Improvement on Meshram et al.ʼs ID-based cryptographic mechanism
Introduction
Secure communication requires secure key distribution between users, and the design of effective session key distribution protocols is a hot topic in the field of cryptography [1]. The public key cryptosystem can effectively solve the session key distribution problem in an open network environment, but each user should authenticate the public key of the partner before using it. The public key infrastructure (PKI) is proposed to implement the authentication of the public key, but it leads to large management overheads.
The concept of the identity-based (ID-based) cryptosystem was introduced by Shamir in 1984. According to Shamirʼs idea, the public key of each user is just extracted from his public identity information, such as e-mail address, ID number [2]. Using each userʼs public identity as his public key can avoid the problem of authentication of the public key, and it enables users to establish the session key in the non-interactive form. However, Shamir only succeeded in constructing an identity-based signature scheme. Only when Boneh et al. [3] constructed ID-based encryption from the Weil pairing, did the ID-based cryptosystem become practical. However, the bilinear pair operations make the cryptosystems unsuitable to low-performance devices [4].
In 2012, Meshram et al. [5] proposed an ID-based cryptosystem under the security assumptions of the generalized discrete logarithm problem (GDLP) and the integer factorization problem (IFP) without adopting the bilinear pair. However, although their idea is excellent, Meshram et al.ʼs ID-based cryptosystem is incorrect. This scheme can achieve the security goal of protecting data and prevent the adversary from snooping the encrypted data or the userʼs private key, but, it also prevents the user from decrypting the ciphertext if the user does not own the key authentication center (KAC)ʼs private information which is designed to be secret to users. That is to say, without knowing a part of the private key of the key authentication center, the user, who receives a ciphertext sent to him, is unable to decrypt it only with his own private key. In a word, although Meshram et al.ʼs scheme is secure for protecting data and the userʼs private key, it has a deadlock problem.
So, in this paper, we shall firstly explain the deadlock problem existing in Meshram et al.ʼs scheme, and then we shall give a solution to it.
Section snippets
Review of Meshram et al.ʼs identity-based cryptosystem
To describe it briefly, Meshram et al.ʼs ID-based cryptosystem can be summarized as four related sub-algorithms, namely Setup, Extraction, Encryption and Decryption. The Setup algorithm is run by KAC to generate its public and private keys. On receiving the register application of a user, KAC shall run the Extraction algorithm to generate the private key of this user if the user is identified to be legal. If some user wants to securely send a message to another user, he can run the Encryption
Analyses on Meshram et al.ʼs cryptosystem
Meshram et al. did a good work, and proposed the above ID-based cryptosystem based on GDLP and IFP. Without adopting the bilinear pair operations, their cryptosystem must be more suitable to low-performance devices than the ones based on the bilinear pair. However, our analyses show that there is still weakness in their cryptosystem.
The weakness that we talk about is that entity 1, who receives a ciphertext sent to him, is unable to decrypt it as expected. Let us recall the Decryption algorithm
Improvement on Meshram et al.ʼs cryptosystem
Here, we shall make an improvement on Meshram et al.ʼs cryptosystem. The improved scheme can also be described as four related sub-algorithms, namely Setup, Extraction, Encryption and Decryption, which are shown as follows.
Setup The Setup algorithm is almost the same as that in Section 2, and the only difference is the computation of n-dimensional vector . In the proposed scheme, we set where ().
Extraction The Extraction algorithm is the same as that in Section 2.
Encryption Assume that
Discussions
The security of the proposed scheme is also based on the security assumptions of the GDLP and IFP problems. GDLP is the problem that it is difficult to compute the integer k from the value , while IFP is the problem that when p and q are the unknown large primes, it is difficult to decide the values of p and q by the value [5]. In the following, we shall analyze the security of the proposed scheme based on the GDLP and IFP security assumptions.
First, without knowing the private key of
Conclusion
In this paper, we analyze Meshram et al.ʼs ID-based cryptosystem and point out that there is still weakness in their scheme. Two intuitional methods are firstly presented to overcome the weakness, but they are not perfect. Then, another method is proposed and an improvement is made on Meshram et al.ʼs original scheme. The proposed scheme is secure based on hardness of GDLP and IFP. At the same time, our scheme is more efficient in encryption and decryption than Meshram et al.ʼs scheme. Meshram
Acknowledgements
This work is supported by the National Natural Science Foundation of China under Grant Nos. 61103178 and 60803151; the Research Fund for the Doctoral Program of Higher Education of China under Grant No. 20096102120045; Basic Science Research Fund in Xidian University under Grant No. K5051310006.
References (6)
- et al.
An ID-based cryptographic mechanisms based on GDLP and IFP
Information Processing Letters
(2012) - et al.
Improved multicast key management of Chinese wireless local area network security standard
IET Communications
(2012) Identity-based cryptosystem and signature scheme