Identity-Based Cryptography in Public Key Management

To guarantee the authenticity of public keys, traditional PKC (Public Key Cryptography) requires certificates signed by a CA (Certification Authority). However, the management of infrastructure supporting certificates is the main complaint against traditional PKC. While identity-based PKC can eliminate this cumbersome infrastructure, the key escrow of a user’s private key is inherent in identity-based PKC. Recently, new PKC paradigms were introduced: certificate-less PKC and certificate-based PKC. They retain the desirable properties of identity-based PKC without the inherent key escrow problem. A certificate-less cryptosystem eliminates the need for unwieldy certificates and a certificate-based cryptosystem simplifies the public key revocation problem. In this paper, we present an equivalence theorem among identity-based encryption, certificate-less encryption, and certificate-based encryption. We demonstrate that the three paradigms are essentially equivalent.

[1]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[2]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[3]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[4]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[5]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[6]  Mihir Bellare,et al.  Protecting against key-exposure: strongly key-insulated encryption with optimal threshold , 2005, Applicable Algebra in Engineering, Communication and Computing.

[7]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[8]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.