The Sakai–Kasahara scheme, also known as the Sakai–Kasahara key encryption algorithm (SAKKE), is an identity-based encryption (IBE) system proposed by Ryuichi Sakai and Masao Kasahara in 2003.
[1] Alongside the Boneh–Franklin scheme, this is one of a small number of commercially implemented identity-based encryption schemes.
It is an application of pairings over elliptic curves and finite fields.
A security proof for the algorithm was produced in 2005 by Chen and Cheng.
[2] SAKKE is described in Internet Engineering Task Force (IETF) RFC 6508.
[3] As a specific method for identity-based encryption, the primary use case is to allow anyone to encrypt a message to a user when the sender only knows the public identity (e.g. email address) of the user.
In this way, this scheme removes the requirement for users to share public certificates for the purpose of encryption.
The Sakai–Kasahara scheme allows the encryption of a message
As part of the scheme, both the sender and receiver must trust a Private Key Generator (PKG), also known as a Key Management Server (KMS).
The purpose of the PKG is to create the receiver's private key,
The PKG must securely deliver the identity-specific private key to the receiver, and PKG-specific public parameter,
These distribution processes are not considered as part of the definition of this cryptographic scheme.
(over a finite field of prime order
is the image due to the pairing of the group generated by
The PKG generates the private key,
as follows: To encrypt a non-repeating message
, the sender requires receiver's identity,
There is an extension to the protocol should messages potentially repeat.
To decrypt a message encrypted to
, the receiver requires the private key,
The decryption procedure is as follows: The following equations demonstrate the correctness of the algorithm: By the bilinear property of the map: As a result: There are four standards relating to this protocol: In common with other identity-based encryption schemes, Sakai-Kasahara requires that the Key Management Server (KMS) stores a master secret from which all users' private keys can be generated.
Steven Murdoch has criticised MIKEY-SAKKE for creating a security vulnerability through allowing the KMS to decrypt every users' communication.
[6][7][8] Murdoch also noted that the lack of forward secrecy in MIKEY-SAKKE increases the harm that could result from the master secret being compromised.
GCHQ, the creator of MIKEY-SAKKE, disputed this analysis, pointing out that the some organisations may consider such monitoring capabilities to be desirable for investigative or regulatory reasons,[9] and that the KMS should be protected by an air-gap.
[10] The scheme is part of the MIRACL cryptographic library.