Cryptography Reference
In-Depth Information
faces the problem that one cannot easily attribute a specific public key to a specific
entity (i.e., user) and that one has to work with public key certificates. A public
key certificate, in turn, is a data structure that is issued by a trusted (or trustworthy)
certification authority (CA), that states that a specific public key really belongs to a
specific entity, and that itself is digitally signed by the certificate-issuing CA. If there
are multiple CAs in place, then one frequently talks about public key infrastructures
(PKIs). In general, public key certificates, CAs, and PKIs are very complex topics,
and we are just at the beginning of understanding all issues involved.
16
In the early 1980s, Shamir came up with the idea that if one chose a public
key to uniquely identify the entity that holds the key, then one would no longer
have to care about public key certification in the first place. Instead, a public key
would then be self evident in the sense that it automatically becomes clear to whom
it belongs (or at least to whom it was issued in the first place). Shamir coined
the term
identity-based encryption
for this idea. The major advantage of identity-
based encryption is that neither public key certificates nor directory services are
needed (because messages are encrypted with keys that are directly derivable from
information characterizing the recipients). The disadvantage, however, is related
to the fact that a trusted authority is needed to generate public key pairs and to
distribute them to the appropriate entities. Note that in a conventional asymmetric
encryption system, all entities can generate their own public key pairs using the
Generate
algorithm. In an identity-based encryption system, this cannot be the case
because the public keys must have specific values and it must not be possible for
anybody (except the trusted authority) to determine the private key that belongs to
a specific public key (otherwise, this person could determine the private keys of
everybody). Consequently, in an identity-based encryption system, all entities must
provide their identities to the trusted authority, and the trusted authority must provide
them with their appropriate public key pair.
In [21], Shamir introduced the idea of identity-based encryption and also
proposed an identity-based digital signature system. Almost two decades later,
Dan Boneh and Matthew K. Franklin developed and proposed an
identity-based
encryption
(IBE) system [22]. They suggested using the IBE system as an alternative
to commonly used secure messaging technologies and solutions that are based on
public key certificates.
17
16
See, for example, Chapter 7 of [20].
17
In fact, Boneh co-founded Voltage Security, Inc., (http://www.voltage.com) to market the IBE
system.
