Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
IDENTITY-BASED CRYPTOGRAPHY
ISSN 1871-6431
Cryptology and Information Security Series
The Cryptology & Information Security Series (CISS) presents the latest research results in the
theory and practice, analysis and design, implementation, application and experience of
cryptology and information security techniques. It covers all aspects of cryptology and
information security for an audience of information security researchers with specialized
technical backgrounds.
Coordinating Series Editors: Raphael C.-W. Phan and Jianying Zhou
Series editors
Feng Bao, Institute for Infocomm Research, Singapore
Kefei Chen, Shanghai Jiaotong University, China
Robert Deng, SMU, Singapore
Yevgeniy Dodis, New York University, USA
Dieter Gollmann, TU Hamburg-Harburg, Germany
Markus Jakobsson, Indiana University, USA
Marc Joye, Thomson R&D, France
Javier Lopez, University of Malaga, Spain
Nasir Memon, Polytech University, USA
Chris Mitchell, RHUL, United Kingdom
David Naccache, École Normale Supérieure, France
Gregory Neven, IBM Research, Switzerland
Phong Nguyen, CNRS / École Normale Supérieure, France
Andrew Odlyzko, University of Minnesota, USA
Adam Young, MITRE Corporation, USA
Moti Yung, Columbia University, USA
Volume 2
Recently published in this series
Vol. 1. J. Lopez and J. Zhou (Eds.), Wireless Sensor Network Security
Identity-Based Cryptography
Edited by
Marc Joye
Thomson R&D, France
and
Gregory Neven
IBM Zürich Research Laboratory, Switzerland
Amsterdam • Berlin • Oxford • Tokyo • Washington, DC
© 2009 The authors and IOS Press.
All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted, in any form or by any means, without prior written permission from the publisher.
ISBN 978-1-58603-947-9
Library of Congress Control Number: 2008940895
Publisher
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
fax: +31 20 687 0019
e-mail: [email protected]
Distributor in the UK and Ireland Distributor in the USA and Canada
Gazelle Books Services Ltd. IOS Press, Inc.
White Cross Mills 4502 Rachael Manor Drive
Hightown Fairfax, VA 22032
Lancaster LA1 4XS USA
United Kingdom fax: +1 703 323 3668
fax: +44 1524 63232 e-mail: [email protected]
e-mail: [email protected]
LEGAL NOTICE
The publisher is not responsible for the use which might be made of the following information.
PRINTED IN THE NETHERLANDS
Foreword
In an active field like that of cryptography, a problem that remains open for seventeenyears must be a pretty tough problem. In a practically relevant field like that of cryp-tography, a solution that inspires hundreds of follow-up papers within a few years’ timemust be a pretty interesting solution.
Posed as an open problem in 1984, but efficiently instantiated only in 2001, identity-based encryption hasn’t left the forefront of cryptographic research since. Praised byfans as the economical alternative to public-key infrastructures, booed by critics for itsinherent key escrow — was that 1984 you said? — identity-based cryptography is alsothe topic of numerous debates in the cryptographic community.
This book looks beyond the controversy and intends to give an overview of the cur-rent state-of-the-art in identity-based cryptography. Since research on the topic is stillactively continuing, this is necessarily a snapshot of a field in motion, rather than thefinal word about it. Still, we felt the main concepts have by now sufficiently matured tocollect them in a single dedicated volume.
Each of the chapters in this volume is written by international experts on the topic.Our first word of thanks goes to the authors for their top-quality contributions to thebook. Our special gratitude is due to Jean-Luc Beuchat, Jérémie Detrey, David Galindo,Kenny Paterson, and Nigel Smart who have looked over various portions of the bookand have given comments and suggestions, and to Michel Abdalla for letting us use hisextensive bibliographic library. We would also like to thank Juliette Joye for the beautifulillustration on the cover of this book. Finally, we would like to thank the people at IOSPress for the smooth interaction.
September 2008 Marc JoyeGregory Neven
Identity-Based CryptographyM. Joye and G. Neven (Eds.)IOS Press, 2009© 2009 The authors and IOS Press. All rights reserved.
v
This page intentionally left blank
Contents
Foreword v
Marc Joye and Gregory Neven
Chapter I. Introduction to Identity-Based Cryptography 1
Antoine Joux
Chapter II. Pairings on Elliptic Curves 13
Frederik Vercauteren
Chapter III. Identity-Based Signatures 31
Eike Kiltz and Gregory Neven
Chapter IV. Identity-Based Encryption and Hierarchical Identity-Based Encryption 45
Sanjit Chatterjee and Palash Sarkar
Chapter V. Flexible IBE and Beyond in the Commutative-Blinding Framework 65
Xavier Boyen
Chapter VI. Generalized IBE in the Exponent-Inversion Framework 83
Xavier Boyen
Chapter VII. Forward-Secure Hierarchical IBE with Applications to Broadcast
Encryption 100
Danfeng (Daphne) Yao, Nelly Fazio, Yevgeniy Dodis and Anna Lysyanskaya
Chapter VIII. Identity-Based Identification and Signature Schemes Using Error
Correcting Codes 119
Pierre-Louis Cayrel, Philippe Gaborit and Marc Girault
Chapter IX. Certificateless Encryption 135
Sherman S.M. Chow
Chapter X. Attribute-Based Encryption 156
Amit Sahai, Brent Waters and Steve Lu
Chapter XI. On Generic Groups and Related Bilinear Problems 169
David Lubicz and Thomas Sirvent
Chapter XII. Software Implementation of Pairings 188
Darrel Hankerson, Alfred Menezes and Michael Scott
Chapter XIII. Hardware Implementation of Pairings 207
Maurice Keller, Robert Ronan, Andrew Byrne, Colin Murphy and
William Marnane
Chapter XIV. Implementation Attacks & Countermeasures 226
Claire Whelan, Dan Page, Frederik Vercauteren, Michael Scott and
William Marnane
vii
Bibliography 245
Author Index 263
viii
Chapter I
Introduction to Identity-BasedCryptography
Antoine JOUX
DGA and University of Versailles St-Quentin-en-Yvelines, France
Abstract. Identity-based cryptography is a new development of public-key cryp-tography. It was first proposed by Adi Shamir at CRYPTO ’84. However, it took thecryptographic community a long while to produce effective identity-based cryp-tosystems. Indeed, this solution only appeared at the beginning of the twenty-firstcentury. Nowadays, identity-based cryptography has become a very active field ofresearch. This introductory chapter presents the basics of identity-based cryptogra-phy and briefly surveys its early history.
1. Public-Key Cryptography, Certificates and Identity-Based Cryptography
Identity-based cryptography is an extension of the public-key paradigm, which was ini-tially suggested by Adi Shamir [Sha85] at CRYPTO ’84. In order to better understandidentity-based cryptography, we start by reviewing how traditional public-key systemsare usually put to use in real-life applications. First, to offer reasonable speed, public-keyencryption systems are usually used in conjunction with a secret-key encryption scheme.More precisely, the public-key scheme is used in order to produce a shared encryptionkey for the secret-key scheme, known to the sender and receiver of the communication.Once this is done, they simply use this common secret key for encrypting the rest ofthe communication. This initial phase is usually called a key exchange protocol. It canbe devised in several ways. The simplest approach is simply to let the sender encrypt arandom value R with a public-key encryption scheme such as RSA, using the receiver’spublic key. Since R can be obtained by the receiver after decryption, it is a commonvalue which can be used to key the secret-key encryption. Note that to avoid simple mul-tiplicative attacks against RSA, for example the attacks described in [BJN00], R shouldpreferably be of the length of the RSA modulus. This means that R is usually too longand must be truncated to obtain the secret key. The other classical approach is to useDiffie-Hellman key exchange, either in the multiplicative subgroup of a finite field or onan elliptic curve. There, the common value is no longer chosen by the sender but instead
Identity-Based CryptographyM. Joye and G. Neven (Eds.)IOS Press, 2009© 2009 The author and IOS Press. All rights reserved.doi:10.3233/978-1-58603-947-9-1
1