Certificate-Based Encryption and the Certificate Revocation Problem

  • Craig Gentry
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2656)


We introduce the notion of certificate-based encryption. In this model, a certificate — or, more generally, a signature — acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali’s Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.


  1. 1.
    W. Aiello, S. Lodha, and R. Ostrovsky. Fast Digital Identity Revocation. In Proc. of Crypto 1998, LNCS 1462, pages 137–152. Springer-Verlag, 1998.Google Scholar
  2. 2.
    J.H. An, Y. Dodis and T. Rabin. On the Security of Joint Signature and Encryption. In Proc. of Eurocrypt 2002, LNCS 2332, pages 83–107. Springer-Verlag, 2002.Google Scholar
  3. 3.
    P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott. Efficient Algorithms for Pairing-Based Cryptosystems. In Proc. of Crypto 2002, LNCS 2442, pages 354–368. Springer-Verlag, 2002.Google Scholar
  4. 4.
    M. Bellare and A. Palacio. Protecting against Key Exposure: Strongly Key-Insulated Encryption with Optimal Threshold. Available at http://eprint.iacr.org, 2002.
  5. 5.
    D. Boneh, X. Ding, G. Tsudik, M. Wong. A Method for Fast Revocation of Public Key Certificates and Security Capabilities. In Proc. of 10th Annual USENIX Security Symposium, 2001, available at http://crypto.stanford.edu/~dabo/pubs.html.
  6. 6.
    D. Boneh and M. Franklin. Identity-Based Encryption from the Weil pairing. In Proc. of Crypto 2001, LNCS 2139, pages 213–229. Springer-Verlag, 2001.Google Scholar
  7. 7.
    D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Proc. of Eurocrypt 2003 (to appear).Google Scholar
  8. 8.
    D. Boneh, B. Lynn, and H. Shacham. Short Signatures from the Weil Pairing. In Proc. of Asiacrypt 2001, LNCS 2248, pages 514–532. Springer-Verlag, 2001.CrossRefGoogle Scholar
  9. 9.
    R. Canetti, S. Halevi, J. Katz. A Forward-Secure Public-Key Encryption Scheme. In Proc. of Eurocrypt 2003 (to appear).Google Scholar
  10. 10.
    Y. Dodis, J. Katz, S. Xu, and M. Yung. Key-Insulated Public Key Cryptosystems. In Proc. of Eurocrypt 2002, LNCS 2332, pages 65–82. Springer-Verlag, 2002.Google Scholar
  11. 11.
    E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Proc. of Crypto 1999, LNCS 1666, pages 537–554. Springer-Verlag, 1999.Google Scholar
  12. 12.
    I. Gassko, P. S. Gemmell, and P. MacKenzie. Efficient and Fresh Certification. In Proc. of Public Key Cryptography 2000, LNCS 1751, pages 342–353. Springer-Verlag, 2000.Google Scholar
  13. 13.
    C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. In Proc. of Asiacrypt 2002, LNCS 2501, pages 548–566. Springer-Verlag, 2002.CrossRefGoogle Scholar
  14. 14.
    S. Micali. Efficient Certificate Revocation. Technical Report TM-542b, MIT Laboratory for Computer Science, 1996.Google Scholar
  15. 15.
    S. Micali. Novomodo: Scalable Certificate Validation and Simplified PKI Management. In Proc. of 1st Annual PKI Research Workshop, 2002, available at http://www.cs.dartmouth.edu/~pki02/.
  16. 16.
    M. Naor and K. Nissim. Certificate Revocation and Certificate Update. In Proc. of 7th Annual USENIX Security Symposium, 1998, available at http://www.wisdom.weizmann.ac.il/~kobbi/papers.html.
  17. 17.
    D. Naor, M. Naor, and J. Lotspiech. Revocation and Tracing Schemes for Stateless Receivers. In Proc. of Crypto 2001, LNCS 2139, pages 41–62. Springer-Verlag 2001.Google Scholar
  18. 18.
    A. Shamir. Identity-Based Cryptosystems and Signature Schemes. In Proc. of Crypto 1984, LNCS 196, pages 47–53. Springer-Verlag, 1985.Google Scholar

Copyright information

© International Association for Cryptologic Research 2003

Authors and Affiliations

  • Craig Gentry
    • 1
  1. 1.DoCoMo USA LabsUSA

Personalised recommendations