Identity-based cryptography

Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address.

The first implementation of identity-based signatures and an email-address based public-key infrastructure (PKI) was developed by Adi Shamir in 1984,[1] which allowed users to verify digital signatures using only public information such as the user's identifier. Under Shamir's scheme, a trusted third party would deliver the private key to the user after verification of the user's identity, with verification essentially the same as that required for issuing a certificate in a typical PKI.

Shamir similarly proposed identity-based encryption, which appeared particularly attractive since there was no need to acquire an identity's public key prior to encryption. However, he was unable to come up with a concrete solution, and identity-based encryption remained an open problem for many years. The first practical implementations were finally devised by Sakai in 2000,[2] and Boneh and Franklin in 2001.[3] These solutions were based on bilinear pairings. Also in 2001, a solution was developed independently by Clifford Cocks.[4][5]

Closely related to various identity-based encryption schemes are identity based key agreement schemes. One of the first identity based key agreement algorithms was published in 1986, just two years after Shamir's identity based signature. The author was E. Okamoto.[6] Identity based key agreement schemes also allow for "escrow free" identity based cryptography. A notable example of such an escrow free identity based key agreement is the McCullagh-Barreto's "Authenticated Key Agreement without Escrow" found in section 4 of their 2004 paper, "A New Two-Party Identity-Based Authenticated Key Agreement".[7] A variant of this escrow free key exchange is standardized as the identity based key agreement in the Chinese identity based standard SM9.

  1. ^ Adi Shamir, Identity-Based Cryptosystems and Signature Schemes Archived 2020-08-12 at the Wayback Machine. Advances in Cryptology – Proceedings of CRYPTO 84, Lecture Notes in Computer Science, 7:47--53, 1984
  2. ^ Sakai, R; Ohgishi, K; Kasahara, M (2000). "Cryptosystems based on pairings". SICS. Symposium on cryptography and information security.
  3. ^ Dan, Boneh; Matt, Franklin (2001). "Identity-based encryption from the Weil pairing". Advances in Cryptology – CRYPTO 2001. Lecture Notes in Computer Science. Vol. 2139/2001. Springer. pp. 213–229. CiteSeerX 10.1.1.66.1131.
  4. ^ Cocks, Cliff (2001). "An Identity Based Encryption Scheme Based on Quadratic Residues". Cryptography and Coding (PDF). Lecture Notes in Computer Science. Vol. 2260/2001. Springer. pp. 360–363. CiteSeerX 10.1.1.116.5477. doi:10.1007/3-540-45325-3_32. ISBN 978-3-540-43026-1. Archived from the original (PDF) on 2007-02-06.
  5. ^ "Dr Clifford Cocks CB, Honorary Doctor of Science". University of Bristol. Archived from the original on 2015-06-27.
  6. ^ Okamoto, E. (1986). "Proposal for identity-based key distribution systems". Electronics Letters. 22 (24): 1283–1284. Bibcode:1986ElL....22.1283O. doi:10.1049/el:19860880. ISSN 0013-5194.
  7. ^ McCullagh, Noel; Barreto, Paulo S. L. M. (2004). "A New Two-Party Identity-Based Authenticated Key Agreement". {{cite journal}}: Cite journal requires |journal= (help)