I'm thinking to a particular scenario where I'm adopting the certificateless cryptography (the generic schema) where I have 2 trusted nodes, that we can identify as: $KGC_1$, $KGC_2$. Furthermore, I define two users, $A$ and $B$.
The first user $A$ owns (after the interaction with $KGC_1$) the $\langle SK_A^1, SK_A^2\rangle$ and the $\langle PK_A^1, PK_A^2\rangle$ which are secret and public key respectively. The second one $B$ owns (after the interaction with $KGC_2$) the $\langle SK_B^1, SK_B^2\rangle$ and the $\langle PK_B^1, PK_B^2\rangle$ which are secret and public key respectively.
In detail, each $KGC$ has its master key pair, so $KGC_1$ and $KGC_2$ own the following key pairs ($s_n$ is the Master Private Key, and $s_nG$ is the Master Public Key):
$KGC_1: \langle s_1, s_1G \rangle$
$KGC_2: \langle s_2, s_2G \rangle$
After that each node receives the partial key from the respective $KGC$, we suppose that them want to start a key-agreement procedure. Now, I have the following problem: the session key generated between the actors is different due the fact that the Master Private Key of each Authority is different ($s_1$ and $s_2$).
Are there any suggestions? My concern is avoid to share the Master Private Key among the authorities (the two $KGC$) and avoid the fact that if a $KGC$ is compromised, there isn't the risk to compromise the entire infrastructure.
