Research On Identity Based Cryptosystem Public Key Management Scheme

In order to simplify the management of public key certificate in traditional public key infrastructure (PKI), famous cryptographer Shamir pioneering proposed identity-based encryption (IBE) public key cryptosystem in1984. In identity-based public key cryptosystem, the user’s public key can be easily derived from any strings corresponding to user’s identity information, such as e-mail address, name and so on. A trusted third party named Private Key Generator (PKG) generates private keys from a system master secret, and distributes them to users when they applying for private keys. IBE eliminates the need for public key certificates as used in traditional Public Key Infrastructure, which reduce the high cost of manage and authenticates public keys certificate. But some problems have not been settled in IBE scheme, such as identity authentication, key escrow, key revocation and governmental monitor. This paper took elaborate research on these problems, and proposes two new schemes. The major work is done by the following:First, researches multiple trust authorities and verifiable partial key escrow scheme in depth, proposes a new key escrow scheme that called scheme one. In this scheme, official PKG and unofficial PKG generates partial private key for user, meanwhile, the user generates another verifiable partial key. In our propose scheme, unofficial PKG is treated as online security mediator verifies user’s private key life cycle, and provides a privacy service to each user who receives a piece of a private key from official PKG User needs to prove himself to official PKG and unofficial PKG that the partial private key generated by himself is publicly verifiable. At the same time, this scheme supports key revocation and avoids "once monitoring, perpetual monitoring" based on the idea of additional messages. At last, we provides security and performance analysis of the new scheme, and proves this scheme can resist the selective ciphertext attack.Second, researches hierarchical identity-based encryption (HIBE) in depth, combines with SK-IBE safe model and Fujisaki-Okamoto mix commutation, proposes a new and improved hierarchical identity-based key escrow scheme that called scheme two. This scheme divides users into different groups in consideration of different users require various securities, and sets diverse key life cycle for them. Meanwhile in order to perfectly solve key revocation and key update, this scheme proposes a partial private key parameter that generated by user and ground floor PKG This scheme provides better balance between user, law monitor and PKG At last we provides security and performance analysis of the new scheme.Third, proposes some applications of the identity-based cryptosystem based on above two new schemes, including applications in E-commerce, E-mail and E-voting.