Abstract
Certificate-based encryption (CBE) is a new asymmetric encryption paradigm which was introduced to solve the certificate management problem in traditional public key encryption (PKE). It combines PKE and identity-based encryption (IBE) while preserving some of their most attractive features. CBE provides an efficient implicit certificate mechanism which eliminates the third-party queries and simplifies the certificate revocation problem in the traditional public key infrastructure (PKI). It also solves the key escrow problem and key distribution problem inherent in IBE. In this paper, we introduce the key replacement attack and the malicious-but-passive certifier attack into CBE, and define a class of new security models for CBE under different security levels according to the power of the adversaries against CBE. Our new security models are more elaborated and stronger compared with other existing ones. Then, we propose a generic construction of CBE from certificateless public key encryption and prove its security under the proposed security models in the standard model. We also show a concrete conversion using the proposed generic construction. Key words: Certificate-based encryption, security model, generic construction, certificateless public key encryption, standard model.  
Highlights
In traditional public key cryptography (PKC), cryptographic keys are generated randomly with no connection to users’ identities
We propose a generic construction of Certificate-based encryption (CBE) from certificateless public key encryption and prove its security under the proposed security models in the standard model
To simplify the management of the public key certificates, Shamir (1984) introduced the concept of identity-based cryptography (IBC) in which the public key of each user is derived directly from its identity, such as an internet protocol (IP) address or an e-mail address, and the corresponding private key is generated by a trusted third party called private key generator (PKG)
Summary
In traditional public key cryptography (PKC), cryptographic keys are generated randomly with no connection to users’ identities. This problem can be solved by introducing public key certificates generated by a trusted third party called the certification authority (CA) that can provide an unforgettable and trusted link between a public key and the identity of its holder This kind of certificate systems is private key escrow becomes an inherent problem in IBC. Partial secret keys must be sent to the users over secure channels It makes CL-PKC suffer the same key distribution problem as IBC. A certificate in CBE has all the functionalities of a traditional PKI certificate, and acts as a partial decryption key This additional functionality provides an implicit certificate mechanism so that the sender is not required to obtain fresh information on certificate status and the recipient can only decrypt the ciphertext using his private key along with an up-to-date certificate from its certifier. There is no key escrow problem (since the certifier does not know the private keys of users) and key distribution problem (since the certificates need not be kept secret) in CBE
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.