Keywords: IBC? Transparent email encryption

In order to simplify the key management problem of traditional public key cryptography system, in 1984, an Israeli scientist and one of the inventors of the famous RSA system Propose the idea of ????based on identity password: use the user's public identity information (such as e-mail address, IP address, name..., etc.) as the user's public key, and the user's private key is generated by a trusted center called the private key generator generate. In the following twenty years, the design of identity-based cryptosystems became a popular research field in the cryptography community. That is, IBE (Identity Based Encryption), which is called IBC (Identity-Based Cryptograph) in China, is an identity-based cryptography technology. It has been certified and authorized by the China State Cryptography Administration as the SM9 algorithm (Shangmi No. 9 algorithm) . IBC is developed based on the traditional PKI (Public Key Infrastructure). It mainly simplifies the exchange of a large number of digital certificates in specific security applications, making security applications easier to deploy and use. IBC cryptography technology uses an asymmetric cryptography system. Encryption and decryption use two different sets of keys. Each person's public key is his or her identity, such as email address, phone number, etc. The private key is controlled by the user in the form of data. Key management is quite simple and can easily encrypt and decrypt data information. The basic technologies of IBC include data encryption, digital signatures, data integrity mechanisms, digital envelopes, user identification, user authentication, etc.

Disadvantages of identity-based encryption:

First, key escrow The problem is that PKG has the ability to obtain the private key of any user, which means that the information sent by the user is visible to PKG. However, from the basic requirements of identity-based cryptography, this is insurmountable.

Secondly, when there are many users, the generation of private keys is an expensive burden for PKG. If the current date is added to the user’s public key ID, PKG will have to generate the key for the user every day. Generating a private key is computationally expensive when there are many users.

Currently sm9 is the most promising way to achieve large-scale application of email encryption. The identity-based secure email system directly uses the user's email address as the public key, does not require certificates and related operations, and the system structure is relatively simple.

For the current email encryption market, there are already products that use IBC technology to encrypt emails. The secret email launched by Tianyuyunan uses transparent encryption for emails, which does not change the user's original usage habits at all, and is very convenient to use. . URL:/