Certificate-less authenticated encryption

Certificate-less authenticated encryption (CLAE) adds authentication to ID-based encryption. It is an asymmetric encryption algorithm that can exchange secrets between any two entities without the need to (centrally) administer keys.[1][2][3]

Trusted center

A user is operable to register itself with the trusted center (TC) by first authenticating itself with the trusted center. The TC generates the private key of the user and then distributes it to the user.

The trust of the user in the (trusted third party) TC includes:

  • the authentication process of the recipient has been adequate.
  • after the private key is distributed to the user, the private key is not regenerated by the TC for other purposes (spying).
  • the TC private key is well protected and that the distributed TC public key belongs to the TC.

Joining

The user (sender/recipient) joins by acquiring a private key from a trusted third party 'trust center' (TC). The recipient registers itself with the trusted center by first authenticating itself with the TC. Authentication can be anything like password-based, challenge-response (Kerberos, email, phone number, etc.), biometric authentication, etc. The TC generates a private key using its own private key and the identity of the joining user. The private key is then securely transmitted to the joining user.

Sender

The sender uses the identity of the recipient and the public key of the TC to locally generate the public key of the recipient. The sender can choose any TC, thus forcing the recipient to acquire his (other) private key from that TC.

Recipient

After the recipient has joined, he can decrypt the (already) received message.

Upon response to a message the sender becomes the recipient and vice versa.

Comparison

'Normally' a public/private key pair has to be generated and the public key distributed, before any messages can be securely sent or received. In the case of CLAE messages can already be sent with the public key, before the private key has been distributed to the recipient. The public key of any recipient can already be acquired from a TC, before the recipient has registered.

History

In August 2017 the patents for certificate-less authenticated encryption were transferred to VIBE Cybersecurity International LLC and the schema was re-branded as Verifiable Identity Based Encryption (VIBE).[2]

gollark: Correctness is correct. Floats are mostly okayish.
gollark: I think you mean "5 haskell programmers".
gollark: Then you can use ints and get confused when you forget to multiply by a hundred or whatever in the UI.
gollark: In most use cases, you don't hit the 0.300000000004y level of necessary accuracy, which makes it mostly fine.
gollark: I mean, given that base 10 is what we use, it's quite important that computers can handle it correctly.

See also

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.