Paper 2003/183

Certificate-Based Encryption and the Certificate Revocation Problem

Craig Gentry

Abstract

We introduce the notion of certificate-based encryption. In this model, a certificate -- or, more generally, a signature -- acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based encryption (implicit certification) and public key encryption (no escrow). We demonstrate how certificate-based encryption can be used to construct an efficient PKI requiring less infrastructure than previous proposals, including Micali's Novomodo, Naor-Nissim and Aiello-Lodha-Ostrovsky.

Note: This is a version of the Eurocrypt 2003 paper, identical except for this comment and a correction in Section 3.2. I'm posting it online to make it more widely available, particularly since a couple of recent works propose essentially the same idea.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Eurocrypt 2003
Contact author(s)
cgentry @ docomolabs-usa com
History
2003-09-06: received
Short URL
https://ia.cr/2003/183
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2003/183,
      author = {Craig Gentry},
      title = {Certificate-Based Encryption and the Certificate Revocation Problem},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/183},
      year = {2003},
      url = {https://eprint.iacr.org/2003/183}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.