GB2416283A - Identifier Based Encryption system (IBE) in which a public key is generated using the identity of a trusted authority - Google Patents

Identifier Based Encryption system (IBE) in which a public key is generated using the identity of a trusted authority Download PDF

Info

Publication number
GB2416283A
GB2416283A GB0415776A GB0415776A GB2416283A GB 2416283 A GB2416283 A GB 2416283A GB 0415776 A GB0415776 A GB 0415776A GB 0415776 A GB0415776 A GB 0415776A GB 2416283 A GB2416283 A GB 2416283A
Authority
GB
United Kingdom
Prior art keywords
trusted authority
secret
identifier
party
identifier string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0415776A
Other versions
GB2416283B (en
GB0415776D0 (en
Inventor
Keith Alexander Harrison
Liqun Chen
John Malone-Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to GB0415776A priority Critical patent/GB2416283B/en
Publication of GB0415776D0 publication Critical patent/GB0415776D0/en
Publication of GB2416283A publication Critical patent/GB2416283A/en
Application granted granted Critical
Publication of GB2416283B publication Critical patent/GB2416283B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • H04L9/0802
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • H04L9/3223
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A trusted authority 63 is provided for identity-based cryptography. The trusted authority 63 has a secret x and derives first and second elements g, y. At least the second element is made public. The first element is calculated as a cryptographic hash of an identifier IDTA associated with the trusted authority (step 2). The second element is a combination of the first element and the secret x (step 4). The trusted authority 63 provides a private-key generation service to a third party 62 who is the recipient of an encrypted message J. A private keys h<zx> is calculated (steps 15 and 16) in dependence on the secret x and an identifier string (STR) associated with the third party. Preferably the invention is El-Gamal based. The invention may not be based on bilinear maps. A Bilinear map embodiment is disclosed in GB 2401763 and GB 2390515.

Description

24 1 6283 Trusted Authority for identifier-Based Cryptography The present
invention relates to a trusted authority for identifier-based cryptography. As used herein, the term "trusted authority" means an entity that is trustable to make available an identifier-based private key to a third party, or its proxy, only when satisfied that the third party is entitled to the key (in certain cases, the trusted authority may itself act as a proxy for the third party).
Identifier-Based Cryptography (IBC) is an emerging cryptographic schema for data encryption and signing data. Figure 1 of the accompanying drawings illustrates an Identifier-Based Encryption (IBE) system in which a data provider 10 encrypts payload data 13 using both an encryption key string 14, and public data 15 provided by a trusted authorityl2. This public data 15 is related to private data held by the trusted authority, for example, the public data is derived by the trusted authority 12 from private data 17 using a ore-way function 18.. The date provider to then provides the encryptedpayloaddata<l3> to a recipient 11 who decrypts it, or has it decrypted, using a decryption key computed by the trusted authority 12 in dependence on the encryption key string and its own private data.
A feature of identifier-based encryption is that because the decryption key is generated from the encryption key string, its generation can be postponed until needed for decryption.
Another feature of identifier-based encryption is that the encryption key string is cryptographically unconstrained and can be any kind of string, that is, any ordered series of bits whether derived from a character string, a serialized image bit map, a digitized sound signal, or any other data source. The string may be made up of more than one component and may be formed by data already subject to upstream processing. In order to avoid cryptographic attacks based on judicious selection of a key string to reveal information about the encryption process, as part ofthe encryption process the encryption key string is passed through a one-way function (typically some sort of hash function) thereby making it impossible to choose a cryptographically-prejudicial encryption key string. In applications where defence against such attacks is not important, it would be possible to omit this processing of the string.
Frequently, the encryption key string serves to "identify' the intended message recipient and the trusted authority is arranged to provide the decryption key only to this identified intended recipient. This has given rise to the use ofthe label "identifier-based" or "identity- based" generally for cryptographic methods of the type under discussion. However, depending on the application to which such a cryptographic method is put, the string may serve a different purpose to that of identifying the intended recipient and may be used to convey other information to the trusted authority or, indeed, may be an arbitrary string having no other purpose than to form the basis of the cryptographic processes.
Accordingly, the use of the term "identifier-based" or "IBE" herein in relation to cryptographic methods and systems is to be understood simply as implying that the methods and systems are based on the use of a cryptographically unconstrained string whether or not the string serves to identify the intended recipient. Gene' ally, in the present specification, the term "encryption key string" or "EKS" is used rather than "identity string" or "identifier string"; the term "encryption key string" is also used in the shortened form "encryption key" for reasons of brevity.
A number of IBE algorithms are known and Figure 2 indicates, for three such algorithms, the following features, namely: - the form ofthe encryption parameters 5 used, that is, the encryption key string and the public data of the trusted authority (TA); - the conversion process 6 applied to the encryption key string to prevent attacks based on judicious selection of this string; - the primary encryption computation 7 effected; - the form of the encrypted output 8.
The three prior art [BE algorithms to which Figure 2 relates are: Quadratic Residuosity (QR) method as described in the paper: C. Cocks, "An identity based encryption scheme based on quadratic residues", Proceedings of the 8 1MA International Conference on Cryptography and Coding LNCS 2260, pp 360- 363, Springer-Verlag, 2001. A brief description of this form of IBE is given hereinafter.
- Bilinear Mappings p using, for example, a modified Tate pairing or modified Weil pairing for which: p:GxGr G2 where G' and G2 denote two algebraic groups of large prime order l in which the discrete logarithm problem is believed to be hard. Go is a [l]-torsion subgroup of a larger algebraic group Go and satisfies [l]P = 0 for all P G' where O is the identity element, l is a large prime, and [*cofactor = number of elements in Go. G2 is a subgroup of a multiplicative group of a finite field. For the Tate pairing, an asymmetric mapping is also possible: p:G,xGo G2 Generally, the elements of the groups Go and G' are points on an elliptic curve (typically, though not necessarily, a supersingular curve); however, this is not necessarily the case. A description of this form of IBE method, using modified Weil pairings is given in the paper: D. Boneh, M. Franklin - "Identity-based Encryption from the Weil Pairing" in advances in Cryptology - CRYPTO 2001, LNCS 2139, pp. 213-229, Springer-Verlag, 2001.
- RSA-Based methods The RSA public key cryptographic method is well known and in its basic form is a two-party method in which a first party generates a public/private key pair and a second party uses the first party's public key to encrypt messages for sending to the first party, the latter then using its private key to decrypt the messages. A variant of the basic RSA method, known as "mediated RSA", requires the involvement of a security mediator in order for a message recipient to be able to decrypt an encrypted message, this being achieved by dividing the decryption key between the recipient and security mediator. An IBE method based on mediated RSA is described in the paper "Identity based encryption using mediated RSA", D. Boneh, X. Ding and G. Tsudik, 3rd Workshop on Information Security Application, Jeju Island, Korea, Aug. 2002. An RSA-based IB method that does not require dividing the decryption key is described in US patent 6,275,936; here, the decryption key is dynamically computed from the encryption key, the latter being a hash of the sender-chosen string.
An IB encryption method based on the ElGamal cryptosystem is described in our UK patent applicationNo.: GB 0413056.3 filed 11 June 2004. In the described embodiment of this IB method, the trusted authority carries out the decryption acting as a proxy for the intended recipient (in fact, this is also the case for the RSA method described in the above- referenced US patent).
In our published UK patent application GB 2,390,515A there are described IBC methods and apparatus using hierarchical arrangements of trusted authorities; these methods and apparatus are based on the bilinear mappings and typically employ points on elliptic curves. As is well known by persons skilled in the art, in lBC using bilinear mappings and points on an elliptic curve, the encryption key string is converted into a point by a "mapToPoint" hash function (as depicted in Figure 2 of the present application). For various reasons explained in our published application GB 2,390,515A, there is a need in l 5 the embodiments there described for the master public points of the non-root trusted authorities to be provably un-related. Since the mapToPoint hash provides a convenient way of achieving this when applied to non-identical strings, the required unrelated points are generated by applying the mapToPoint hash to the respective identity strings of the non-root trusted authorities. Furthermore, it was noted in passing that the master public point of the root trusted authority could also be generated in the same way (this being a convenience as it meant that all trusted authorities derived their points in the same way).
It has now been found that there are good reasons for generating public key elements of trusted authorities of other forms of IBC from strings by means of hash functions, notwithstanding that such functions may only tee usable for such purposes and not possess the general usability of the mapToPoint hash in IBC based on bilinear mappings.
According to a first aspect of the present invention, there is provided an identifier-based cryptographic method, comprising a trusted authority, with a secret and an associated identifier string, carding out operations of: deriving a first element from said identifier string using a one-way mapping function; deriving a second element using the secret and the first element; s making at least the second element publicly available; and providing a private-key generation service comprising generating a private key for a third party in dependence on said secret s and on an identifier string associated with that third party; the method being otherwise than one based on bilinear maps.
The present invention also encompasses apparatus and computer program products.
Embodiments of the invention will now be described, by way of nonlimiting example, with reference to the accompanying diagrammatic drawings, in which: Figure 1 is a diagram illustrating the operation of a prior art encryption schema known as Identifier-Based Encryption (IBE); Figure 2 is a diagram illustrating how certain IBE operations are implemented by
three different prior art IBE methods; and
Figure 3 is a diagram of an embodiment of the invention involving ElGamalbased IB cryptography.
The Figure 3 embodiment is an ElGamal identifier-based encryption system and involves three parties, namely a message sender A acting through computing entity 61, a message receiver B acting through computing entity 62, and a trusted authority TA acting through computing entity 62. The computing entities 61, 62 and 63 are typically based around programcontrolled processors though some or all of the cryptographic fimctions may be implemented in dedicated hardware. Furthermore, the entities 61, 62 and 63 inter communicate, for example, via the internet or other computer network though it is also possible that two or all three entities actuallyreside on the same computing platform or that a portable storage medium is used for data transfer between the entities. For convenience, the following description is given in terms ofthe parties A, B and TA, it being understood that these parties act through their respective computing entities.
In general trims, the TA has a private key x and public keys g, p and y where y=gx mod p and g is derived from an identifier IDTA by use of a hash function H4. The TA is arranged to decrypt for B a message encrypted by the sender A. The encryption process effected by the sender A involves the use of a sender-chosen "identifier" string (typically, though not necessarily, identifying the intended recipient B). The string is provided to the trusted party TA and is a required component of the decryption process whereby any change in the string will result in a failure to correctly decrypt the message. The detailed steps of the Figure 3 method are set out below.
Initial Set Up Phase 1. TA chooses random prime p. 2. TA generates g as H4(IDTA) where g is in the range 2 to (p-1).
3. TA chooses a secret x.
4. TA computes y= gx mod p. 5. TA publishes (g, p, y) and keeps x secret.
Message Transfer Phase Message Encryption by Sender A 6. A chooses an identifier string STR.
7. A computes z = Hs(STR) where H5 is a hash fimction (for example, SHA-1) .
8. A computes y' = yZ mod p 9. A chooses a secret r.
10. A computes h = gr mod p 11. A computes J = (y'r)*m mod p 12. A sends (STR, h, J) to B and destroys r.
(Steps 8 and 11 can be merged to have A compute J as: (yZ r)*m mod p) Message Decryption for Recipient B by Trusted Authority TA 13. B forwards (STR, h, J) to TA.
14. TA checks that B meets the conditions set out in STR.
14. TA computes z = Hs(STR).
15. TA computes J/ h (Z a) mod p to recover the message m.
16. TA returns message m to B. 17. B receives recovered message m.
The transmissions are preferably integrity protected in any suitable manner. A potential drawback of the Figure 3 embodiment is that the TA can read the messages m. In order to prevent this, B can blind the encrypted message before sending it to TA for decryption, B subsequently un-blinding the decrypted, but still blinded, message returned by the TA to recover the message m.
As noted above, the public key element g is formed from an identifier string IDTA of the trusted authority using the hash function H4(). This identifier string can be chosen at random or, preferably, as any meaningful information ofthe trusted authority (for example, a contact address such as the URL of a website of the trusted authority) together with a definition of the identifier string (e.g. encryption key string) formats that it accepts from users for private key generation. Providing such meaningful information in the string from which g can be generated by any party gives a convenient way of distributing such information. Other advantages also arise from having the trusted authority generate the element g from a string, including that since the trusted authority cannot control the outcome of the H40 hash function, it is not possible for the trusted authority to maliciously choose g for cryptographic (dis) advantage.
It will be appreciated by persons skilled in the art that H4 should be such that: g9 = 1 mod p where q is a large prime that divides (p-l). A suitable implementation of H4() is of the form: H4(IDTA) = ( #(IOTA) ) where # is a hash function such as SHA- 1 and #(IOTA) is converted to integer form for raising to the power (p-l)/q.
It will be appreciated by persons skilled in the art that in the same way it is possible for the trusted authorities of other IBC cryptosystems to derive public key elements from their respective identifiers. The applicability or otherwise ofthis approach to anyparticular IBC cryptosystem will be readily apparent to a skilled person on inspection having regard to what randomly-chosen key elements, if any, of the trusted authority can be made public.
It will be understood that in the foregoing, reference to an element being public simply means that it is made available to all parties that are authorised to participate in the cryptographic scheme concemed.

Claims (11)

1. An identifier-based cryptographic method, comprising a trusted authority, with a secret and an associated identifier string, carrying out operations of: deriving a first element from said identifier string using a one-way mapping function; deriving a second element using the secret and the first element; making at least the second element publicly available; and providing a private-key generation service comprising generating a private key for a third party in dependence on said secret- and on an identifier string associated with that third party; the method being otherwise than one based on bilinear maps.
2. A method according to claim 1, wherein the method is based on the ElGamal cryptosystem with the second element being of the form: gx mod p where g is the first element, x is said secret, and p is a random prime.
3. A method according to claim 2, wherein said mapping function is ofthe form: ( #(IDEA) ) where: # is a hash function, IDrA is the identifier string of the trusted authority, and q is a prime that divides (p-l); the result of #(1DJA) being converted to integer form for raising to the power (p-1)/q.
4. A method according to claim 1, wherein the identifier string associated with the trusted authority comprises a contact address for the trusted authority.
5. A method according to claim 1, wherein the identifier string associated with the trusted authority comprises data specifying a format to be used for the third-party identifier strings.
6. Apparatus for use as a trusted authority in respect of identifierbased cryptographic methods otherwise than ones based on bilinear maps, the apparatus comprising: a store for holding a secret; a first derivation arrangement for deriving a first element from an identifier string ofthe trusted authority using a one-way mapping function; a second derivation arrangement for deriving a second element using the secret and the first element; a distribution arrangement for making at least the second element publicly available; and a private-key generation arrangement for generating a private key for a third party in dependence on said secret and on an identifier string associated with that third party.
7. Apparatus according to claim 6 for use as a trusted authority in an ElGamal-based cryptosystem, the second derivation arrangement being arranged to derive the second element as: gx mod p where g is the first element, x is said secret, and p is a random prime.
8. Apparatus according to claim 7, wherein said mapping function is of the form: ( #(IOTA) ) where: # is a hash function, IDTA iS the identifier string of the trusted authority, and q is a prime that divides (p-1); the result of #(1DTA) being converted to integer form for raising to the power (p-l)/q.
9. Apparatus according to claim 6, wherein the identifier string of the trusted authority comprises a contact address for the trusted authority.
10. Apparatus according to claim 6, wherein the identifier string ofthe trusted authority comprises data specifying a format to be used for the third-party identifier strings.
11. A computer program product for conditioning programmable apparatus to provide a trusted authority apparatus according to any one of claims 6 to 10.
GB0415776A 2004-07-15 2004-07-15 Trusted authority for identifier-based cryptography Expired - Fee Related GB2416283B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0415776A GB2416283B (en) 2004-07-15 2004-07-15 Trusted authority for identifier-based cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0415776A GB2416283B (en) 2004-07-15 2004-07-15 Trusted authority for identifier-based cryptography

Publications (3)

Publication Number Publication Date
GB0415776D0 GB0415776D0 (en) 2004-08-18
GB2416283A true GB2416283A (en) 2006-01-18
GB2416283B GB2416283B (en) 2007-03-07

Family

ID=32893573

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0415776A Expired - Fee Related GB2416283B (en) 2004-07-15 2004-07-15 Trusted authority for identifier-based cryptography

Country Status (1)

Country Link
GB (1) GB2416283B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836657A (en) * 2015-05-27 2015-08-12 华中科技大学 Identity anonymity-based broadcast encryption method having efficient decryption characteristic

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG10201606165SA (en) * 2016-07-26 2018-02-27 Huawei Int Pte Ltd A key generation and distribution method based on identity-based cryptography

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2384406A (en) * 2002-01-21 2003-07-23 Hyun Ku Yeun Three party cryptosystem having pairs of private keys
GB2390515A (en) * 2002-07-05 2004-01-07 Hewlett Packard Development Co Verifying An Association Between Two Parties
GB2395872A (en) * 2002-09-17 2004-06-02 Hewlett Packard Development Co Implementing a policy controlling data output/printing using identifier based encryption
GB2401763A (en) * 2002-07-05 2004-11-17 Hewlett Packard Development Co Trusted Authority for Identifier-Based Cryptography

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2384406A (en) * 2002-01-21 2003-07-23 Hyun Ku Yeun Three party cryptosystem having pairs of private keys
GB2390515A (en) * 2002-07-05 2004-01-07 Hewlett Packard Development Co Verifying An Association Between Two Parties
GB2401763A (en) * 2002-07-05 2004-11-17 Hewlett Packard Development Co Trusted Authority for Identifier-Based Cryptography
GB2395872A (en) * 2002-09-17 2004-06-02 Hewlett Packard Development Co Implementing a policy controlling data output/printing using identifier based encryption

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836657A (en) * 2015-05-27 2015-08-12 华中科技大学 Identity anonymity-based broadcast encryption method having efficient decryption characteristic
CN104836657B (en) * 2015-05-27 2018-01-26 华中科技大学 A kind of identity-based anonymity broadcast encryption method with efficient decryption features

Also Published As

Publication number Publication date
GB2416283B (en) 2007-03-07
GB0415776D0 (en) 2004-08-18

Similar Documents

Publication Publication Date Title
US8589679B2 (en) Identifier-based signcryption with two trusted authorities
EP1379024B1 (en) Method and apparatus for generating a cryptographic key
EP1471680B1 (en) Identifier-Based Encryption method and apparatus
EP1378821B1 (en) Authentication method and apparatus using pairing functions for the elliptic curves based cryptosystems
US7246379B2 (en) Method and system for validating software code
US7986778B2 (en) Cryptographic method and apparatus
US8510789B2 (en) Data output method, system and apparatus
US20040139029A1 (en) Apparatus and method for generating and verifying ID-based blind signature by using bilinear parings
GB2401014A (en) Identifier based encryption method using an encrypted condition and a trusted party
US20040240666A1 (en) Directoryless public key cryptographic system and method
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
US20050089173A1 (en) Trusted authority for identifier-based cryptography
US7305093B2 (en) Method and apparatus for securely transferring data
US7382877B2 (en) RSA cryptographic method and system
Jeng et al. An ECC-based blind signature scheme
US20050135610A1 (en) Identifier-based signcryption
US20050021973A1 (en) Cryptographic method and apparatus
Owens et al. An identity based encryption system
Ch et al. Identity-based cryptosystem based on tate pairing
Elkamchouchi et al. A new proxy identity-based signcryption scheme for partial delegation of signing rights
GB2416283A (en) Identifier Based Encryption system (IBE) in which a public key is generated using the identity of a trusted authority
US7801302B2 (en) Cryptographic method and apparatus
Omondi et al. Elliptic-Curve Cryptosystems
Krishna A randomized cloud library security environment
Sahu et al. Encryption & Decryption of Text Data with RSA cryptography using MATLAB

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20140715