Cryptology ePrint Archive: Report 2003/183

Certificate-Based Encryption and the Certificate Revocation Problem

Craig Gentry

Abstract: We introduce the notion of certificate-based encryption. In this model, a certificate -- or, more generally, a signature -- acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali's Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.

Category / Keywords: public-key cryptography /

Publication Info: Eurocrypt 2003

Date: received 2 Sep 2003

Contact author: cgentry at docomolabs-usa com

Available format(s): PDF | BibTeX Citation

Note: This is a version of the Eurocrypt 2003 paper, identical except for this comment and a correction in Section 3.2. I'm posting it online to make it more widely available, particularly since a couple of recent works propose essentially the same idea.

Version: 20030906:013922 (All versions of this report)

Short URL: ia.cr/2003/183

Discussion forum: Show discussion | Start new discussion