Doctor of Philosophy
School of Computing and Information Technology
Elashry, Ibrahim, Pairing-free identity-based cryptography, Doctor of Philosophy thesis, School of Computing and Information Technology, University of Wollongong, 2015. http://ro.uow.edu.au/theses/4409
Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing the public key of a user as his identity. Although the first IBC proposed by Adi Shamir [Sha84] was based on RSA, most of the proposed IBC systems are based on bilinear pairings. This limite the use of IBC in the real world because of several reasons. First, a bilinear pairing is time- and power-inefficient and it takes around 2.5 times an RSA modular exponentiation based on MIRACL benchmarks. Second, these systems are incompatible with the most widely used public key cryptosystem (RSA) which makes them non-commercially appealing. Thus, it is useful to think outside the box and try to use different tools to construct IBC systems. These constructions may have unique security properties that do not exist in current IBC systems. We worked on constructing IBC systems based on RSA settings. We have improved the performance of identity-based encryption (IBE) systems, cryptanalysed IBE systems, implemented variants of IBE systems such as mediated encryption and attribute-based signcryption, and presented an identity-based authenticated key exchange (IBAKE) with some novel security features.
In this thesis, we first present some background about IBC and the motivation for solving the problems associated with pairing-based IBC. Then we give solutions to these problems along withthe thesis structure. Then, we give a literature review about IBC, including identity-based encrytpion (IBE) and key exchange (KE) with focusing on pairing-free constructions. We also review some application of IBC such as mediated cryptography and attribute-based cryptography, In addition, we review the definitions and preliminaries related to the contents of the thesis, including definitions of ssecurity models, hard problems, and some mathematical tools. Then, we review identity-based mediated RSA encryption and signature systems (IB-mRSA) presented by Boneh, Ding and Tsudik [BDT02]. We show that IB-mRSA is not secure and we present a secure modified version of it which is as efficient as the original system. We also propose a generic mediated encryption (GME) that transforms any IBE to a mediated version of this IBE. We also present two implementations of GME based on Boneh-Franklin FullIdent [BF01] which is a pairing-based IBE and Boneh, Gentry and Hamburg (BGH) AnonIBE [BGH07] which is a pairing-free IBE. After that, we present two efficient variants of (BGH) systems (BasicIBE, AnonIBE) [BGH07] in terms of ciphertext length and encryption/decryption speed. The ciphertext is as short as the BGH systems, but with more time-efficient algorithms.
We prove that these variants are as secure as the BGH systems. Then, we review an efficient variant of Boneh, Gentry and Hamburg BasicIBE presented by Jhanwar and Barua [JB08]. We prove that this IBE is not secure against an indistinguishable chosen plaintext attack (IND-ID-CPA) adversary and present a solution to the security flaw of this IBE. After that, we present two ciphertext-policy attribute-based signcryption (CP-ABSC) systems. One of our proposed ABSC is anynymous i.e., an adversary cannot determine for which attributes or policies the message has been signcrypted. These systems are time-efficient and fully secure under the quadratic residuosity (QR) assumption and provide a constant ciphertext size regardless of the number of attributes associated with the access structure. Then, we present a new security notion for key exchange (KE) protocols called Resiliency. That is, if a shared secret between designated parties is compromised or leaked, they can generate another completely new shared secret without the need to setup a new key exchange session. We present an identity-based authenticated key exchange protocol (IBAKE) that satisfies the resiliency security property. Finally, we present the conclusion of the thesis.