Document Type

Conference Paper


In Eurocrypt 2003, Gentry introduced the notion ofcertificate-based encryption. The merit of certificate-based encryptionlies in the following features: (1) providing more efficient public-key infrastructure(PKI) that requires less infrastructure, (2) solving the certificaterevocation problem, and (3) eliminating third-party queries in thetraditional PKI. In addition, it also solves the inherent key escrow problemin the identity-based cryptography. In this paper, we first introducea new attack called the Key Replacement Attack in the certificatebasedsystem and refine the security model of certificate-based signature.We show that the certificate-based signature scheme presented by Kang,Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks.We then propose a new certificate-based signature scheme, whichis shown to be existentially unforgeable against adaptive chosen messageattacks under the computational Diffie-Hellman assumption in the randomoracle model. Compared with the certificate-based signature schemein CT-RSA 2004, our scheme enjoys shorter signature length and less operationcost, and hence, our scheme outperforms the existing schemes inthe literature