Identity-Based Cryptography Sample Clauses

Identity-Based Cryptography. ‌ Identity-based cryptography (ID-PKC) was introduced by Shamir [54] in 1984, and en- ▇▇▇▇▇ communicating users to verify signed data without exchanging private or public keys, without managing certificates, and without having to rely on services provided by a third party. It assumes the existance of a private key generator (PKG) from which users are issued their private keys. Once all private keys have been issued, the PKG can be closed for an indefinite period while the network can continue to function as normal (as long as no additional users are introduced). This is because the system does not intro- duce key revocation as in traditional PKI, and therefore always assumes that keys are valid. In the identity-based system, public keys are derived from a known identity such as the username or e-mail address, and thus may be generated by anyone. In order to obtain the private key, an entity needs to present itself to a private key generator. The PKG combines its master key with the identity value of the challenging entity and generates the private key. It is crucial to the identity-based scheme that the PKG is trusted as it will know every user’s private key, and thus be able to decrypt any message sent in its domain. This property is called key escrow and is by many considered a shortcoming of identity-based cryptography. However, there are also cases in which key escrow may be a needed property, such as in the health care profession where an audit trail to transactions may be a legal requirement. Shamir’s motivation in developing the identity-based cryptosystem was originally to simplify key management in e-mail systems. Because a user generally knows the e-mail address of the recipient, it implies that the user also would know the public key. En- crypting the message using the public key would require the recipient to obtain the corresponding private key from the PKG. The sender may also sign the message using the appropriate private key. Upon reciept, the receiver may easily verify a signature only by knowing the identity of the sender. It is also important to note that public and private keys are generated independently, unlike in traditional PKI. Although the notion of identity-based cryptography is quite old and has co-existed with PKI for many years, it wasn’t until recently when Boneh and Franklin [9] demon- strated the construction of very efficient and provably secure identity-based primitives using elliptic curve pairings that ID-PKC truly gain...