Certificateless cryptography
Encyclopedia
Certificateless cryptography is a variant of ID-based cryptography
intended to prevent the key escrow
problem. Ordinarily, keys are generated by a certificate authority
or a key generation center (KGC) who is given complete power and is implicitly trusted. To prevent a complete breakdown of the system in the case of a compromised KGC, the key generation
process is split between the KGC and the user. The KGC first generates a key pair, where the private key is now the partial private key of the system. The remainder of the key is a random value generated by the user, and is never revealed to anyone, not even the KGC. All cryptographic operations by the user are performed by using a complete private key which involves both the KGC's partial key, and the user's random secret value. One disadvantage of this is that the identity information no longer forms the entire public key.
To encrypt a message to another user, three pieces of information are needed: 1) the other user's public key and 2) identity, and also 3) the third party's public information. To decrypt, a user just needs to use their private key.
For tight security, a certificateless system has to prove its security against two types of adversaries.
Type 1 Adversary- Refers to any third party who can fake the user's public keys, corresponding to the user's random secret value.
Type 2 Adversary- Refers to a compromised or malicious KGC, who has access to the partial public and private keys of all users.
ID-based cryptography
ID-based encryption is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user...
intended to prevent the key escrow
Key escrow
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
problem. Ordinarily, keys are generated by a certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
or a key generation center (KGC) who is given complete power and is implicitly trusted. To prevent a complete breakdown of the system in the case of a compromised KGC, the key generation
Key generation
Key generation is the process of generating keys for cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted....
process is split between the KGC and the user. The KGC first generates a key pair, where the private key is now the partial private key of the system. The remainder of the key is a random value generated by the user, and is never revealed to anyone, not even the KGC. All cryptographic operations by the user are performed by using a complete private key which involves both the KGC's partial key, and the user's random secret value. One disadvantage of this is that the identity information no longer forms the entire public key.
To encrypt a message to another user, three pieces of information are needed: 1) the other user's public key and 2) identity, and also 3) the third party's public information. To decrypt, a user just needs to use their private key.
For tight security, a certificateless system has to prove its security against two types of adversaries.
Type 1 Adversary- Refers to any third party who can fake the user's public keys, corresponding to the user's random secret value.
Type 2 Adversary- Refers to a compromised or malicious KGC, who has access to the partial public and private keys of all users.