Protecting Against Key Escrow and Key Exposure in Identity-Based Cryptosystem

摘要

Standard identity-based cryptosystems typically rely on the assumption that secret keys are kept perfectly secure. However, in practice, there are two threats to the key security in identity-based cryptosystems. One inherent problem is key escrow, that is, the Key Generation Center (KGC) always knows a user's secret key and the malicious KGC can impersonate the user. Meanwhile, another threat is that a user's secret key may be exposed to an adversary in an insecure device, and key exposure typically means that security is entirely lost. At present, there is no solution that can simultaneously solve both of above problems. In this paper, we first present a secure key issuing and updating model for identity-based cryptosystems. Our suggestion is an intermediate between the identity-based key insulation and distributing authorities approach, and can simultaneously solve both key escrow and key exposure problems. We formalize the definition and security notion of the corresponding encryption scheme (IBKUE) and signature scheme (IBKUS), and then propose an IBKUE scheme based on Boneh-Franklin's scheme [2] and an IBKUS scheme based on Cha-Cheon's scheme [9]. Both of the schemes are secure in the remaining time periods against an adversary who compromises the KGC and obtains a user's secret key for the time periods of its choice. All the schemes in this paper are provably secure in the random oracle model.