I’ve mentioned before that one of the biggest barriers to widespread adoption of public key encryption is that it’s just too damn hard. Even smart, tech-savvy people take a while to wrap their brains around it, and that’s only if they think it’s worth their time. If people don’t already think that crypto is important (i.e. “I have nothing to hide”), why invest the time and energy in trying to understand it, much less learning to use the software?

Identity-based encryption may help.

IBE greatly simplifies the key management process. When Alice sends a message to Bob, she encrypts the message using Bob’s public key. What’s Bob’s public key? His email address. Note that Bob never had to set up a public key and Alice never needed to look it up. When Bob receives the encrypted message, he contacts a key server to get his private key so he can decrypt the message. He can store this key locally so he can reuse it.

Very cool.

A new company, Voltage Security, is having a go at selling software that uses IBE. See that site for a better write-up of the idea. It looks like they’re still filling out the product line, so it’s a bit early to comment. But how can I not?

  • I’m not clear how those outside a corporate/university environment will get their keys, unless someone sets up fee-based or free key servers. Which is likely.
  • I hope to see software for non-Windows platforms.
  • It would be grand to see open IBE implementations. Hey look: Stanford distributes code!
  • I’m not sure whether this can be used for digital signatures.