Identity-based cryptography

Last updated

Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address.

Contents

The first implementation of identity-based signatures and an email-address based public-key infrastructure (PKI) was developed by Adi Shamir in 1984, [1] which allowed users to verify digital signatures using only public information such as the user's identifier. Under Shamir's scheme, a trusted third party would deliver the private key to the user after verification of the user's identity, with verification essentially the same as that required for issuing a certificate in a typical PKI.

Shamir similarly proposed identity-based encryption, which appeared particularly attractive since there was no need to acquire an identity's public key prior to encryption. However, he was unable to come up with a concrete solution, and identity-based encryption remained an open problem for many years. The first practical implementations were finally devised by Sakai in 2000, [2] and Boneh and Franklin in 2001. [3] These solutions were based on bilinear pairings. Also in 2001, a solution was developed independently by Clifford Cocks. [4] [5]

Closely related to various identity-based encryption schemes are identity based key agreement schemes. One of the first identity based key agreement algorithms was published in 1986, just two years after Shamir's identity based signature. The author was E. Okamoto. [6] Identity based key agreement schemes also allow for "escrow free" identity based cryptography. A notable example of such an escrow free identity based key agreement is the McCullagh-Barreto's "Authenticated Key Agreement without Escrow" found in section 4 of their 2004 paper, "A New Two-Party Identity-Based Authenticated Key Agreement". [7] A variant of this escrow free key exchange is standardized as the identity based key agreement in the Chinese identity based standard SM9.

Usage

Identity-based systems allow any party to generate a public key from a known identity value, such as an ASCII string. A trusted third party, called the private key generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use the identity ID contacts the PKG, which uses the master private key to generate the private key for the identity ID.

Limitation

Identity-based systems have a characteristic problem in operation. Suppose Alice and Bob are users of such a system. Since the information needed to find Alice's public key is completely determined by Alice's ID and the master public key, it is not possible to revoke Alice's credentials and issue new credentials without either (a) changing Alice's ID (usually a phone number or an email address which will appear in a corporate directory); or (b) changing the master public key and re-issuing private keys to all users, including Bob. [8]

This limitation may be overcome by including a time component (e.g. the current month) in the identity. [8]

See also

Related Research Articles

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem, one of the oldest, that is widely used for secure data transmission. The acronym "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ) by the English mathematician Clifford Cocks. That system was declassified in 1997.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange. It was described by Taher Elgamal in 1985. ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm (DSA) is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption.

<span class="mw-page-title-main">Digital signature</span> Mathematical scheme for verifying the authenticity of digital documents

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.

Articles related to cryptography include:

ID-based encryption, or identity-based encryption (IBE), is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user. This means that a sender who has access to the public parameters of the system can encrypt a message using e.g. the text-value of the receiver's name or email address as a key. The receiver obtains its decryption key from a central authority, which needs to be trusted as it generates secret keys for every user.

Key/Config-authentication is used to solve the problem of authenticating the keys of the person to some other person is talking to or trying to talk to. In other words, it is the process of assuring that the key of "person A" held by "person B" does in fact belong to "person A" and vice versa.

IEEE P1363 is an Institute of Electrical and Electronics Engineers (IEEE) standardization project for public-key cryptography. It includes specifications for:

The external Diffie–Hellman (XDH) assumption is a computational hardness assumption used in elliptic curve cryptography. The XDH assumption holds that there exist certain subgroups of elliptic curves which have useful properties for cryptography. Specifically, XDH implies the existence of two distinct groups with the following properties:

  1. The discrete logarithm problem (DLP), the computational Diffie–Hellman problem (CDH), and the computational co-Diffie–Hellman problem are all intractable in and .
  2. There exists an efficiently computable bilinear map (pairing) .
  3. The decisional Diffie–Hellman problem (DDH) is intractable in .

CertCo, Inc., was a financial cryptography startup spun out of Bankers Trust in the 1990s. The company pioneered a risk management approach to cryptographic services. It had offices in New York City and Cambridge, Massachusetts. It offered three main public key infrastructure (PKI) based products: an Identity Warranty system ; an electronic payment system ; and an Online Certificate Status Protocol (OCSP) responder for validating X.509 public key certificates. It went out of business in Spring 2002 never having found a wide market for its products despite filing a number of patents and developing new technology.

A threshold cryptosystem, the basis for the field of threshold cryptography, is a cryptosystem that protects information by encrypting it and distributing it among a cluster of fault-tolerant computers. The message is encrypted using a public key, and the corresponding private key is shared among the participating parties. With a threshold cryptosystem, in order to decrypt an encrypted message or to sign a message, several parties must cooperate in the decryption or signature protocol.

Distributed key generation (DKG) is a cryptographic process in which multiple parties contribute to the calculation of a shared public and private key set. Unlike most public key encryption models, distributed key generation does not rely on Trusted Third Parties. Instead, the participation of a threshold of honest parties determines whether a key pair can be computed successfully. Distributed key generation prevents single parties from having access to a private key. The involvement of many parties requires Distributed key generation to ensure secrecy in the presence of malicious contributions to the key calculation.

In cryptography, implicit certificates are a variant of public key certificate. A subject's public key is reconstructed from the data in an implicit certificate, and is then said to be "implicitly" verified. Tampering with the certificate will result in the reconstructed public key being invalid, in the sense that it is infeasible to find the matching private key value, as would be required to make use of the tampered certificate.

In cryptography, a three-pass protocol for sending messages is a framework which allows one party to securely send a message to a second party without the need to exchange or distribute encryption keys. Such message protocols should not be confused with various other algorithms which use 3 passes for authentication.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The following outline is provided as an overview of and topical guide to cryptography:

Attribute-based encryption is a generalisation of public-key encryption which enables fine grained access control of encrypted data using authorisation policies. The secret key of a user and the ciphertext are dependent upon attributes. In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.

The Sakai–Kasahara scheme, also known as the Sakai–Kasahara key encryption algorithm (SAKKE), is an identity-based encryption (IBE) system proposed by Ryuichi Sakai and Masao Kasahara in 2003. Alongside the Boneh–Franklin scheme, this is one of a small number of commercially implemented identity-based encryption schemes. It is an application of pairings over elliptic curves and finite fields. A security proof for the algorithm was produced in 2005 by Chen and Cheng. SAKKE is described in Internet Engineering Task Force (IETF) RFC 6508.

SM9 is a Chinese national cryptography standard for Identity Based Cryptography issued by the Chinese State Cryptographic Authority in March 2016. It is represented by the Chinese National Cryptography Standard (Guomi), GM/T 0044-2016 SM9. The standard contains the following components:

References

  1. Adi Shamir, Identity-Based Cryptosystems and Signature Schemes Archived 2020-08-12 at the Wayback Machine . Advances in Cryptology – Proceedings of CRYPTO 84, Lecture Notes in Computer Science, 7:47--53, 1984
  2. Sakai, R; Ohgishi, K; Kasahara, M (2000). "Cryptosystems based on pairings". SICS. Symposium on cryptography and information security.
  3. Dan, Boneh; Matt, Franklin (2001). "Identity-based encryption from the Weil pairing". Advances in Cryptology – CRYPTO 2001. Lecture Notes in Computer Science. Vol. 2139/2001. Springer. pp. 213–229. CiteSeerX   10.1.1.66.1131 .
  4. Cocks, Cliff (2001). "An Identity Based Encryption Scheme Based on Quadratic Residues". Cryptography and Coding (PDF). Lecture Notes in Computer Science. Vol. 2260/2001. Springer. pp. 360–363. CiteSeerX   10.1.1.116.5477 . doi:10.1007/3-540-45325-3_32. ISBN   978-3-540-43026-1. Archived from the original (PDF) on 2007-02-06.
  5. "Dr Clifford Cocks CB, Honorary Doctor of Science". University of Bristol. Archived from the original on 2015-06-27.
  6. Okamoto, E. (1986). "Proposal for identity-based key distribution systems". Electronics Letters. 22 (24): 1283–1284. Bibcode:1986ElL....22.1283O. doi:10.1049/el:19860880. ISSN   0013-5194.
  7. McCullagh, Noel; Barreto, Paulo S. L. M. (2004). "A New Two-Party Identity-Based Authenticated Key Agreement".{{cite journal}}: Cite journal requires |journal= (help)
  8. 1 2 Green, Matthew; Miers, Ian (17 May 2015). "Forward Secure Asynchronous Messaging from Puncturable Encryption". 2015 IEEE Symposium on Security and Privacy. ACM (published 20 July 2015). pp. 305–320. doi:10.1109/SP.2015.26. ISBN   978-1-4673-6949-7. S2CID   9171925. Archived from the original on 8 June 2021. Retrieved 8 June 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.