Font Size: a A A

Researches On Key Technologies In Identity-Based Cryptography And Its Applications

Posted on:2009-01-26Degree:DoctorType:Dissertation
Country:ChinaCandidate:H M YangFull Text:PDF
GTID:1118360245961942Subject:Computer applications
Abstract/Summary:PDF Full Text Request
Traditional public key infrastructures (PKI) involve complex construction of certification authorities, consequently requiring expensive communication and computation costs for certificate verification. In 1984, Shamir introduced an innovative concept - identity-based cryptography (IBC), where public keys are straightly derived from users' identities. Identity-based cryptosystem can simplify certificate management in PKI. However, IBC still has some challenging open problems. One is to design an identity-based cryptosystem which features non-interactive key revocation. Another problem is to design a practical identity-based verifiably encrypted signature scheme without random oracles. It is important to research and solve these problems not only on theory but also on practice. This paper focuses on these problems, proposes some effective schemes, and gets some research results. The main researches in the paper are as follows:The key revocation problem is simply and effectively solved by using the forward-security key-evolving paradigm. Effective forward-secure identity-based signature (FS-IBS) scheme and forward-secure identity-based encryption (FS-IBE) scheme are constructed respectively, and these schemes are provably secure in the random oracle model or in the standard model. FS-IBS and FS-IBE may share the same procedures of system parameters setup, key generation, and key update, since they both use the same key-evolving mechanism. By combining FS-IBS and FS-IBE, A practical complete solution of an identity-based cryptosystem with non-interactive key update property is given. Based on the cryptosystem, the identity-based PKI may be built, which may be considered as an alternative for certificate-based PKI. It offers advantages such as simple key management and key distribution. Applications may include secure email systems, ad-hoc network systems, and so on.This previous work is generalized and a generic construction of verifiably encrypted signatures from short signatures is proposed. Then an efficient verifiably encrypted signature scheme without random oracles is proposed. The scheme is constructed from the recent Gentry signature and can be rigorously proven to be secure in the standard model. The proposed scheme has several advantages over previous such systems - namely, shorter public keys, lower computation overhead, and tighter security reduction, therefore, it is a truly practical verifiably encrypted signature without random oracles, which can be used in online contract signing protocols. Finally, based on the Paterson et al.'s identity-based signature scheme, the identity-based verifiably encrypted signature scheme without random oracles is first constructed by using the ElGamal encryption algorithm.The partial and gradual leakage process of key information is first studied, and is modeled as a compound Poisson process. According to the model, an effective algorithm to estimate key life is proposed. So, the proper key renewal period can be set, which might control trade-off between security and renewal cost in key management. The method of modeling key exposure and estimating key life may be applied to secret keys of any cryptosystem.Two of suitable applications of identity-based cryptosystem with non-interactive key revocation are given. One is a signature scheme for user proxy towards manufacturing grid, and the other is an encryption system for short message service of mobile phones. The former improves the efficiency and scalability of manufacturing grid, and the latter integrates embedded computers, mobile e-commerce, and recent cryptography technologies. Both applications show the excellent performance and practical importance, which give a good demonstration of moving IBC into practice.
Keywords/Search Tags:identity-based cryptography, non-interactive key revocation, verifiably encrypted signature, bilinear map, random oracle model
PDF Full Text Request
Related items