Certificate-Less Authenticated Encryption

Certificate-Less Authenticated Encryption (CLAE) adds authentication to ID-based encryption. It is an asymmetric encryption algorithm that can exchange secrets between any two entities without the need to (centrally) administer keys.[1] [2] [3]

Trusted center

A user is operable to register itself with the trusted center (TC) by first authenticating itself with the trusted center. The TC generates the private key of the user and then distributes it to the user.

The trust of the user in the (trusted third party) TC includes:

Joining

The user (sender/recipient) joins by acquiring a private key from a trusted third party 'trust center' (TC). The recipient registers itself with the trusted center by first authenticating itself with the TC. Authentication can be anything like password-based, challenge-response (Kerberos, email, phone number, etc.), biometric authentication, etc. The TC generates a private key using his own public key and the identity of the joining user. The private key is then securely transmitted to the joining user.

Sender

The sender uses the identity of the recipient and the public key of the TC to locally generate the public key of the recipient. The sender can choose any TC, thus forcing the recipient to acquire his (other) private key from that TC.

Recipient

After the recipient has joined, he can decrypt the (already) received message.

Upon response to a message the sender becomes the recipient and vice versa.

Comparison

'Normally' a public/private key pair has to be generated and the public key distributed, before any messages can be securely sent or received. In the case of CLAE messages can already be sent with the public key, before the private key has been generated. The public key of any recipient can already be acquired from a TC, before the recipient has registered.

See also

Certificateless cryptography

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.