Key Management Research And Application In Identity-based Encryption System

The development of public key cryptosystem is affected by two factors, namely, the security algorithm and the foundation of public key authentication. In Public Key Infrastructure(PKI), the digital certificate is bound to the identities of users and public key information to realize the public key authentication. However, in practical applications, the digital certificate needs to consume a lot of resources, which makes the scalability of the system limited. Identity based encryption(Identity-Based Encryption, IBE) system changes the way of public key generation and simplifies the management of digital certificates. In this system, the user’s public key can be directly obtained from the user’s unique identity information, which no longer needs to use the digital certificate to authenticate the user’s public key. However, the user’s private key is generated by the PKG(Private Key Generator), which results in the identity authentication, the user’s key escrow problem, key security issue, the key revocation and so on.This thesis analyzes the existing key management schemes, and points out that there are some problems, such as PKG deception, public key authentication and so on, the system burden, then puts forward two innovative schemes:Firstly, combined with Feldman verifiable secret sharing(Verifiable Secret Sharing, VSS), this thesis proposes a key management scheme which uses the blind signature technology and includes a trusted center as well as the user’s collaborative. By the properties of VSS and bilinear map, the correctness of the scheme is proved, which shows that the scheme can solve the key escrow problem and realize the management of the revocation of the key. In the key generation and distribution, compared with the same type of other management schemes, this scheme is more comprehensive and correct.Secondly, in view of the problems: internal attacks launched by KGC(Key Generation Center) or KPA(Key Privacy Center), illegal users of external attack and physical fault, this thesis adds the trusted third party to solve these problems by using signature technology and setting the validity period. By the property of bilinear map, the correctness of the scheme is proved and the security of the scheme is analyzed.This thesis applies the specific implementation scheme of the full BF-IBE to solve the security problem in e-mail system, gives the key algorithms in the design process and realization method, and takes the advantage of MIRACL to simulate the communication process of secure e-mail between the PKG server and user, the process of encryption and decryption of e-mail on local machine with VC++ 6.0. Experimental results show that the system can ensure the security of mail in the transmission process.