Research On Certificateless Public Key Cryptography Without Bilinear Pairing

In the traditional public key infrastructure(PKI),Certificate are used to provide an assurance of the relationship between public keys and the identities that hold the corresponding private keys. However,a PKI faces many challenges such as the scalability of the infrastructure and costly certificate management (distribution, revocation, storage, and validation costs).In order to simplify certificate management, Shamir proposed the notion of identity-based public key cryptography (ID-PKC) in which the public keys are derived from the users'identities such as a username or an e-mail address. Private keys are generated by a trusted third party called a key generation centre (KGC),and thus ID-PKC eliminates the need for certificates. But ID-PKC brings new problems such as key escrow and trust. For example, the KGC can decrypt any ciphertext from any user to which it has issued a key. Moreover, the KGC can forge any signature. Al-Riyami and Paterson proposed the concept of certificateless public key cryptography (CL-PKC), it eliminates the key escrow problem, meanwhile, overcome the costly certificate management in PKI.We always pay attention to the security and efficiency of the schemes. Designing secure and efficient cerfiticateless signature,signcryption and key agreement schemes are a focus these days. The author always find more better ways to improve the efficiency of schemes. Our schemes achieve efficiency in computational cost when compared with the other homogeneous schemes, It is more suitable for the restricted bandwidth of the communication environment, such as wireless networks, Ad-hoc networks,wireless sensors. At present, all known schemes on the computing needs of bilinear pairing, therefore,this thesis focuses on pairing-free certificateless signature,signcryption and key agreement schemes. Eliminating the bilinear pairing operation is the biggest innovation in this thesis.⑴Only a few secure certificateless signature schemes have been proposed in recent years, all of them need pairing operations. pairing operations are more costly when compared with the exponation operation or multiplus operation in elliptic curve groups. Owing to the above-mentioned situations, a new pairing-free certificateless signature scheme is proposed and its security is proved in the random oracle model (ROM) under the discrete logarithm problem (DLP). The new certificateless signature scheme without bilinear pairing is better than the other schemes in terms of overall performances.⑵Only a few certificateless signcryption schemes have been proposed in recent years, most of them can not provide confidentiality and authentication. Even if some of them are secure, all of them need pairing operations. In order to solve the above-mentioned problems, a new pairing-free certificateless signcryption scheme is proposed and its security is proved in the random oracle model under the computational Diffie-Hellman assumption and the hardness of discrete logarithm problem. The new scheme eliminates pairing operations, it turns out to be the most efficient one of all certificateless signcryption schemes.⑶Designing secure and efficient cerfiticateless key agreement schemes without bilinear pairing is a focus these days. Only a few certificateless key agreement (CL-KA) schemes have been proposed in recent years, however, most of them are vulnerable to the key compromise impersonation attack and resistance to leakage of ephemeral keys in the extended Canetti-Krawczyk (eCK) security model. Our work demonstrates that all existing CL-KA schemes (except for Lippold's scheme) are insecure in the eCK model. A new two party certificateless authenticated key agreement scheme is proposed, the new scheme is secure in the eCK model as long as each party has at least one uncompromised secret. We prove that our scheme is secure in the random oracle model (ROM) assuming that the computational Diffie-Hellman assumption hold even if the key generation centre (KGC) learns the ephemeral secrets of both parties or reveal secret values / replace public keys but not both. The new scheme eliminates pairing computation, it achieves efficiency in computational cost when compared with all the other known certificateless key agreement schemes.