QuickStudy: Identity-based encryption
- 03 December, 2008 09:20
Public-key cryptography offers very strong protection for electronic communications. Much of its strength comes from the use of paired keys, which are separate (but mathematically related) codes that encrypt and decrypt a message; one key is public and one is known only to the recipient.
But hardly anyone uses public-key cryptography, because it's it's too much trouble. The recipient has to be prepared with both public and private keys, and the sender has to know or be able to find the recipient's public key. In most cases, this means that the sender must query a certificate authority to retrieve the target recipient's public key. Although this is simple within a company, senders outside the organization don't have any access to a central directory, so it's more difficult for them to send encrypted messages. Moreover, the process works only if the recipient has already decided to use it and has made a key available. And most people don't have public keys.
One promising solution to these difficulties is called identity-based cryptography or identity-based encryption (IBE). In this process, which can be initiated by the sender, a unique identifier of the recipient (such as his e-mail address) is used to calculate a public key. A trusted third-party server, called the private-key generator, uses a cryptographic algorithm to calculate the corresponding private key from the public key. In this way, recipients can generate their own private keys directly from the server as needed, and they don't have to worry about distributing their public keys.
How IBE Works
The success of IBE depends upon the third-party IBE server that generates private keys. The only information this server stores permanently is a secret master key -- a large random number that is exclusive to the security domain. The server uses this key to create a common set of public-key parameters (including the server's address) that are given to each user who installs the IBE software, and recipients' private keys as required.
When a sender creates an encrypted message, the IBE software on his system uses three parameters to generate the public key for the message: a starting value, the current week number and the recipient's identity (normally the e-mail address). Because a calendar reference is included, the public key that is generated will automatically expire.
A user who receives an IBE-encrypted e-mail message but has not used the process before can request -- upon authentication -- a private key that allows him to decrypt all e-mails encrypted using his e-mail address as the public key.
Ferris Research looked at the costs of one commercial IBE system (from Voltage Security) and found that total cost of ownership of a typical system is one-third that of a typical public-key system.
Moreover, Ferris found that IBE required a far simpler infrastructure (meaning fewer servers and easier installation). Other findings showed that operating costs were one-fifth of those of public-key systems, and that IBE users were three times more productive than users of public-key cryptography.