International Journal of Information Security

, Volume 11, Issue 1, pp 1–22 | Cite as

Relations between the security models for certificateless encryption and ID-based key agreement

  • D. Fiore
  • R. Gennaro
  • N. P. Smart
Regular Contribution


We discuss the relationship between ID-based key agreement protocols, certificateless encryption and ID-based key encapsulation mechanisms. In particular we show how in some sense ID-based key agreement is a primitive from which all others can be derived. In doing so we focus on distinctions between what we term pure ID-based schemes and non-pure schemes, in various security models. We present security models for ID-based key agreement which do not “look natural” when considered as analogues of normal key agreement schemes, but which look more natural when considered in terms of the models used in certificateless encryption. We illustrate our models and constructions with two running examples, one pairing based and one non-pairing based. Our work highlights distinctions between the two approaches to certificateless encryption and adds to the debate about what is the “correct” security model for certificateless encryption.


Key agreement Certificateless encryption Identity-based key agreement 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. Topics in Cryptology–CT-RSA 2001, Springer LNCS 2020, pp. 143–158 (2001)Google Scholar
  2. 2.
    Al-Riyami, S.S.: Cryptographic Schemes Based on Elliptic Curve Pairings. Ph.D. Thesis, University of London, UK (2004)Google Scholar
  3. 3.
    Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. Advances in Cryptology—Asiacrypt 2003, Springer LNCS 2894, pp. 452–473 (2003)Google Scholar
  4. 4.
    Al-Riyami, S.S., Paterson, K.G.: CBE from CL-PKE: a generic construction and efficient schemes. Public Key Cryptography—PKC 2005, Springer LNCS 3386, pp. 398–415 (2005)Google Scholar
  5. 5.
    Baek, J., Safavi-Naini, R., Susilo, W.: Certificateless public key encryption without pairing. Information Security—ISC 2005, Springer LNCS 3650, pp. 134–148 (2005)Google Scholar
  6. 6.
    Bentahar, K., Farshim, P., Malone-Lee, J., Smart, N.P.: Generic constructions of identity-based and certificateless KEMs. J. Cryptol. 21: 178–199 (2008). Full version at IACR e-print 2005/058Google Scholar
  7. 7.
    Boneh, D., Boyen, X.: Short Signatures without Random Oracles. Advances in Cryptology—Eurocrypt 2004, Springer LNCS 3027, pp. 56–73 (2004)Google Scholar
  8. 8.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. Advances in Cryptology—Crypto 2001, Springer LNCS 2139, pp. 213–229 (2001)Google Scholar
  9. 9.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable Zero-Knowledge. Weizmann Science Press of Israel (1999)Google Scholar
  10. 10.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology—Eurocrypt 2001, Springer-Verlag LNCS 2045, pp. 453–474 (2001)Google Scholar
  11. 11.
    Chen L., Cheng Z., Smart N.P.: Identity-based key agreement protocols from pairings. Int. J. Inf. Secur. 6, 213–241 (2007)CrossRefGoogle Scholar
  12. 12.
    Chen, L., Kudla, C.: Identity based authenticated key agreement from pairings. IEEE Computer Security Foundations Workshop, pp. 219–233 (2003). The modified version of this paper is available at Cryptology ePrint Archive, Report 2002/184Google Scholar
  13. 13.
    Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining indistinguishabilit-based proof models for key establishment protocols. Advances in Cryptology—Asiacrypt 2005, Springer LNCS 3788, pp. 585–604 (2005)Google Scholar
  14. 14.
    Dent A.: A survey of certificateless encryption schemes and security models. Int. J. Inf. Secur. 7, 347–377 (2008)CrossRefGoogle Scholar
  15. 15.
    Fiore, D., Gennaro, R.: Making the Diffie–Hellman protocol identity-based. Topics in Cryptology—CT-RSA 2010, Springer LNCS 5985, pp. 165–178 (2010). Also in IACR e-print archive, report 2009/174Google Scholar
  16. 16.
    Fiore, D., Gennaro, R., Smart, N.P.: Constructing Certificateless Encryption and ID-Based Encryption from ID-Based Key Agreement. Pairing 2010, Springer LNCS 6487, pp. 167–186 (2011)Google Scholar
  17. 17.
    Lynn, B.: Authenticated identity-based encryption. IACR e-print 2002/072 (2002)Google Scholar
  18. 18.
    McCullagh, N., Barreto, P.S.L.M.: A new two-party identity-based authenticated key agreement. Topics in Cryptology—CT-RSA 2005, Springer LNCS 3376, pp. 262–274 (2005)Google Scholar
  19. 19.
    Paterson K., Srinivasan S.: On the relations between non-interactive key distribution, identity based-based encryption and trapdoor discrete log groups. Des. Codes Cryptogr. 52, 219–241 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    Scott, M.: Authenticated ID-based key exchange and remote log-in with insecure token and PIN number. Cryptology ePrint Archive, Report 2002/164Google Scholar
  21. 21.
    Shamir, A: Identity-Based Cryptosystems and Signature Schemes Advances in Cryptology—Proceedings of CRYPTO ’84, 1985, pp. 47–53Google Scholar
  22. 22.
    Smart N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Electron. Lett. 38, 630–632 (2002)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  1. 1.École Normale Supérieure, CNRS-INRIAParisFrance
  2. 2.IBM T.J. Watson Research CenterHawthorneUSA
  3. 3.Department Computer ScienceUniversity of BristolBristolUK

Personalised recommendations