ID-Based Signatures Without Trusted PKG

Nowadays,the secrecy,completeness,usability and resistance of denial of information all need to be solved by cryptology in the environment of computer networks, Cryptology is the key technology of information security.Cryptosystem includes private-key and public-key cryptosystem.Public-key cryptosystem has become the most key cryptology and plays an important role in agreements,digital signatures and authentication systems.Among them,ID-based cryptosystems has important achievements.In 1984,Shamir proposed id-based encryption and signature schemes,which simplify the key management of certificate based public key systems.In traditional digital signatures,private and public keys of users are generated by CA or trusted infrastructures.After the keys are generated,the certificate generating infrastructures need to keep all public and private keys of users.However,with the increase of users,it costs more to manage the keys of users and meanwhile,the keys occupy much resource of CA.But in id-based authentication system,keys of users are correspondent to their identity information,and trusted infrastructures only need to know mail address of users and don't need to store keys of users.So it saves the huge costs of management of certificate.In 1984,Shamir[17]asked for identity-based encryption and signature schemes to simplify key management procedures of certificate-based public key infrastructures. Since then,plenty of ID-based schemes have been proposed.In 2000,Sakai Ohgishi and Kashara[18]proposed the first id-based signature scheme based on bilinear pairings.In Asiacrypt2001,Boneh,Lynn and Shacham[4]gave a signa-ture scheme having the shortest signatures in the traditional cryptology.Then in 2002,Paterson[16]proposed a new id-based signature scheme based on bilinear pairings. However,these schemes have no strict security proof.In Crypto2001,based on bilinear pairings,Boneh and Franklin[3]proposed the first secure and efficient,idbased eneryption scheme.In SAC 2002,Hess[10]proposed a proved secure and efficient scheme.In PKC2003,Cha and Cheon[7]proposed a secure id-based signa-ture scheme.In CRYPTO'04,Boneh and Boyen[5]proposed an id-based eneryption scheme without random oracles,and then,based on this scheme,Brent Waters [19]proposed another id-based scheme without random oracles,assuming the hard-ness of BDHP(decisional Diffee-Hellman problem).However,in these schemes,PKG generates the private keys for users,so it can pretend to the users and forge valid signatures.Then,in ASIACRYPT2003,Al-Riyami etc.[1]introduced the concept of certificateless publickey crptography,and based on this model,the key escrow problem could be avoided.In[9],Gorantla and Saxena gave a new certificateless scheme whose is more efficient than[1].In[2],Al-Riyami etc.proposed another certificateless signature whose security is based on the hardness of BDHP,and whose efficiency is more higher than the original scheme[1].Chen[8]proposed a signature scheme without trusted PKG which also solved the key escrow problem.But many schemes of them are unsecure,for example,[11]proposed two attacks to the certificateless scheme in[1]that PKG could forge signatures of valid users.In this paper,from bilinear pairing,we propose two ID-based signatures without trusted PKG.Under random oracle model,our schemes are both proved secure against existential forgery on adaptively chosen message and ID attack,assuming the Computational Diffie-Hellman Problem(CDHP) in Diffie-Hellman group is intractable. They solved the key escrow problem which is inherent in the id-based signature schemes.In most id-based signature schemes,PKG is proved to have the ablitity to forge signatures of valid users,but in these two schemes,PKG is prevented from forging a legal user's signature for its traceability.In addition,by comparison,our schemes are more efficient than the existing scehmes[2,9,14].