Abstract
The popular certificate revocation systems such as CRL and OCSP have a common drawback that they are explicit certificate revocation; the sender must obtain the revocation status information of the receiver’s certificate, before sending an encrypted message. Recently, an implicit certificate revocation system called ‘certificate-based encryption’ was introduced. In this model, a receiver needs both his private key and an up-to-date certificate from the CA (Certification Authority) to decrypt a ciphertext, while senders need not be concerned about the certificate revocation problem. Hence, the certificate-based encryption system has the advantage of light infrastructure requirement. However, the certificate-based encryption system has an important drawback that it is inseparable; only the CA can handle the certificate revocation problem and the load cannot be distributed among multiple trusted authorities. In this paper, we propose a separable implicit certificate revocation system called ‘status certificate-based encryption,’ in which the authenticity of a public key is guaranteed by a (long-lived) certificate and the certificate revocation problem is resolved by a (short-lived) status certificate. We present a secure construction based on bilinear mappings as well as definitional works.
This research was supported by University IT Research Center Project and the Brain Korea 21 Project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)
Bellare, M., Desai, A., Jokipii, D., Rogaway, P.: A concrete security treatment of symmetric encryption: analysis of the DES modes of operation. In: FOCS 1997. IEEE, Los Alamitos (1997)
Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM Conf. on Computer and Communications Security, pp. 62–73 (1993)
Chen, L., Harrison, K., Soldera, D., Smart, N.P.: Applications of multiple trust authorities in pairing based cryptosystems. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 260–275. Springer, Heidelberg (2002)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong key-insulated signature schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130–144. Springer, Heidelberg (2002)
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)
Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, RFC 3280, IETF (2002)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet public key infrastructure online certificate status protocol - OCSP, RFC 2560, IETF (1999)
McDaniel, P., Jamin, S.: Windowed certificate revocation. In: IEEE Infocom 2000, pp. 1406–1414 (2000)
Micali, S.: NOVOMODO: scalable certificate validation and simplified PKI management. In: 1st Annual PKI Research Workshop Proceedings, pp. 15–26 (2002)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: 7th USENIX Security Symposium, pp. 217–228 (1998)
NIST, Digital siganture standard, FIPS PUB 186-2 (2000)
Rivest, R.: Can we eliminate certificate revocation lists? In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signature and public key cryptosystem. Comm. of the ACM 21(2), 120–126 (1978)
Shamir, A.: Identity-based cryptosystems and signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Smart, N.P.: Access Control Using Pairing Based Cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 111–121. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yum, D.H., Lee, P.J. (2005). Separable Implicit Certificate Revocation. In: Park, Cs., Chee, S. (eds) Information Security and Cryptology – ICISC 2004. ICISC 2004. Lecture Notes in Computer Science, vol 3506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11496618_10
Download citation
DOI: https://doi.org/10.1007/11496618_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26226-8
Online ISBN: 978-3-540-32083-8
eBook Packages: Computer ScienceComputer Science (R0)