TIBC: Trade-off between Identity-Based and Certificateless Cryptography for future internet

Abstract

Identity-Based Cryptography (IBC) offers the very interesting property that the user's public key is related directly to her/his identity. However, IBC suffers from key escrow because the user private key is generated by an external entity called the Private Key Generator (PKG). To resolve this problem, the Certificateless Cryptography CL-PKC was proposed. This mechanism uses a different method to generate the public key. Although CL-PKC resolves the IBC problem, it removes the IBC attractive advantage of easy public key generation. This system is also the target of Denial of Decryption attack (DoD) when an adversary replaces the user's public key. To overcome these weaknesses, we propose a new solution that merges these two cryptographic systems into only one in order to keep their advantages and to resolve their problems. We prove that our system is secure by using the random oracle model and we demonstrate that it offers a self-generated certificate. This solution can be used to secure object-centric systems that are expected to compose the future internet.