The Study Of Several Identity-based Cryptosystems

In the traditional public key cryptosystems, public key infrastructure is widely used to deal with the security problems in network communications. In order to realize the authentication of user's identity and user's public key, a trusted third party-certification authority (CA), is employed to issue the public-key certificates to the users. However, as the number of users grows gradually, the storage, transmission and update procedures of public key certificates will incur heavy computation overhead and communication costs.Identity-based cryptosystem solves the certificate management problems in the traditional PKI systems. In an identity-based cryptosystem, the user can set his identity as his public key (e.g., the email address, IP address or his name). In such a way, the problem of authentication for the public key and identity is naturally solved. Then the key management procedures can be greatly simplified. Due to the advantages, identity-based cryptosystems attract the attentions from many researchers, and become a hot topic in the research of information security.Based on the previous research results, we further study the identity-based cryptosystem. The main contributions are as follows:1. Cryptoanalysis of two identity-based signcryption schemes are presented. Signcryption scheme fulfils the functionality of public key encryption and digital signature, which achieves the confidentiality and authenticity in a single logical step. However, the encryption-then-signature method cannot ensure the semantic security of the signcrytion schemes. The security analysis of two identity-based signcryption schemes are presented, where either correctness or security are not ensured. Furthermore, we present the improvement on one scheme such that it can meet the security requirements.2. An efficient certificateless signcryption scheme is proposed. The certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystems, which can fulfil various security requirements. The existing certificateless signcryption schemes usually need six pairing operations, which are not very efficient. A new certificateless signcryption scheme is designed, which only requires four pairing operations. With comparison to the existing schemes, the new scheme has great improvement on efficiency. 3. We propose an identity-based signature with message recovery from the RSA assumption. The existing identity-based signature schemes with message recovery are based on the bilinear pairings of elliptic curves. Although the bilinear pairings are widely used in cryptography, the efficiency of the pairing operation is quite low, and the underlying assumptions of the bilinear pairings have not been studied as widely as that of the RSA settings. We construct an efficient identity-based signature with message recovery from the RSA assumption. The new scheme can be proven to be existential unforgeable against adaptive chosen message attacks in the random oracle model.