Cryptology ePrint Archive: Report 2003/183
Certificate-Based Encryption and the Certificate Revocation Problem
Abstract: We introduce the notion of certificate-based encryption. In this model, a certificate -- or, more generally, a signature -- acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali's Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.
Category / Keywords: public-key cryptography /
Publication Info: Eurocrypt 2003
Date: received 2 Sep 2003
Contact author: cgentry at docomolabs-usa com
Available format(s): PDF | BibTeX Citation
Note: This is a version of the Eurocrypt 2003 paper, identical except for this comment and a correction in Section 3.2. I'm posting it online to make it more widely available, particularly since a couple of recent works propose essentially the same idea.
Version: 20030906:013922 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]