? Identity-based cryptography (IBC) is an asymmetric public key cryptosystem. The concept of identity password was put forward by Chamil in 1984. The key point is that no certificate is needed in the system, and the user's name, IP address, e-mail address, mobile phone number and other identities are used as the public key. The user's private key is calculated by the key generation center (KGC) according to the system master key and the user ID. The user's public key is uniquely determined by the user identification, so the user does not need a third party to ensure the authenticity of the public key. But at that time, the idea of password identification was still in the theoretical stage, and no specific implementation appeared.
Until 2000, two teams, D. Boneh and M. Franklin, as well as R. Sakai, K. Ohgishi and M. Kasahara, independently proposed to construct identity public key cryptography by elliptic curve pairing, which triggered a new development of identity cryptography. Based on the bilinear properties of elliptic curve pairs, the relationship between cyclic subgroups of elliptic curves and multiplicative cyclic subgroups of extension fields is established, which constitutes bilinear DH, bilinear inverse DH, judging bilinear inverse DH, q- bilinear inverse DH and q-Gap- bilinear inverse DH. When the difficulty of solving the elliptic curve discrete logarithm problem is equal to that of solving the extended domain discrete logarithm problem, an identity password with the best security and efficiency can be constructed by using elliptic curve pairs.
Identity-based identification password is the latest development of traditional PKI certificate system. In 2006, the National Cryptography Bureau organized the compilation and review of IBC standards and specifications of the national identification cryptography system. On June 65438+February 65438+February 6, 2007, the national IBC standard officially passed the review, and the SM9 trade secret algorithm model was given.
2 technical principle of password identification
Identity cryptosystem is the same as the traditional public key cryptosystem, and each user has a pair of associated public keys and private keys. In the ID cryptosystem, the user's name, IP address, e-mail address, mobile phone number and other identities are used as public keys, and the corresponding user private keys are generated by mathematical means. User ID is the user's public key, so it doesn't need to be generated and stored. It only needs to be published in some way, and the private key is kept by the user in secret. The standards of IBC cryptosystem mainly include IBE encryption and decryption algorithm group, IBS signature algorithm group and IBKA authentication protocol, which are introduced below respectively.
2. 1 Identity Password Encryption and Decryption System
The encryption and decryption scheme of identity password consists of four parts, including system parameter generation (Setup) algorithm, key generation (Extract) algorithm, encryption algorithm and decryption algorithm. These steps are described as follows:
Setting: given a security parameter k, output system parameters params and MasterKey. Among them, the system parameter params is public, while the MasterKey is only known by the key generation center.
Extract: use params, MasterKey and arbitrary, ID∈{0, 1}* to return the private key PrivateKeyID. ID is a string of arbitrary length, which is used as the encryption public key, and PrivateKeyID is the decryption private key.
Encryption: encrypt plaintext m with params and public key ID to obtain ciphertext c, C=Encrypt(params, m, ID).
Decryption: decrypt ciphertext c with params and private key PrivateKeyID, and get plaintext decrypt (params, c, private key id) = m.
2.2 Identification password signature verification system
There are many signature verification schemes to identify passwords, but they are basically composed of four algorithms, namely, system parameter generation (Setup) algorithm, key generation (Extract) algorithm, signature (Significant) algorithm and verification algorithm. Their algorithms are described as follows:
Setting and extracting identify the setting and extracting in the password encryption and decryption mechanism in the previous section.
Meaningful: enter the message m to be signed, system public parameters and user private key PrivateKeyID to generate a signature (r, s), where r = r p and r is a random number.
Authentication: input the signature (r, s), system public parameters and user identity (ID), and output the authentication result.
2.3 Authentication protocol for identifying passwords
The steps of the identity authentication protocol of the identity encryption algorithm are as follows, taking the authentication between A and B as an example:
Step 1: A generates a random number r through a calculation unit, and generates a current timestamp t through a clock unit and sends it to b;
Step 2: B generates a random number R through the calculation unit, calculates u=rP, c=H(u, R, T) u, S = (R+C) Private KeyID, and sends U and S to A;
Step 3: a verify whether the following formula is established by the calculation unit; If it is established, the authentication passes, otherwise the authentication fails.
3 comparison between IBC and PKI
3. 1 system comparison
Traditional PKI system and IBC system are integrated facilities of authentication, authorization and encryption. Based on public key cryptography technology, the authenticity, confidentiality, integrity and non-repudiation of data are guaranteed to achieve security purposes. Because of the natural advantage of using the unique identity of the user as the user's public key, IBC system is easier to apply than PKI's huge certificate management and publishing system. The application comparison between PKI system and IBC system is shown in the following table.
3.2 Process comparison
Alice transferred a sum of money to Bob.
The process of PKI is as follows.
PKI process
The process of IBC is as follows.
IBC process
3.3 Comparative conclusion
As can be seen from the above analysis, compared with PKI system, the application advantages of IBC system are mainly shown in the following aspects:
1.PKI system does not need digital certificate, certificate issuing agency CA center, certificate issuing and query, which is simple to use and convenient to deploy, especially suitable for the security system of mass users;
2. The calculation process of certificate verification in PKI is not needed, and the calculation cost is low, so it is suitable for mobile phone terminals;
3. There is no need for PKI to connect with CA server online to query and verify the certificate status, so the communication cost is low;
4. Rich policy control mechanism, combining identity authentication with access control.