NIST Workshop on Identity-Based Encryption
I just wanted to fill everyone in on the “Applications of Pairing Based Cryptography: Identity-Based Encryption and Beyond” that took place last week. As many of you know, NIST is the federal government standards body that defines the all-important FIPS standard that is used not just in the US federal government, but in governments across the globe. (We just got a FIPS inquiry from a customer in Singapore, for example.) We’ve been actively keeping the NIST computer security lab up to date on IBE standardization for the last few years, and they finally decided that IBE was important enough that they wanted to hold a conference to educate themselves about Identity-Based Encryption. The details of the conference are at http://www.nist.gov/ibe. (Slides for all the presentations are there also.)
Overall, the event was extremely successful. More than 80 people showed up to the event, including about five people from the NSA, and representatives from the US Navy, the Social Security Administration, and the US Patent Office. Sathvik gave a great talk (even with a number of storm-induced power outages during the presentation) on the successes of IBE (over 500 Enterprise IBE implementations), including some detailed use cases from Voltage customers. Ingrum detailed how the VSN service works, and the power of IBE on a panel with a research director from Homeland Security, the head of the IETF, and a representative from Trend Micro. Xavier talked about the varieties of IBE, and showed how the BB algorithm is a natural choice for performance and security. Luther detailed the mysteries of curve selection and the computation of the Tate pairing for a big finish to the first day. I gave a talk on policy-driven key management, and participated in a panel on “Is IBE Needed?” (duh!) with Jon Callas, the CTO of PGP, Radia Perlman from Sun, and Brent Waters from SRI. The panel was great, as instead of attacking IBE, most of the panel was spent with all participant criticizing the numerous flaws in traditional PKI. My favorite moment was a quote from one of the panelists: “IBE is an incredibly cool concept.” Almost as good was hearing about how powerful pairing based cryptography is. I could have spent most of the panel just agreeing with all the great stuff supposed opponents were saying.
The last talk of the conference was a wrapup by Bill Burr of NIST. He stated that he thought that there was a need to re-examine their approach for actually getting government data encrypted. In general, I think there’s a fair amount of energy now in the government space around looking at IBE solutions and potential paths to standardization that would allow IBE into new arenas (for example, the US Navy is already working on a trial of IBE for their disaster recovery ship, the USS Comfort.) If this conference is any indication, we should see some movement within the government sector.
Here’s the official workshop summary.