Document Type

Journal Article

Publication Details

Yang, G. & Tan, C. (2011). Certificateless public key encryption: a new generic construction and two pairing-free schemes. Theoretical Computer Science, 412 (8-10), 662-674.


The certificateless encryption (CLE) scheme proposed by Baek, Safavi-Naini and Susilois computation-friendly since it does not require any pairing operation. Unfortunately,an error was later discovered in their security proof and so far the provable securityof the scheme remains unknown. Recently, Fiore, Gennaro and Smart showed a genericway (referred to as the FGS transformation) to transform identity-based key agreementprotocols to certificateless key encapsulation mechanisms (CL-KEMs). As a typical example,they showed that the pairing-free CL-KEM underlying Baek et al.’s CLE can be ‘‘generated’’by applying their transformation to the Fiore–Gennaro (FG) identity-based key agreement(IB-KA) protocol.In this paper, we show that directly applying the Fiore–Gennaro–Smart (FGS) transformationto the original FG IB-KA protocol in fact results in an insecure CL-KEM schemeagainst strong adversaries, we also give a way to fix the problem without adding any computationalcost. The reason behind our attack is that the FGS transformation requires theunderlying IB-KA protocol to be secure in a model that is stronger than the conventional securitymodels where existing IB-KA protocols are proved secure, and the FG IB-KA protocolis in fact insecure in the new model. This motivates us to construct a new generic transformationfrom IB-KA protocols to CLE schemes. In the paperwepresent such a transformationwhich only requires the underlying IB-KA protocol to be secure in a security model that isweaker than the existing security models for IB-KA protocols. We illustrate our transformationby generating a new pairing-free CLE scheme that is obtained by directly applyingour transformation to the original FG IB-KA protocol.© 2010