Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [certificateless-crypto]

Certificateless cryptography is a variant of ID-based cryptography intended to prevent the key escrow problem. Only a partial private key is generated by the key generation center (KGC) and the other part of the private key is chosen by and only known to the user. An additional public key is generated by the user, which, however does not need to be certified by any trusted party.

Certificateless cryptography is a variant of ID-based cryptography intended to prevent the key escrow problem. Ordinarily, keys are generated by a certificate authority or a key generation center (KGC) who is given complete power and is implicitly trusted. To prevent a complete breakdown of the system in the case of a compromised KGC, the key generation process is split between the KGC and the user. The KGC first generates a key pair, where the private key is now the partial private key of the system. The remainder of the key is a random value generated by the user, and is never revealed to anyone, not even the KGC. All cryptographic operations by the user are performed by using a complete private key which involves both the KGC's partial key, and the user's random secret value.

20 questions
4
votes
1 answer

Certificateless public key cryptography

In the Wikipedia article on Certificateless Public Key Cryptography https://en.wikipedia.org/wiki/Certificateless_cryptography, it states, "For tight security, a certificateless system has to prove its security against two types of adversaries. Type…
Rabindra Moirangthem
  • 99
  • 8
3
votes
2 answers

Certificateless cryptography

While reading "Certificateless Public Key Cryptography" by Author Sattam S. Al-Riyami and Kenneth G. Paterson, they have considered generation of private keys by a Key Generation Center (KGC). If the KGC gets compromised it will break security, so…
Ravi
  • 215
  • 4
  • 9
2
votes
0 answers

How are security proofs performed for Certificateless PEKS schemes?

I have been studying several CLPEKS (CertificateLess Public-key Encryption scheme with Keyword Search) schemes and I understand the security assumptions and the several types of security models used for the security game between the Challenger and…
Venkat Chenam
  • 21
  • 1
2
votes
0 answers

Multi-Authority (KGC) Certificateless Cryptography

I'm thinking to a particular scenario where I'm adopting the certificateless cryptography (the generic schema) where I have 2 trusted nodes, that we can identify as: $KGC_1$, $KGC_2$. Furthermore, I define two users, $A$ and $B$. The first user $A$…
CipherX
  • 381
  • 3
  • 12
2
votes
2 answers

Understanding Hash function notations

I am implementing a Certificateless Cryptography Algorithm by referencing the paper An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds. In this paper on page no. 4 during setup phase they have mentioned to choose hash…
Vighanesh Gursale
  • 31
  • 4
1
vote
1 answer

How does one associate the actual identity of a person or organization with a decentralized ID?

In SSI (Self-Sovereign Identity), anyone can generate their own DID (Decentralized ID). No authority or authorization is needed to create one. Since a public key pair is associated with DID, the person can prove the ownership by using the private…
Sangjin Kim
  • 161
  • 2
1
vote
0 answers

Certificateless Key Agreement

I'm studying Certificateless Cryptography and specifically I'm studying a scheme without pairings. I read a lot of time this paper (https://www.sciencedirect.com/science/article/pii/S0898122112002490) but I am concerned about some issues in the…
CipherX
  • 381
  • 3
  • 12
1
vote
2 answers

Discrete Logarithm Problem or just integer exponentiation problem?

In reading the following paper, https://ai2-s2-pdfs.s3.amazonaws.com/35eb/afbaab34223bca50a7be2f5915fddf918fc7.pdf Generate two primes $p$ and $q$ such that $q|p-1$. Pick a generator $g$ of $Z_p^{*}$. $g$ is declared as public. $c_1=g^r$ where $r…
myat
  • 353
  • 1
  • 9
1
vote
1 answer

Computational Assumption For the extended discrete logarithm

Choose randomly $P\in G_1, (s,a \in Z_q)$. let the attackers know $a,P$ and keep $s$ as secret. Also the following is given. $$sP,(a+s)^{-1}P$$ Individually, From $sP$, trying to reveal ($s$) will be discrete logarithm problem. However, I don't…
myat
  • 353
  • 1
  • 9
1
vote
1 answer

Certificateless cryptography Implementation

Hello guys I am trying to implement Certificateless Cryptography algorithm with reference to this base paper. Right now I am trying to implement the code in java. There are some points specified in PDF which I didn't understood. I need some help to…
Vighanesh Gursale
  • 31
  • 4
1
vote
0 answers

How can user privacy be preserved in certificateless cryptography?

In certificateless cryptography, how can a user preserve his privacy from Key Generation Center? If the KGC becomes malicious, how can the user's privacy be preserved? I read "Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption,…
Ravi
  • 215
  • 4
  • 9
1
vote
1 answer

Can you explain partial private key extract algorithm in certificateless Public key cryptography?

Related to the algorithms of certificate-less Signature approach of Al-Riyami and Paterson… Why is there a need for a "partial private key extract algorithm"? Why should it be needed when calculating "user's private keys by user"? Is "partial…
Ravi
  • 215
  • 4
  • 9
1
vote
0 answers

secure channel for sending partial private keys!

In certificateless cryptography, the KGC must ensure that the partial private keys are delivered securely to the correct entities. So my question is how KGC can send these keys secretly? In the other words, what is the mechanism for this secure…
ali alizade
  • 31
  • 1
1
vote
0 answers

Is aggregator consider trustworthy in a CLAS scheme

In certificateless aggregate signature (CLAS) scheme, is an aggregator consider trustworthy? Can they act as an adversary, where they can alter the messages from the users and create a new valid aggregate signature?
Rabindra Moirangthem
  • 99
  • 8
1
vote
0 answers

Can an aggregator be a type 1 adversary?

In a certificateless aggregate signature scheme, can a signature aggregator be a type 1 adversary (external attacker who can have access to secret value of a user)? I thought signature aggregator is always assumed to be trustworthy in a…
Rabindra Moirangthem
  • 99
  • 8
1
2