Malicious KGC Attack in Certificateless Cryptography

Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. Thus, if the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that some previously proposed certificateless encryption/signature schemes still have the key escrow problem, while some other schemes do not. We also give new proofs for the schemes in the latter case.

[1]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[2]  Duncan S. Wong,et al.  Certificateless Public-Key Signature: Security Model and Efficient Construction , 2006, ACNS.

[3]  Xiangxue Li,et al.  Certificateless signature and proxy signature schemes from bilinear pairings , 2005 .

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Joonsang Baek,et al.  Certificateless Public Key Encryption Without Pairing , 2005, ISC.

[6]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[7]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[8]  이필중 Identity-based Cryptography in Public Key Management , 2004 .

[9]  Pil Joong Lee,et al.  Generic Construction of Certificateless Encryption , 2004, ICCSA.

[10]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[11]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[12]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[13]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[14]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[15]  Richard Comley,et al.  Efficient Certificateless Public Key Encryption , 2005, IACR Cryptol. ePrint Arch..

[16]  Pooya Farshim,et al.  Generic Constructions of Identity-Based and Certificateless KEMs , 2008, Journal of Cryptology.

[17]  Jean-Jacques Quisquater,et al.  On Constructing Certificateless Cryptosystems from Identity Based Encryption , 2006, Public Key Cryptography.

[18]  Paz Morillo,et al.  Breaking Yum and Lee Generic Constructions of Certificate-Less and Certificate-Based Encryption Schemes , 2006, EuroPKI.

[19]  Kenneth G. Paterson,et al.  CBE from CL-PKE: A Generic Construction and Efficient Schemes , 2005, Public Key Cryptography.

[20]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.