Generic Constructions of Identity-Based and Certificateless KEMs

We extend the concept of key encapsulation mechanisms to the primitives of ID-based and certificateless encryption. We show that the natural combination of ID-KEMs or CL-KEMs with data encapsulation mechanisms results in encryption schemes which are secure in a strong sense. In addition, we give generic constructions of ID-KEMs and CL-KEMs, as well as specific instantiations, which are provably secure

Certificateless KEM and Hybrid Signcryption Schemes Revisited

Often authentication and confidentiality are required as simultaneous key requirements in many cryptographic applications. The cryptographic primitive called signcryption effectively implements the same and while most of the public key based systems are appropriate for small messages, hybrid encryption (KEM-DEM) provides an efficient and practical way to securely communicate very large messages. Recently, Lippold et al. \cite{GCJ09} proposed a certificateless KEM in the standard model and the first certificateless hybrid signcryption scheme was proposed by Fagen Li et al. \cite{LST09}. The concept of certificateless hybrid signcryption has evolved by combining the ideas of signcryption based on tag-KEM and certificateless cryptography. In this paper, we show that \cite{GCJ09} is not Type-I CCA secure and \cite{LST09} is existentially forgeable. We also propose an improved certificateless hybrid signcryption scheme and formally prove the security of the improved scheme against both adaptive chosen ciphertext attack and existential forgery in the appropriate security models for certificateless hybrid signcryption

Secure Certificateless Public Key Encryption without Redundancy

Certificateless public key cryptography was introduced to solve the key escrow problem in identity based cryptography while enjoying the most attractive {\em certificateless} property. In this paper, we present the first {\em secure} certificateless public key encryption (CLPKE) scheme {\em without redundancy}. Our construction provides optimal bandwidth and a quite efficient decryption process among all the existing CLPKE schemes. It is provably secure against adaptive chosen ciphertext attacks in the random oracle model under a slightly stronger assumption

Pairing-based cryptosystems and key agreement protocols.

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed

Secure Cryptographic Workflow in the Standard Model

Following the work of Al-Riyami et al. we define the notion of key encapsulation mechanism supporting cryptographic workflow (WF-KEM) and prove a KEM-DEM composition theorem which extends the notion of hybrid encryption to cryptographic workflow. We then generically construct a WF-KEM from an identity-based encryption (IBE) scheme and a secret sharing scheme. Chosen ciphertext security is achieved using one-time signatures. Adding a public-key encryption scheme we are able to modify the construction to obtain escrow-freeness. We prove all our constructions secure in the standard model

Efficient identity-based key encapsulation to multiple parties

We introduce the concept of identity based key encapsulation to multiple parties (mID-KEM), and define a security model for it. This concept is the identity based analogue of public key KEM to multiple parties. We also analyse possible mID-KEM constructions, and propose an efficient scheme based on bilinear pairings. We prove our scheme secure in the random oracle model under the Gap Bilinear Diffie-Hellman assumption.Fundação para a Ciência e a Tecnologia - SFRH/BPD/20528/2004