Cryptography Reference
In-Depth Information
the computation of
s
2
. In other words,
k,a,
s
1
are all treated as integers and
s
2
is computed
as the integer
k
a
s
1
. To maintain security it is necessary to take
k
to be bigger than
2
l
r
(i.e., bigger than any possible value for the integer
a
s
1
). This idea was fully analysed
(and generalised to groups of known order) by Girault, Poupard and Stern [
232
].
+
Identity-based signatures. Identity-based cryptography is a concept introduced by Shamir.
The main feature is that a user's public key is defined to be a function of their “identity”
(for example, their email address) together with some master public key. Each user
obtains their private key from a Key Generation Center that possesses the master secret.
One application of identity-based cryptography is to simplify public key infrastructures.
An identity-based signature is a public key signature scheme for which it is not
necessary to verify a public key certificate on the signer's key before verifying the
signature (though note that it may still be necessary to verify a certificate for the master
key of the system). There are many proposals in the literature, but we do not discuss them
in this section.