Self-certified public keys
We introduce the notion, and give two examples, of self-certified public keys, i.e. public keys which need not be accompanied with a separate certificate to be authenticated by other users. The trick is that the public key is computed by both the authority and the user, so that the certificate is “embedded” in the public key itself, and therefore does not take the form of a separate value.
Self-certified public keys contribute to reduce the amount of storage and computations in public key schemes, while secret keys are still chosen by the user himself and remain unknown to the authority. This makes the difference with identity-based schemes, in which there are no more certificates at all, but at the cost that secret keys are computed (and therefore known to) the authority.
- [Be]T. Beth, “A Fiat-Shamir-like authentication protocol for the ElGamal scheme”, Advances in Cryptology, Proc. of EUROCRYPT’88, LNCS 330, Springer-Verlag, 1988, pp. 77–86.Google Scholar
- [CCI]“The Directory-Authentication Framework”, CCITT Recommendation X509.Google Scholar
- [El]T. El Gamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, Advances in Cryptology, Proc. of CRYPTO’84, LNCS 196, Springer-Verlag, 1985, pp.10–18.Google Scholar
- [FS]A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems”, Advances in Cryptology, Proc. of CRYPTO’86, LNCS 263, Springer-Verlag, 1987, pp. 186–194.Google Scholar
- [Gi]M. Girault, “An identity-based identification scheme based on discrete logarithms modulo a composite number”, Proc. of EUROCRYPT’90, LNCS 473, Springer-Verlag, 1991, pp.481–486.Google Scholar
- [GP]M. Girault and JC. Paillès, “An identity-based identification scheme providing zero-knowledge authentication and authenticated key exchange”, Proc. of ESORICS’90, pp.173–184.Google Scholar
- [GQ]L.C. Guillou and J.J. Quisquater, “A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory”, Advances in Cryptology, Proc. of EUROCRYPT’88, LNCS 330, Springer-Verlag, 1988, pp.123–128.Google Scholar
- [HK]P. Horster and H.J. Knobloch, “Discrete logarithm based protocols”, these Proceedings.Google Scholar
- [OO]T. Okamoto and K. Ohta, “How to utilize the randomness of zero-knowledge proofs”, Proc. of CRYPTO’90, to appear.Google Scholar
- [PG]J.C. Paillès and M. Girault, “CRIPT: A public-key based solution for secure data communications”, Proc. of SECURICOM’89, pp.171–185.Google Scholar
- [Ra]M.O Rabin, “Digitalized signatures and public-key functions as intractable as factorization”, MIT, Lab. for Computer Science, MIT/LCS/TR-212, Jan.1979.Google Scholar
- [Sh]A. Shamir, “Identity-based cryptosystems and signature schemes”, Advances in Cryptology, Proc. of CRYPTO’84, LNCS 196, Springer-Verlag, 1985, pp.47–53.Google Scholar
- [TO]K. Tanaka and E. Okamoto, “Key distribution system using ID-related information directory suitable for mail systems”, Proc. of SECURICOM’90, pp.115–122.Google Scholar