•
•
Computer Science
CSC 774 Advanced Network Security
Topic 2.6 ID Based Cryptography
Slides by An Liu
Basic Idea
• Use identity as the key for encryption and
signature verification.
– No key directory needed.
• Trusted key generation center (KGC)
– Give each user a smart card when user first joins
the network.
– Each user uses the secrete key in smart card for
decryption and signature verification.
– KGC can be closed after all cards are issued.
Computer Science
•
•1
•
•
Basic Idea (Cont’d)
Public Key Cryptosystem
Encryption
message
Deccryption
m
c
channel
c
m
ke
message
kd
kd
directory
ke
Key Generation
k
random seed
Identity-Based Cryptosystem
Encryption
message
Decryption
m
c
i
channel
c
m
ke
i
kd
i
kd
message
recipient’s identity
Key Generation
k
random seed
Computer Science
Basic Idea (Cont’d)
Public Key Signature Scheme
message
Signature
Generation
m
kg
m
s
i
channel
Signature
Verification
m
s
i
valid/
invalid
kv
kg
Key Generation
kv
directory
k
random seed
Identity-Based Signature Scheme
message
Signature
Generation
m
i
kg
i
kg
m
s
i
channel
m
s
i
Signature
Verification
i
valid/
invalid
kv
recipient’s identity
Key Generation
k
random seed
Computer Science
•
•2
•
•
Security
• The security of underlying cryptographic
functions.
• The secrecy at KGC.
• Identity check before issuing cards to users.
• The loss, duplication and unauthorized use of
cards.
Computer Science
Implementation of Signature Scheme
• KGC chooses three public parameters. The
factorization of n is only known by KGC.
– n=p·q, p and q are large primes
– e, which is relatively prime to φ(n)
– f, which is one way function
• The secrete key corresponding identity i is g
– ge = i (mod n)
– KGC can compute g easily. Why?
ed ≡ 1 (mod φ(n))
id = (ge)d (mod n) = g
Computer Science
•
•3
•
•
Signature Generation and Verification
•
Signature generation
1. Choose random number r
2. t = re (mod n)
3. s = g · r f(t,m) (mod n)
4. Signature is (t, s)
•
Signature verification
se = i · t f(t,m) (mod n)
se = ge · r e · f(t,m) (mod n)
Computer Science
Misc
• Multiplicative relationship between the
identities will introduce same relationship
between secret key.
– Expand identity to pseudo-random string
• r cannot be reused or revealed
Computer Science
•
•4