE protocols do not try to deal. It takes as input <math>\textstyle \mathcal{P}</math>, <math>\textstyle K_m</math> and an identifier <math>\textstyle ID \in \left\{0,1\right\}^*</math> and returns the private key <math>\textstyle d</math> for user <math>\textstyle ID</math>.
* '''Encrypt''': Takes <math>\textstyle \mathcal{P}</math>, a message <math>\textstyle m \in \mathcal{M}</math> and <math>\textstyle ID \in \left\{0,1\right\}^*</math> and outputs the encryption <math>\textstyle c \in \mathcal{C}</math>.
* '''Decrypt''': Accepts <math>\textstyle d</math>, <math>\textstyle \mathcal{P}</math> and <math>\textstyle c \in \mathcal{C}</math> and returns <math>\textstyle m \in \mathcal{M}</math>.

=== Correctness constraint ===
In order for the whole system to work, one has to postulate that:

:<math> \forall m \in \mathcal{M}, ID \in \left\{0,1\right\}^*: \mathrm{Decrypt}\left(\mathrm{Extract}\left(\mathcal{P}, K_m, ID\right), \mathcal{P}, \mathrm{Encrypt}\left(\mathcal{P}, m, ID \right) \right) = m </math>