Certificateless Public Key Cryptography in the Standard Model

摘要

Identity-based cryptography has been introduced by Shamir at Crypto'84 to avoid the use of expensive certificates in certified public key cryptography. In such system, the identity becomes the public key and each user needs to interact with a designated authority to obtain the related private key. It however suffers the key escrow problem since the authority knows the private keys of all users. To deal with this problem, Riyami and Paterson have introduced, at Asiacrypt'03, the notion of certiftcateless public key cryptography. In this case, there is no need to use the certificate to certify the public key, and neither the user nor the authority can derive the full private key by himself. There have been several efforts to propose a certificateless signature (CLS) scheme in the standard model, but all of them either make use of the Waters' technique or of the generic conversion technique (proposed by Yum and Lee at ACISP'04) which both lead to inefficient CLS schemes. Besides making use of the Waters' technique and the generic conversion technique (proposed also by Yum and Lee at ICCSA'04), there exists direct approaches to construct certificateless public key encryption (CLE) scheme in the standard model. In this paper, we introduce a new and direct approach to construct a CLS scheme in the standard model with constant-size of all parameters and having efficient computing time. We also show that the Boneh et al.'s identity-based encryption scheme secured in the standard model at EC'04 can be extended to the certificateless setting. Interestingly, the resulting scheme can be comparable with the existing CLE schemes in term of both efficiency and security.