• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.3
• /
• pp.168-175
• /
• 2013

Key escrow is a default property that is inherent in identity-based cryptography, where a curious private key generator (PKG) can derive a secret value shared by communicating entities in its domain. Therefore, a dishonest PKG can encrypt and decrypt ciphers or can carry out any attack on the communicating parties. Of course, the escrow property is not completely unwanted but is acceptable in other particular applications. On the other hand, in more civil applications, this key escrow property is undesirable and needs to be removed to provide maximum communication privacy. Therefore, this paper presents an escrow-free identity-based key agreement protocol that is also applicable even in a distinct PKG condition that does not use pairings. The proposed protocol has comparable computational and communicational performance to many other protocols with similar security attributes, of which their security is based on costly bilinear pairings. The protocol's notion was inspired by McCullagh et al. and Chen-Kudla, in regard to escrow-free and multi-PKG key agreement ideas. In particular, the scheme captures perfect forward secrecy and key compromise impersonation resilience, which were lacking in McCullagh et al.'s study, as well as all other desirable security attributes, such as known key secrecy, unknown key-share resilience and no-key control. The merit in the proposed protocol is the achievement of all required security requirements with a relatively lower computational overhead than many other protocols because it precludes pairings.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1687-1707
• /
• 2022

With the development of multiuser online meetings, more group-oriented technologies and applications for instance collaborative work are becoming increasingly important. Authenticated Group Key Agreement (AGKA) schemes provide a shared group key for users with after their identities are confirmed to guarantee the confidentiality and integrity of group communications. On the basis of the Public Key Cryptography (PKC) system used, AGKA can be classified as Public Key Infrastructure-based, Identity-based, and Certificateless. Because the latter type can solve the certificate management overhead and the key escrow problems of the first two types, Certificateless-AGKA (CL-AGKA) protocols have become a popular area of research. However, most CL-AGKA protocols are vulnerable to Public Key Replacement Attacks (PKRA) due to the lack of public key authentication. In the present work, we present a CL-AGKA scheme that can resist PKRA in order to solve impersonation attacks caused by those attacks. Beyond security, improving scheme efficiency is another direction for AGKA research. To reduce the communication and computation cost, we present a scheme with only one round of information interaction and construct a CL-AGKA scheme replacing the bilinear pairing with elliptic curve cryptography. Therefore, our scheme has good applicability to communication environments with limited bandwidth and computing capabilities.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.12
• /
• pp.2271-2279
• /
• 2007

In this paper, we introduce the notion of certificate-based encryption in multi-receiver environment, which avoids the inherent key escrow problem while preserving the implicit certification in identity-based encryption. We also construct a highly efficient certificate-based encryption scheme for multi-receiver environment, which eliminates pairing computation to encrypt a message for multiple receivers. Moreover, the proposed scheme only needs one pairing computation for decrypting the ciphertext. We compare our scheme with the most efficient identity-based encryption scheme for multi-receiver environment proposed by Baek et.al.[1] in terms of the computational point of view, and show that our scheme provides better efficiency than Baek's scheme. Finally, we discuss how to properly transform our scheme into a new public key broadcast encryption scheme based on subset-cover framework.