Certificate-Based Encryption and the Certificate Revocation Problem
We introduce the notion of certificate-based encryption. In this model, a certificate — or, more generally, a signature — acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali’s Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.
- 1.W. Aiello, S. Lodha, and R. Ostrovsky. Fast Digital Identity Revocation. In Proc. of Crypto 1998, LNCS 1462, pages 137–152. Springer-Verlag, 1998.Google Scholar
- 2.J.H. An, Y. Dodis and T. Rabin. On the Security of Joint Signature and Encryption. In Proc. of Eurocrypt 2002, LNCS 2332, pages 83–107. Springer-Verlag, 2002.Google Scholar
- 3.P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott. Efficient Algorithms for Pairing-Based Cryptosystems. In Proc. of Crypto 2002, LNCS 2442, pages 354–368. Springer-Verlag, 2002.Google Scholar
- 4.M. Bellare and A. Palacio. Protecting against Key Exposure: Strongly Key-Insulated Encryption with Optimal Threshold. Available at http://eprint.iacr.org, 2002.
- 5.D. Boneh, X. Ding, G. Tsudik, M. Wong. A Method for Fast Revocation of Public Key Certificates and Security Capabilities. In Proc. of 10th Annual USENIX Security Symposium, 2001, available at http://crypto.stanford.edu/~dabo/pubs.html.
- 6.D. Boneh and M. Franklin. Identity-Based Encryption from the Weil pairing. In Proc. of Crypto 2001, LNCS 2139, pages 213–229. Springer-Verlag, 2001.Google Scholar
- 7.D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Proc. of Eurocrypt 2003 (to appear).Google Scholar
- 9.R. Canetti, S. Halevi, J. Katz. A Forward-Secure Public-Key Encryption Scheme. In Proc. of Eurocrypt 2003 (to appear).Google Scholar
- 10.Y. Dodis, J. Katz, S. Xu, and M. Yung. Key-Insulated Public Key Cryptosystems. In Proc. of Eurocrypt 2002, LNCS 2332, pages 65–82. Springer-Verlag, 2002.Google Scholar
- 11.E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Proc. of Crypto 1999, LNCS 1666, pages 537–554. Springer-Verlag, 1999.Google Scholar
- 12.I. Gassko, P. S. Gemmell, and P. MacKenzie. Efficient and Fresh Certification. In Proc. of Public Key Cryptography 2000, LNCS 1751, pages 342–353. Springer-Verlag, 2000.Google Scholar
- 14.S. Micali. Efficient Certificate Revocation. Technical Report TM-542b, MIT Laboratory for Computer Science, 1996.Google Scholar
- 15.S. Micali. Novomodo: Scalable Certificate Validation and Simplified PKI Management. In Proc. of 1st Annual PKI Research Workshop, 2002, available at http://www.cs.dartmouth.edu/~pki02/.
- 16.M. Naor and K. Nissim. Certificate Revocation and Certificate Update. In Proc. of 7th Annual USENIX Security Symposium, 1998, available at http://www.wisdom.weizmann.ac.il/~kobbi/papers.html.
- 17.D. Naor, M. Naor, and J. Lotspiech. Revocation and Tracing Schemes for Stateless Receivers. In Proc. of Crypto 2001, LNCS 2139, pages 41–62. Springer-Verlag 2001.Google Scholar
- 18.A. Shamir. Identity-Based Cryptosystems and Signature Schemes. In Proc. of Crypto 1984, LNCS 196, pages 47–53. Springer-Verlag, 1985.Google Scholar