Identity-based cryptography: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:26, 21 February 2023 edit Guekpat (talk \| contribs) Extended confirmed users 750 edits mNo edit summary Tag: Visual edit ← Previous edit		Latest revision as of 12:42, 26 August 2025 edit undo Citation bot (talk \| contribs) Bots 5,862,772 edits Removed URL that duplicated identifier. Removed access-date with no URL. Removed parameters. \| Use this bot. Report bugs. \| Suggested by Headbomb \| Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox \| #UCB_webform_linked 277/990
(14 intermediate revisions by 8 users not shown)
Line 1: '''Identity-based cryptography''' is a type of [[public-key cryptography]] in which a publicly known string representing an individual or organization is used as a [[public key]]. The public string could include an email address, ___domain name, or a physical IP address. [[File:TexasDMV_Message_example.jpg\|thumb\|Depiction of message from txdmv for unable to verify identity]] The first implementation of identity-based signatures and an email-address based [[public-key infrastructure]] ('''PKI''') was developed by [[Adi Shamir]] in 1984,<ref>~~Adi~~{{cite ~~Shamir,~~conference ~~[http~~\|url=https://~~www~~link.~~iseca~~springer.~~org~~com/~~modules~~content/~~mydownloads~~pdf/~~visit~~10.~~php?cid~~1007/3-540-39568-7_5.pdf \|url-status=~~56&lid=33~~live \|title=Identity-Based Cryptosystems and Signature Schemes] ~~{{Webarchive~~\|first=Adi \|last=Shamir \|author-link=Adi Shamir \|year=1985 \|conference=Lecture Notes in Computer Science \|editor1-last=Blakley \|editor1-first=George Robert \|editor2-last=Chaum \|editor2-first=David \|editor-link1=George Blakley \|editor-link2=David Chaum \|volume=196 \|edition=1 \|book-title=Advances in Cryptology Proceedings of CRYPTO '84 \|publisher=Springer Berlin Heidelberg \|archive-url=https://web.archive.org/web/~~20200812185833~~20180726050556/~~http~~https://~~www~~link.~~iseca~~springer.~~org~~com/~~modules~~content/~~mydownloads~~pdf/~~visit~~10.~~php?cid~~1007/3-540-39568-7_5.pdf \|archive-date=~~56&lid~~26 July 2018 \|pages=3347–53 \|~~date~~isbn=~~2020~~978-083-12540-39568-3 }}\|doi=10.1007/3-540-39568-7_5 ~~''Advances~~\|doi-access=free in\|access-date=30 ~~Cryptology:~~October ~~Proceedings~~2024 of\|language=en ~~CRYPTO 84, Lecture Notes in Computer Science'', 7:47--53, 1984~~}}</ref> which allowed users to verify [[digital signatures]] using only public information such as the user's identifier. Under Shamir's scheme, a trusted third party would deliver the private key to the user after verification of the user's identity, with verification essentially the same as that required for issuing a [[public-key certificate\|certificate]] in a typical PKI. Shamir similarly proposed [[identity-based encryption]], which appeared particularly attractive since there was no need to acquire an identity's public key prior to encryption. However, he was unable to come up with a concrete solution, and identity-based encryption remained an open problem for many years. The first practical implementations were finally devised by Sakai in 2000,<ref> Line 19: \| series = Lecture Notes in Computer Science \| publisher = Springer \| book-title = Advances in Cryptology —– CRYPTO 2001 \| year=2001 \| volume = 2139/2001 \| pages = 213–229 Line 28: \|first = Cliff \|title = Cryptography and Coding \|chapter = An Identity Based Encryption Scheme Based on Quadratic Residues \|~~journal~~ series = Lecture Notes in Computer Science \|year = 2001 \|volume = 2260/2001 ~~\|series = Institute of Mathematics and Its Applications International Conference on Cryptography and Coding – Proceedings of IMA 2001~~ \|pages = 360–363 \|~~chapter-~~url = http://www.cesg.gov.uk/site/ast/idpkc/media/ciren.pdf \|publisher = Springer \|doi = 10.1007/3-540-45325-3_32 Line 44 ⟶ 43: }}</ref><ref>{{cite web\|archive-url=https://web.archive.org/web/20150627063023/http://www.bristol.ac.uk/pace/graduation/honorary-degrees/hondeg08/cocks.html\|archive-date=2015-06-27\|url=http://www.bristol.ac.uk/pace/graduation/honorary-degrees/hondeg08/cocks.html\|publisher=University of Bristol\|title=Dr Clifford Cocks CB, Honorary Doctor of Science}}</ref> Closely related to various identity-based encryption schemes are identity based key agreement schemes. One of the first identity based key agreement algorithms was published in 1986, just two years after Shamir's identity based signature. The author was E. Okamoto.<ref>{{Cite journal\|last=Okamoto\|first=E.\|date=1986\|title=Proposal for identity-based key distribution systems\|journal=Electronics Letters\|volume=22\|issue=24\|pages=1283–1284\|doi=10.1049/el:19860880\|bibcode=1986ElL....22.1283O\|issn=0013-5194}}</ref> Identity ~~Based~~based key agreement schemes also allow for "escrow free" identity based cryptography. A notable example of such an escrow free identity based key agreement is the McCullagh-Barreto's "Authenticated Key Agreement without Escrow" found in section 4 of their 2004 paper, "A New Two-Party Identity-Based Authenticated Key Agreement.".<ref>{{Cite ~~journal~~conference\|last1=McCullagh\|first1=Noel\|last2=Barreto\|first2=Paulo S. L. M.\|date=2004\|title=A New Two-Party Identity-Based Authenticated Key Agreement\|url=https://eprint.iacr.org/2004/122\|conference=Lecture Notes in Computer Science\|book-title=Topics in Cryptology – CT-RSA 2005\|volume=3376}}</ref> A variant of this escrow free key exchange is standardized as the identity based key agreement in the Chinese identity based standard [[SM9 (cryptography standard)\|SM9]]. ==Usage== Line 50 ⟶ 49: ==Limitation== Identity-based systems have a characteristic problem in operation. Suppose Alice and Bob are users of such a system. Since the information needed to find Alice's public key is completely determined by Alice's ID and the master public key, it is not possible to revoke Alice's credentials and issue new credentials without either (a) changing Alice's ID (usually a phone number or an email address which will appear in a corporate directory); or (b) changing the master public key and re-issuing private keys to all users, including Bob.<ref name=green1>{{Cite ~~journal \|title=Forward Secure Asynchronous Messaging from Puncturable Encryption \|archive-url=https://archive.ph/20210608113615/https://ieeexplore.ieee.org/document/7163033~~book \|doi=10.1109/SP.2015.26 ~~\|archive-date=8 June 2021~~ \|publication-date=20 July 2015 \|date=17 May 2015 ~~\|url=https://ieeexplore.ieee.org/document/7163033~~ \|publisher=ACM \|last1=Green \|first1=Matthew \|last2=Miers \|first2=Ian \|~~journal~~title=~~SP '15: Proceedings of the~~ 2015 IEEE Symposium on Security and Privacy \|chapter=Forward Secure Asynchronous Messaging from Puncturable Encryption \|pages=305–320 \|isbn=978-1-4673-6949-7 \|s2cid=9171925 ~~\|access-date=8 June 2021 \|url-status=live~~ }}</ref> This limitation may be overcome by including a time component (e.g. the current month) in the identity.{{r\|green1}} ==See also== * [[IDIdentity-based encryption]] * [[Identity-based conditional proxy re-encryption]] * [[SM9 (cryptography standard)\|SM9 - Chinese National Identity Based Cryptography Standard]]