Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

Independent Delegation: Resolving Key Escrow Problem in HIBE and HIBS

Abstract: A HIBE scheme with independent delegation are free from Key Escrow Problem that is inherent in HIBE, given the root PKG is unconditionally trusted. We propose a new technique - Identifier Discrimination for composing private keys for entities in hierarchy. With the technique, we construct a HIBE scheme under Decisional Bilinear Diffie-Helleman (DBDH) assumption in standard model with independent delegation, in which the privilege of generating private keys for each individual entity is delegated by the root PKG to any of its ancestors through authorization, that we call Authorization Delegation. Moreover, basing on Naor transformation of an identity-based signature (IBS) out of an IBE, we build a new hierarchical IBS (HIBS) scheme from our HIBE scheme. Being unable to generate a private key for any of its descendants, an entity cannot sign messages on behalf of any of its descendants, which guarantees that authenticity and non-repudiation properties are achieved in HIBS setting.

Cryptanalysis and improvement of some certificateless signcryption schemes

Abstract: Certificateless cryptography eliminates the key escrow problem inherent in identity based cryptosystems, and simplifies the certificate management in the traditional public key cryptosystem, which has great superiority. Four certificateless signcryption schemes were analyzed, which shows there exist confidentiality attacks in two schemes and forgeability attacks in three schemes. The four schemes were improved by using the methods of binding receiver in signature part, binding sender in encryption part and including random number in signcryption part respectively. Finally, the improved schemes were proved in the random oracle model, and it shows the improved schemes are secure.

Capability of Certificateless Cryptography for Secure Data Sharing Over the Network

Abstract: The network is act as a medium for cloud computing provides the facility of data storage and access for cloud users, Network is widely used service model for storage. Outsourcing the data to a third party causes safety issue of sensitive data. The mediated certificateless encryption (mCL-PKE) scheme solves the key escrow problem and certificate revocation problem. mCL-PKE scheme does not utilize paring operations. Since most CL-PKC schemes are based on bilinear pairing and are computationally expensive. The security mediator acts as a policy enforcement point as well and supports instantaneous revocation of compromised or malicious users. It is more efficient than the pairing based scheme. By applying mCL-PKE scheme can construct a practical solution to the problem of sharing sensitive information in the public network. According to the access control, the data owner was encrypt a semantic encryption algorithm and uploads the encrypted data items and encrypted data encryption key in to the network, Upon successful authorization, the network partially decrypts the encrypted data for the users. The confidentiality of the content and the keys is preserved with respect to the network, because the network cannot fully decrypt the information.

Efficient HIBE with Constant Size Ciphertext and Authorized Delegation

Abstract: In this paper, a new technique - Identifier Discrimination is proposed for composing private keys in hierarchical identity based systems, With the technique, we construct a selective identity secure HIBE system under Decisional Bilinear Diffie-Hellman (DBDH) assumption in standard security model, where the ciphertext and the private key consist of constant number of group elements, and decryption requires only three bilinear map computations, regardless of the identity hierarchy depth. Moreover, different from previous HIBE constructions, key escrow problem inherent in identity based cryptosystems is resolved in our HIBE construction. An entity in hierarchy can be authorized by the root PKG to be capable of deriving private keys for its descendants. That we call Authorized Delegation.

Certificateless Proxy Re-Encryption Without Pairing: Revisited

Abstract: Proxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to eciently solve the problem of delegation of decryption rights In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same message for Bob without learning anything about the underlying message From its introduction, several proxy re-encryption schemes in the Public Key Infrastructure (PKI) and Identity (ID) based setting have been proposed In practice, systems in the public key infrastructure suer from the certicate management problem and those in identity based setting suer from the key escrow problem Certicateless Proxy Re-encryption schemes enjoy the advantages provided by ID-based constructions without suering from the key escrow problem In this work, we construct the rst unidirectional, single-hop CCA-secure certicateless proxy reencryption scheme without pairing by extending the PKI based construction of Chow et al proposed in 2010 We prove its security in the random oracle model under the Computational Die-Hellman (CDH) assumption Prior to this work, the only secure certicateless proxy re-encryption scheme is due to Guo et al proposed in 2013 using bilinear pairing They proved their construction is RCCA-secure under q-weak Decisional Bilinear Die-Hellman assumption The construction proposed in this work is more ecient than that system and its security relies on more standard assumptions We also show that the recently proposed construction of Yang et al is insecure with respect to the security model considered in this work