Content deleted Content added
Citation bot (talk | contribs) Altered pages. Formatted dashes. | Use this bot. Report bugs. | #UCB_CommandLine |
Citation bot (talk | contribs) Removed URL that duplicated identifier. Removed access-date with no URL. Removed parameters. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 277/990 |
||
| (One intermediate revision by one other user not shown) | |||
Line 1:
'''Identity-based cryptography''' is a type of [[public-key cryptography]] in which a publicly known string representing an individual or organization is used as a [[public key]]. The public string could include an email address, ___domain name, or a physical IP address.
[[File:TexasDMV_Message_example.jpg|thumb|Depiction of message from txdmv for unable to verify identity]]
The first implementation of identity-based signatures and an email-address based [[public-key infrastructure]] ('''PKI''') was developed by [[Adi Shamir]] in 1984,<ref>{{cite conference |url=https://link.springer.com/content/pdf/10.1007/3-540-39568-7_5.pdf |url-status=live |title=Identity-Based Cryptosystems and Signature Schemes |first=Adi |last=Shamir |author-link=Adi Shamir |year=1985 |conference=Lecture Notes in Computer Science |editor1-last=Blakley |editor1-first=George Robert |editor2-last=Chaum |editor2-first=David |editor-link1=George Blakley |editor-link2=David Chaum |volume=196 |edition=1 |book-title=Advances in Cryptology Proceedings of CRYPTO '84 |publisher=Springer Berlin Heidelberg |archive-url=https://web.archive.org/web/20180726050556/https://link.springer.com/content/pdf/10.1007/3-540-39568-7_5.pdf |archive-date=26 July 2018 |pages=47–53 |isbn=978-3-540-39568-3 |doi=10.1007/3-540-39568-7_5 |doi-access=free |access-date=30 October 2024 |language=en }}</ref> which allowed users to verify [[digital signatures]] using only public information such as the user's identifier. Under Shamir's scheme, a trusted third party would deliver the private key to the user after verification of the user's identity, with verification essentially the same as that required for issuing a [[public-key certificate|certificate]] in a typical PKI.
Line 49:
==Limitation==
Identity-based systems have a characteristic problem in operation. Suppose Alice and Bob are users of such a system. Since the information needed to find Alice's public key is completely determined by Alice's ID and the master public key, it is not possible to revoke Alice's credentials and issue new credentials without either (a) changing Alice's ID (usually a phone number or an email address which will appear in a corporate directory); or (b) changing the master public key and re-issuing private keys to all users, including Bob.<ref name=green1>{{Cite book
This limitation may be overcome by including a time component (e.g. the current month) in the identity.{{r|green1}}
| |||