(2026-04) From Blind to Oblivious Identity-Based Encryption; A Generic Compiler and Instantiations
2026-04-30
Identity-Based Encryption (IBE) schemes were introduced to simplify public-key infrastructure by using any arbitrary strings as public keys. However, a longstanding criticism of IBE is the trade-off inherent in the ``key escrow'' problem: the design of IBE ensures that the authority possesses a master secret key that allows it to generate secret keys for any identity and, consequently, decrypt any ciphertext. While concepts such as Blind IBE and Accountable Authority IBE attempt to mitigate this trust assumption, they fall short of fully preventing a malicious authority from passively decrypting user traffic. A major improvement was proposed by Mitrokotsa \etal where they formalized a stronger notion called Oblivious IBE, where the authority cannot decrypt a ciphertext without brute-forcing the identity space. However, their construction inherently needs a composite group approach and offers no generic methodology. In this work, we present the first generic compiler that transforms any blind IBE into an oblivious IBE. Our transformation establishes a fundamental connection between blindness during key extraction and obliviousness during encryption. We prove that by combining a blind IBE with a hash function which takes input over the identity space, we can force the authority to search exhaustively for the recipient's identity to decrypt. To demonstrate the versatility and practical impact of our compiler, we propose two primary instantiations in the random oracle model: the first oblivious IBE in a prime order group and a post-quantum Oblivious IBE based on lattice assumptions (inspired by a variant of GPV). In addition, we make slight modifications to get our initial instantiation to function in the standard model.