Certificate-Based Encryption and the Certificate Revocation Problem

We introduce the notion of certificate-based encryption. In this model, a certificate - or, more generally, a signature - acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali's Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.

[1]  Rafail Ostrovsky,et al.  Fast digital identity revocation , 1998 .

[2]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[3]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[4]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[5]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[6]  Peter Gemmell,et al.  Efficient and Fresh Cerification , 2000, Public Key Cryptography.

[7]  Mihir Bellare,et al.  Protecting against key-exposure: strongly key-insulated encryption with optimal threshold , 2005, Applicable Algebra in Engineering, Communication and Computing.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[10]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[11]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[12]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[13]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[14]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[15]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[16]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.