Cryptography Reference
In-Depth Information
As proposed by Shamir, it would greatly simplify secure communication if this basic
information were transformed to a public key that could be used for encryption. Hence,
IBE eliminates the whole process of distributing public key certificates as well as relaying
revocation lists. From a serviceability point of view, this approach is extremely practi-
cal, as an encrypted message can be sent to anyone without worrying about the process
required in retrieving the receiver's public key. On the other end, the receiver can use
his private key corresponding to the public key to decrypt the message. Compared to
the traditional PKI-based system, a private key generator (PKG) is responsible for distrib-
uting the private key. The PKG calculates the recipient's private key from his identity
and sends it to him in a secure way. In a real environment, keys generated by the PKG
are short-lived, and this feature of IBE introduces the concept of key freshness. Hence,
recipients of an encrypted message are forced to retrieve their private keys from the
PKG as soon as their key expires. In addition, the sender need not be concerned about
the expiration time of the recipient's private key. If the receiver's identity is revoked, the
PKG in his domain will stop issuing private keys to this user. Figure 4.8 outlines the IBE
scheme. If Alice wants to send an encrypted message to Bob using the IBE scheme, she
simply generates Bob's public key [ B ( pu k )] by hashing his identity ( I B ). Then she uses
B ( pu k ) and encrypts the message M . At the receiver's end, Bob retrieves his private key
[ B ( pr k )] from the PKG in his domain and decrypts the encrypted message C .
!
#$
"
Figure 4.8. Identity-Based Encryption Scheme
Search WWH ::




Custom Search