Abstract
We introduce the notion of certificate-based encryption. In this model, a certificate — or, more generally, a signature — acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali’s Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.
Chapter PDF
Similar content being viewed by others
Keywords
- Random Oracle Model
- Challenge Ciphertext
- Decryption Query
- Aggregate Signature Scheme
- Adaptive Choose Ciphertext Attack
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
W. Aiello, S. Lodha, and R. Ostrovsky. Fast Digital Identity Revocation. In Proc. of Crypto 1998, LNCS 1462, pages 137–152. Springer-Verlag, 1998.
J.H. An, Y. Dodis and T. Rabin. On the Security of Joint Signature and Encryption. In Proc. of Eurocrypt 2002, LNCS 2332, pages 83–107. Springer-Verlag, 2002.
P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott. Efficient Algorithms for Pairing-Based Cryptosystems. In Proc. of Crypto 2002, LNCS 2442, pages 354–368. Springer-Verlag, 2002.
M. Bellare and A. Palacio. Protecting against Key Exposure: Strongly Key-Insulated Encryption with Optimal Threshold. Available at http://eprint.iacr.org, 2002.
D. Boneh, X. Ding, G. Tsudik, M. Wong. A Method for Fast Revocation of Public Key Certificates and Security Capabilities. In Proc. of 10th Annual USENIX Security Symposium, 2001, available at http://crypto.stanford.edu/~dabo/pubs.html.
D. Boneh and M. Franklin. Identity-Based Encryption from the Weil pairing. In Proc. of Crypto 2001, LNCS 2139, pages 213–229. Springer-Verlag, 2001.
D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Proc. of Eurocrypt 2003 (to appear).
D. Boneh, B. Lynn, and H. Shacham. Short Signatures from the Weil Pairing. In Proc. of Asiacrypt 2001, LNCS 2248, pages 514–532. Springer-Verlag, 2001.
R. Canetti, S. Halevi, J. Katz. A Forward-Secure Public-Key Encryption Scheme. In Proc. of Eurocrypt 2003 (to appear).
Y. Dodis, J. Katz, S. Xu, and M. Yung. Key-Insulated Public Key Cryptosystems. In Proc. of Eurocrypt 2002, LNCS 2332, pages 65–82. Springer-Verlag, 2002.
E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Proc. of Crypto 1999, LNCS 1666, pages 537–554. Springer-Verlag, 1999.
I. Gassko, P. S. Gemmell, and P. MacKenzie. Efficient and Fresh Certification. In Proc. of Public Key Cryptography 2000, LNCS 1751, pages 342–353. Springer-Verlag, 2000.
C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. In Proc. of Asiacrypt 2002, LNCS 2501, pages 548–566. Springer-Verlag, 2002.
S. Micali. Efficient Certificate Revocation. Technical Report TM-542b, MIT Laboratory for Computer Science, 1996.
S. Micali. Novomodo: Scalable Certificate Validation and Simplified PKI Management. In Proc. of 1st Annual PKI Research Workshop, 2002, available at http://www.cs.dartmouth.edu/~pki02/.
M. Naor and K. Nissim. Certificate Revocation and Certificate Update. In Proc. of 7th Annual USENIX Security Symposium, 1998, available at http://www.wisdom.weizmann.ac.il/~kobbi/papers.html.
D. Naor, M. Naor, and J. Lotspiech. Revocation and Tracing Schemes for Stateless Receivers. In Proc. of Crypto 2001, LNCS 2139, pages 41–62. Springer-Verlag 2001.
A. Shamir. Identity-Based Cryptosystems and Signature Schemes. In Proc. of Crypto 1984, LNCS 196, pages 47–53. Springer-Verlag, 1985.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Gentry, C. (2003). Certificate-Based Encryption and the Certificate Revocation Problem. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_17
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive