Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

3-2011

Abstract

In certificateless cryptography, a user secret key is derived from two partial secrets: one is the identity-based secret key (corresponding to the user identity) generated by a Key Generation Center (KGC), and the other is the user selfgenerated secret key (corresponding to a user self-generated and uncertified public key). Two types of adversaries are considered for certificateless cryptography: a Type-I adversary who can replace the user self-generated public key (in transmission or in a public directory), and a Type-II adversary who is an honest-but-curious KGC. In this paper, we present a formal study on certificateless key exchange (CLKE). We show that the conventional definition of TypeI and Type-II security may not be suitable for certificateless key exchange when considering the notion of forward secrecy which is important for key exchange protocols. We then present a new security model in which a single adversary (instead of Type-I and Type-II adversaries) is considered. We also construct a strongly secure certificateless key exchange protocol without expensive pairing operations. As far as we know, our proposed protocol is the first proven secure CLKE protocol without pairing.

Keywords

Certificateless Cryptography, Authenticated Key Exchange, Forward Secrecy

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

Proceedings of the 6th ACM Symposium on Information, Compuer and Communications Security, Hong Kong, China, 2011 March 22-24

First Page

71

Last Page

79

ISBN

9781450305648

Identifier

10.1145/1966913

Publisher

ACM

City or Country

Hong Kong, China

Additional URL

http://doi.org/10.1145/1966913

Download

Share

COinS