International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Certificateless Public Key Cryptography

Sattam S. Al-Riyami
Kenneth G. Paterson
Search ePrint
Search Google
Abstract: This paper introduces the concept of 'certificateless public key cryptography' (CL-PKC). In contrast to traditional public key cryptographic systems, CL-PKC does not require the use of certificates to guarantee the authenticity of public keys. It does rely on the use of a trusted third party (TTP) who is in possession of a master key. In these respects, CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the other hand, CL-PKC does not suffer from the key escrow property that seems to be inherent in ID-PKC. Thus CL-PKC can be seen as a model for the use of public key cryptography that is intermediate between traditional certificated PKC and ID-PKC. We make concrete the concept of CL-PKC by introducing certificateless public key encryption (CL-PKE), signature and key exchange schemes. We also demonstrate how hierarchical CL-PKC can be supported. The schemes are all derived from pairings on elliptic curves. The lack of certificates and the desire to prove the schemes secure in the presence of an adversary who has access to the master key requires the careful development of new security models. For reasons of brevity, the focus in this paper is on the security of CL-PKE. We prove that our CL-PKE scheme is secure in a fully adaptive adversarial model, provided that an underlying problem closely related to the Bilinear Diffie-Hellman Problem is hard.
  title={Certificateless Public Key Cryptography},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography /},
  note={An extended abstract of this work will appear in the Proceedings of Asiacrypt 2003 12346 received 23 Jun 2003, last revised 21 Oct 2003},
  author={Sattam S. Al-Riyami and Kenneth G. Paterson},