Study On Theory And Application Of Certificateless Public Key Cryptosystem

The public key cryptography, which was originally invented by Diffie and Hellman in 1978, can not only provide the solution to deal with the key management and distribution in the symmetric cryptography elegantly, but also achieve non-repudiation,which cannot offered by the symmetric cryptography. Thus,public key cryptography has attracted plenty of concern and been applied in the fields including politics, military and economy. In traditional public key cryptography, one public key certificate is needed to ensure the relationship between the user and his/her public key. Usually, this public key certificate is issued by a third party, named as certificate authority. Taking the costly overhead incurred by the issuing, transmission, verification, storage and revocation of public key certification into consideration, identity-based public key cryptography has been initiated such that the readable identity of the user can be utilized as the public key of this user. In this way, the public key certificate has been cancelled in identity-based public key cryptography. Different from traditional public key cryptography, the private key of the user is calculated by a fully trusted authority, and thus this authority can impersonate any user and bring about the key escrow problem.As a combination of traditional public key cryptography and identity-based public key cryptography,certificateless public key cryptography can solve the public key certificate and key escrow problems wisely. That's to say, certificateless public key cryptography can own the merits of traditional public key cryptography and identity-based public key cryptography. In this thesis, we concentrate on the certificateless public key cryptography, including the efficient construction, formal definition and security proof Concretely, we design a seris of certificateless encryption with special function and apply certificateless cryptographic primitive to secure the smart grid.1. In view of the destructive damage resulted by the leakage of private key, we proposed two provably-secure certificateless key-insulated encryption schemes based on the key splitting technique. More specifically, one is constructed based on the bilinear pairing and another is built upon the elliptic curve crypptography (ECC). By combining the certificateless encryption scheme and identity-based key-insulated encryption scheme,we first give the formal definition and security model of certificateless key-insulated encryption scheme. After giving two independent pairing-based and ECC-based constructions, we prove the security of both schemes in the random oracle model formally. Specifically, the security of the formal scheme rests on the bilinear decisional Diffie-Hellman problem, whereas the security of the latter one is reduced to the computational Diffie-Hellman problem. The simulation results show that our schemes are efficient and practical.2. By considering that the security of certificateless key-insulated encryption scheme is still able to be broken in case the helper is lost, we proposed a certificateless parallel key-insulated encryption scheme by interchangeable updating the short-term private key of user with two independent helpers. In this scheme, the system remains secure even if the short-term private key of the user and any one of the helper is lost.That is to say, the certificateless parallel key-insulated encryption scheme can achieve stronger security than the standard certificateless key-insulated encryption scheme. The security of this scheme has been proved formally with the support of random oracle model and attached to the bilinear decisional Diffie-Hellman problem.3. On the other hand, we propose a certificateless key-insulated proxy re-encryption scheme to deal with the frequent updating of access privi ledge. In this scheme, a semi-trusted proxy is able to convert a ciphertext under the public key of Alice into another encryption under the public key of another user Bob. The conversion can only be performed with the support of the transformation key generated by Alice.Meanwile, the proxy cannot access the private key of Alice/Bob or the message underlying the involved ciphertext. Then the security of this scheme has been proved formally with the support of random oracle model and attached to the computational Diffie-Hellman problem. The simulation results show that our schemes are efficient and practical.4. We designed a bi-directional authenticated key agreement protocol for the smart grid based on the idea of certificateless key-insulated signcryption scheme. Our protocol outperforms the exisitng authenticated key agreement protocols for smart grid because the signcryption primitive is more efficient than the traditional "signature-then-encryption" paradigm. Furthermore, our protocol is especially suitable for the case where the smart meter is deployed in the hostile environment. Finally, the security of the authenticated key agreement protocol is proved with the BAN logic and the simulation result shows that our protocol is efficient and practical.