Study On Some Topics Of Certificateless Public-key Cryptography

Public key authentication is a main component of public key cryptography. Themain difficulty today in developing secure systems based on public-key cryptographyis not the problem of choosing appropriately secure algorithms or implementingthose algorithms. Rather, it is the deployment and management of infrastructuresto support the authenticity of cryptographic keys: it is necessary toprovide an assurance to the user about the relationship between a public key andthe identity (or authority) of the holder, together with the corresponding privatekey. In a traditional Public Key Infrastructure (PKI), this assurance is deliveredin the form of certificate, essentially a signature by a Certification Authority(CA) on a public key. PKI is commonly considered to be expensive because ofthe issues associated with certificate management, including revocation,storageand distribution and the computational cost of certificate verification. Identitybasedpublic key cryptography (ID-PKC), first proposed by Shamir, tackles theproblem of authenticity of keys in a different way to traditional PKI. In ID-PKC,an entity's public key is derived directly from certain aspects of its identity. Privatekeys are generated for entities by a trusted third party called a Private KeyGenerator (PKG). The direct derivation of public keys in ID-PKC eliminates theneed for certificates and some of the problems associated with them. However,the dependence on a PKG introduces key escrow to such a cryptosystem. Moreover,ID-PKC requires secure channels between users and PKG to deliver privatekeys. For these reasons, it seems that the use of ID-PKC may be restricted tosmall, closed groups or to applications with limited security and much efficiencyrequirements. Certificateless public-key cryptography (CL-PKC), introduced byAl-Riyami and Paterson in 2003, is intended to solve the key escrow issue whichis inherent in ID-PKC, while at the same time, eliminate the use of certificatesas in the conventional PKI. In CL-PKC, a user's private key is comprised of twoparts: one generated by a Key Generation Center (KGC) and associated withher identity; another generated by the user herself, and unknown to any other parities (include the KGC). Knowing only one of them should not be able to impersonatethe user and carry out any of the cryptographic operations as the user.CL-PKC alleviates the key escrow problem as we have in ID-PKC, at the sametime, reduces the cost and simplifies the use of the technology when comparedwith conventional PKI.Some of the purpose for which public-key cryptography has been appliedare: key establishment, confidential message transmission, identification systems,authentications and non-repudiation. So we study these topics in certificatelesspublic-key cryptography. The main contributions of our paper are:Firstly, key agreement protocols are one of the fundamental primitives ofcryptography. We propose some new certificateless authenticated key agreementprotocols. The first two protocols are non-interactive, which have obvious advantagesin the amount of computation and communication. Another interactivekey agreement protocol with perfect forward secrecy is also proposed. The lasttwo protocols can be used to establish keys between members of distinct domains(with different master keys).Secondly, certificateless key issuing schemes, with multi-key generation centerare proposed, by using secret sharing schemes. Threshold key issuing schemesare very particular. However, in the real life, players (or serves) are usually havedifferent levels of importance: they can have different privileges or computationalre- sources, and enjoy different levels of protection against possible attacks, forexample. For this reason, it is important to design key issuing schemes withmulti-KGC that work properly in the case of general access structures, not onlyin the threshold case. Our schemes effectively solve the problem of single offailure and efficiency bottleneck, enhance the system's robustness and security.Finally, we propose two certificateless distributed ring signature schemes.The first one can be used for general families of possible signing subsets, andthe second one is more efficient for threshold families of subsets. Our schemesretain the desirable properties of identity-based cryptography without key escrow,therefore actually possess the alleged unconditional unforgeability.The security of our schemes above rely on the Diffie-Hellman Problems (the Classic Diffie-Hellman Problems or the Belinear Diffie-Hellman Problems).