Cryptography Reference
In-Depth Information
Chapter 10
Identity-Based Cryptography
We have observed in Chap.
9
that the current state of PKI deployment is far from
satisfactory. There are many CAs and many of the certificates currently being used
are either expired or issued by CAs which are unknown to users or to the users'
software. In other cases, the users themselves issue their own certificates and then
trust chains are established in which friends are trusted, and then friends of friends,
and so on, with trust weakening in each iteration. These usages are not in accordance
with the intended one and it may be said that the purpose of PKI is defeated by them.
On the other hand, the wide deployment of public-key encryption is also hindered by
the fact that each time a user wants to send an encrypted message to a new person,
a new public-key certificate for this person must be obtained. These issues are a big
drawback for the wide deployment of public-key cryptography and hence it is very
interesting that there is a nice solution for a large fraction of these problems. This
solution is called
identity-based cryptography
(IBC) which, in particular, includes
the somewhat more restrictive concept of
identity-based encryption
(IBE). In IBC,
the schemes may be devoted to encryption, digital signatures, key exchange or other
purposes, while in the case of IBE the goal of the scheme is encryption. The develop-
ment of fully functional IBE schemes is quite recent—as we shall see, it may be said
that it started around 2001—but identity-based cryptography holds great promise for
the future and hence we will dedicate a short chapter to introduce its basic ideas and
point the interested reader to the relevant literature.
10.1 Introducing Identity-Based Cryptography
The basic idea of IBC starts from the realization that there is some minimal infor-
mation that a user has to learn before communicating with another person, even in
an unencrypted form, namely some identity information such as, for example, the
email address of this person. This was the starting point of the concept introduced
by Shamir in [175], where he proposed that this basic information could replace the
