论文信息 - Pairing-free identity-based cryptography

Pairing-free identity-based cryptography

Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing the public key of a user as his identity. Although the first IBC proposed by Adi Shamir [Sha84] was based on RSA, most of the proposed IBC systems are based on bilinear pairings. This limits the use of IBC in the real world because of several reasons. First, a bilinear pairing is timeand power-inefficient and it takes around 2.5 times an RSA modular exponentiation based on MIRACL benchmarks. Second, these systems are incompatible with the most widely used public key cryptosystem (RSA) which makes them non-commercially appealing. Thus, it is useful to think outside the box and try to use different tools to construct IBC systems. These constructions may have unique security properties that do not exist in current IBC systems. We worked on constructing IBC systems based on RSA settings. We have improved the performance of identity-based encryption (IBE) systems, cryptanalysed IBE systems, implemented variants of IBE systems such as mediated encryption and attribute-based signcryption, and presented an identitybased authenticated key exchange (IBAKE) with some novel security features. In this thesis, we first present some background about IBC and the motivation for solving the problems associated with pairing-based IBC. Then we give solutions to these problems along with the thesis structure. Then, we give a literature review about IBC, including identity-based encryption (IBE) and key exchange (KE) with focusing on pairing-free constructions. We also review some applications of IBC such as mediated cryptography and attribute-based cryptography. In addition, we review the definitions and preliminaries related to the contents of the thesis, including definitions of security models, hard problems, and some mathematical tools. Then, we review identity-based mediated RSA encryption and signature systems (IB-mRSA) presented by Boneh, Ding and Tsudik [BDT02]. We show that IB-mRSA is not secure and we present a secure modified version of it which is as efficient as the original system. We also propose a generic mediated encryption (GME) that transforms any IBE to a mediated version of this IBE. We also present two implementations of GME based on Boneh-Franklin FullIdent [BF01] which is a pairing-based IBE and Boneh, Gentry and Hamburg (BGH) AnonIBE [BGH07] which is a pairing-free IBE. After that, we present two efficient variants of (BGH) systems (BasicIBE, AnonIBE) [BGH07] in terms of ciphertext length and encryption/decryption speed. The ciphertext is as short as the BGH systems, but with more time-efficient algorithms.

Ibrahim F. Elashry

[1] Yi Mu,et al. Leakage Resilient Authenticated Key Exchange Secure in the Auxiliary Input Model , 2013, ISPEC.

[2] Tatsuaki Okamoto,et al. Fully Secure Unbounded Inner-Product and Attribute-Based Encryption , 2012, ASIACRYPT.

[3] Jean-Jacques Quisquater,et al. Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups , 2004, Public Key Cryptography.

[4] Mahabir Prasad Jhanwar,et al. A Variant of Boneh-Gentry-Hamburg's Pairing-Free Identity Based Encryption Scheme , 2009, Inscrypt.

[5] Giuseppe Ateniese,et al. Universally Anonymous IBE Based on the Quadratic Residuosity Assumption , 2009, CT-RSA.

[6] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[7] Kenneth G. Paterson,et al. Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[8] Keisuke Tanaka,et al. Universally Anonymizable Public-Key Encryption , 2005, ASIACRYPT.

[9] Craig Gentry,et al. Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[10] David Galindo,et al. Boneh-Franklin Identity Based Encryption Revisited , 2005, IACR Cryptol. ePrint Arch..

[11] Atsuko Miyaji,et al. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2009, Int. J. Appl. Cryptogr..

[12] Ling Cheung,et al. Provably secure ciphertext policy ABE , 2007, CCS '07.

[13] Reihaneh Safavi-Naini,et al. Threshold Attribute-Based Signcryption , 2010, SCN.

[14] Dan Boneh,et al. Fine-grained control of security capabilities , 2004, TOIT.

[15] Silvio Micali,et al. Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[16] Paul C. Kocher. On Certificate Revocation and Validation , 1998, Financial Cryptography.

[17] Timothy Kelley. Review of "A Course in Computational Algebraic Number Theory by Henri Cohen," Springer, 2000 , 2008, SIGA.

[18] Jin Li,et al. Hidden attribute-based signatures without anonymity revocation , 2010, Inf. Sci..

[19] Kenneth G. Paterson,et al. On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups , 2009, Des. Codes Cryptogr..

[20] Mingchu Li,et al. Attribute-based ring signcryption scheme , 2013, Secur. Commun. Networks.

[21] Hugo Krawczyk,et al. SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[22] Allison Bishop,et al. Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[23] Mihir Bellare,et al. Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[24] Brent Waters,et al. Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[25] Ronald Cramer,et al. A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[26] Vincent Rijmen,et al. Rijndael/AES , 2005, Encyclopedia of Cryptography and Security.

[27] Craig Gentry,et al. Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[28] S. Micali,et al. NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[29] Xiaoyuan Yang,et al. Attribute-Based Signcryption Scheme with Non-monotonic Access Structure , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[30] Rafail Ostrovsky,et al. Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[31] Dan Boneh,et al. A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[32] Cheng Chen,et al. Fully Secure Attribute-Based Systems with Short Ciphertexts/Signatures and Threshold Access Structures , 2013, CT-RSA.

[33] Brent Waters,et al. Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[34] Clifford C. Cocks. An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[35] Jonathan Katz. Review of identity-based encryption by Sanjit Chattarjee and Palash Sarkar , 2013, SIGA.

[36] Hugo Krawczyk,et al. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[37] Dan Boneh,et al. Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[38] Michael T. Goodrich,et al. Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[39] Brent Waters,et al. Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[40] Angelos D. Keromytis,et al. Just fast keying: Key agreement in a hostile internet , 2004, TSEC.

[41] Dan Boneh,et al. Identity-Based Mediated RSA ? , 2002 .

[42] Xavier Boyen,et al. Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[43] Antoine Joux,et al. A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[44] Chien-Chih Wang,et al. Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings , 2008, Comput. Electr. Eng..

[45] Gene Tsudik,et al. Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[46] Mahabir Prasad Jhanwar,et al. On the number of solutions of the equation Rx2 + Sy2 = 1 (mod N) , 2010 .

[47] Yang Cui,et al. Relations Among Notions of Security for Identity Based Encryption Schemes , 2005, LATIN.

[48] Ratna Dutta,et al. Overview of Key Agreement Protocols , 2005, IACR Cryptol. ePrint Arch..

[49] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[50] Tatsuaki Okamoto,et al. Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[51] Nuttapong Attrapadung,et al. Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[52] T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[53] Mihir Bellare,et al. Entity Authentication and Key Distribution , 1993, CRYPTO.

[54] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[55] Yvo Desmedt,et al. A New and Improved Paradigm for Hybrid Encryption Secure Against Chosen-Ciphertext Attack , 2009, Journal of Cryptology.

[56] Ren-Junn Hwang,et al. An enhanced authentication key exchange protocol , 2003, 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003..

[57] Guomin Yang,et al. Authenticated Key Exchange under Bad Randomness , 2011, IACR Cryptol. ePrint Arch..

[58] David Cooper,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[59] Moni Naor,et al. Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[60] Narn-Yih Lee,et al. Improved authentication key exchange protocol without using one-way hash function , 2004, OPSR.

[61] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[62] Brent Waters,et al. Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[63] Ivan Damgård,et al. On the Randomness of Legendre and Jacobi Sequences , 1990, CRYPTO.

[64] Dan Boneh,et al. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[65] Moni Naor,et al. Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[66] Masao Kasahara,et al. ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[67] Hai-Tao Lin,et al. Security Analysis of Gagne et al.'s Threshold Attribute-Based Signcryption Scheme , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[68] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[69] Brent Waters,et al. Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[70] Kwangjo Kim,et al. Enhancements of authenticated multiple key exchange protocol based on bilinear pairings , 2010, Comput. Electr. Eng..

[71] Mike Scott,et al. Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[72] Brent Waters,et al. Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[73] Nigel P. Smart,et al. AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[74] Victor Shoup,et al. A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[75] Jean-Sébastien Coron,et al. A variant of Boneh-Franklin IBE with a tight reduction in the random oracle model , 2009, Des. Codes Cryptogr..

[76] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[77] Mihir Bellare,et al. Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[78] Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[79] Dongqing Xie,et al. Attribute-based signature and its applications , 2010, ASIACCS '10.

[80] Ronald Cramer,et al. Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[81] Xiaotie Deng,et al. Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[82] Dan Boneh,et al. Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption , 2013, CRYPTO.

[83] Dongdong Sun,et al. Fully Private Revocable Predicate Encryption , 2012, ACISP.

[84] Yuliang Zheng,et al. Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[85] Hugo Krawczyk,et al. A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[86] Shai Halevi,et al. Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[87] Tatsuaki Okamoto,et al. Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[88] Javier Herranz. Attribute-based signatures from RSA , 2014, Theor. Comput. Sci..

[89] Liqun Chen,et al. Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[90] Rafail Ostrovsky,et al. Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[91] Brent Waters,et al. Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[92] John Cremona,et al. Efficient solution of rational conics , 2003, Math. Comput..

[93] Craig Gentry,et al. Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[94] Manoj Prabhakaran,et al. Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance , 2008, IACR Cryptol. ePrint Arch..

[95] Mihir Bellare,et al. Provably secure session key distribution: the three party case , 1995, STOC '95.

[96] Lein Harn,et al. Authenticated key agreement without using one-way hash functions , 2001 .