Private Key Extraction. The xxxxxx Xxxxx authenticates herself to the PKG and obtains a private key skIDAlice associated with her identity IDAlice. Signature Generation: Using her private key skIDAlice, Xxxxx creates a signature ¾ on her message M. Signature Verification: Having obtained the signature ¾ and the message M from Xxxxx, the verifier Xxx checks whether ¾ is a genuine signature on M using Alice's identity IDAlice and the PKG's public key pkPKG. If it is, he returns \Accept". Otherwise, he returns \Reject". Further studies in IDE Smart [7] proposed an ID – Based Ak Protocol based on the idea of the IBE scheme of Boneh and Franklin. Shim [8] and Chen and Xxxxx [9] independently pointed out that Smart’ protocol does not provide full forward secrecy – an important security requirement for key agreement protocol. Shim [8] then proposed an efficient ID based key agreement protocol that is claimed to provide full forward Secrecy, known key secrecy resilience and UK-S resilience. However it was pointed out that shim’s AK protocol is vulnerable to man -in –middle attack. In 2004, Ryu et al introduced an efficient id based key agreement protocol using pairings in which computation and communication overheads for establishing a session key are significantly reduced. Wang independently showed that Ryu et al’s protocol does not provide K-CI resilience .In 2005 , Xxx and Xxx proposed a new ID based key agreement protocol claiming that the protocol has the properties of known key secrecy (which implies key integrity ), perfect forward security ,K-CI resilience and UK-S resilience . An improved version of Xxx Xxx Identity based key agreement protocol is presented in [10].
Private Key Extraction. The receiver Xxx authenticates himself to the PKG and obtains a private key skIDBob associated with his identity IDBob. Encryption: Using Bob's identity IDBob and the PKG's pkPKG, the sender Xxxxx encrypts her plaintext message M and obtains a ciphertext C. Decryption: Upon receiving the ciphertext C from Xxxxx, Xxx decrypts it using his private key skIDBob to recover the plaintext M. As a mirror image of the above identity-based encryption, one can consider an identity-based Signature (IBS) scheme. In this scheme, the xxxxxx Xxxxx first obtains a signing (private) key associated with her identifier information from the PKG. She then signs a message using the Signing key. The verifier Xxx now uses Alice's identifier information to verify Bob's signature. {No needs for Xxx to get Alice's certificate. More precisely, an IBS scheme can be described Using the following steps. (Figure illustrates a schematic outline of an IBS scheme). Setup: The Private Key Generator (PKG), which is a trusted third party, creates its master (private) and public key pair, which we denote by skPKG and pkPKG respectively.
Private Key Extraction. The receiver Bob authenticates himself to the private key generator and obtains his private key skBob which is associated with his identity IDBob.
Private Key Extraction. The xxxxxx, Xxxxx, authenticates herself to the private key generator and obtains her private key skAlice which is associated with her identity IDAlice.
Private Key Extraction. Xxxxx chooses identity information. The private key generator computes the point PAlice = H1(IDAlice) ∈ E(Fq) where PAlice is Xxxxx’s public key. The private key generator sends the point QAlice = s PAlice ∈ E(Fq) to Xxxxx. This QAlice is Xxxxx’s private key.
Private Key Extraction. A user submits his identity information ID to private key generator. Then private key generator computes the user’s public key as QID = H1(ID), and returns his private key SID = sQID.
Private Key Extraction. Each user obtains the private keys; SK1i and SK2i from a private key generator. Figure 4.1 shows the value of braids in the setup and private key extraction phases. The detail of the values prepared by the private key generator for Xxxxx, Xxx, and Xxxxxxx is shown in the following. For Xxxxx:
