Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020115265 - CERTIFICATELESS PUBLIC KEY ENCRYPTION USING PAIRINGS

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

1. A transmitter device (103) for sending an encrypted message to a receiver device (105) in an identity-based cryptosystem (100), the transmitter device (103) being associated with a transmitter identifier, wherein the transmitter device (103) is configured to receive a transmitter partial private key from a trusted center (101 ), the transmitter device (103) being configured to:

- send a request for two public session keys to the receiver device (105);

- receive from the receiver device (105) a first ciphertext set, said first ciphertext set being derived from an encryption and authentication of two public session keys;

- decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key;

- determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, said second ciphertext comprising an encrypted message;

- send said second ciphertext set to the receiver device (105).

2. The transmitter device (103) of claim 1 , wherein the transmitter partial private key depends on the transmitter identifier associated with said transmitter device (105).

3. The transmitter device (103) of any preceding claim 1 and 2, wherein said identity-based cryptosystem (100) is associated with system parameters comprising an admissible bilinear map, a first cryptographic hash function, a second cryptographic hash function, a third cryptographic hash function, and a trusted center public key associated with the trusted center (101 ), said first ciphertext set comprising a first ciphertext, a second ciphertext, a third ciphertext, a fourth ciphertext, and a fifth ciphertext, and wherein said transmitter device (103) is configured to:

- apply the first cryptographic hash function to the receiver identifier, which provides a receiver public key;

- apply a subtraction operation between (i) the second ciphertext, and (ii) the output of the second cryptographic hash function applied to the bilinear map applied to the transmitter partial private key and to the first ciphertext, which provides a secret key;

- apply a decipher to the third ciphertext, which provides a recovered first public session key, said decipher using said secret key as a decryption key;

- apply said decipher to the fourth ciphertext, which provides a recovered second public session key;

- apply the third cryptographic hash function to said secret key, to said recovered first public session key, and to said recovered second public session key, which provides a recovered intermediate value;

- check if the fifth ciphertext is equal to the output of the second cryptographic hash function applied to an input value, said input value being the output of the bilinear map applied to (iii) the transmitter partial private key, and (iv) to the receiver public key to the power said recovered intermediate value.

4. The transmitter device (103) of preceding claim 3, wherein the transmitter device (103) is configured to check whether a trusted center identity verification condition and/or a public session keys verification condition are verified, the trusted center identity verification condition being satisfied if the output of the bilinear map applied to the transmitter partial private key and to the trusted center public key is equal to the output of the bilinear map applied to:

- the result of the first cryptographic hash function applied to the transmitter identifier; and

- the result of the first cryptographic hash function applied to the trusted center identifier;

the public session keys comprising a first public session key and a second public session key, the public session keys verification condition being satisfied if the output of the bilinear map applied to the first public session key and to the result of the first cryptographic hash function applied to the transmitter identifier is equal to the output of the bilinear map applied to the second public session key and to the transmitter partial private key.

5. The transmitter device (103) of claim 1 , wherein the second ciphertext set further comprises a first component, a second component, and a third component, the transmitter device (103) being configured to:

- generate a random secret key;

- apply the first cryptographic hash function to the receiver identifier, which provides a receiver public key;

- apply a third cryptographic hash function to said random secret key and to a given message, which provides an auxiliary value;

- apply an exponentiation function of a base equal to a trusted center public key and an exponent equal to said auxiliary value, which provides the first component;

- add said random secret key to the output of the second cryptographic hash function applied to the result of the bilinear map applied to the first public session key to the power the auxiliary value and to said receiver device public key, which provides the second component;

- apply a cipher to a given message using said random secret key, which provides an encrypted message;

- apply a second cryptographic hash function to the result of the bilinear map to the power the auxiliary value, said bilinear map being applied to the transmitter partial private key and to the receiver public key, which provides the third component .

6. A receiver device (105) for receiving an encrypted message from a transmitter device (103), the transmitter device (103) being associated with a transmitter identifier, the receiver device (105) being configured to determine two public session keys from a receiver partial private key associated with the receiver device (105) and from system parameters, the receiver device being configured to send a first ciphertext set to the transmitter device (103), the receiver device (105) being configured to determine said first ciphertext set from an encryption of the two public session keys, the receiver device (105) being configured to receive a second ciphertext set from the transmitter device (103) comprising said encrypted message, the second ciphertext set depending on a transmitter partial private key received from a trusted center (101 ), a receiver identifier associated with said receiver device (105), and the two public session keys, the receiver device (105) being configured to recover the original message by decrypting said encrypted message and authenticating the transmitter device (103).

7. The receiver device (105) of claim 6, wherein-said system parameters comprise a prime number, two algebraic groups of order equal to said prime number, an admissible bilinear map, a first cryptographic hash function, a second cryptographic hash function, a third cryptographic hash function, and a trusted center public key associated with a trusted center identifier.

8. The receiver device of any claim 6 and 7, wherein the receiver partial private key depends on a receiver identifier associated with the receiver device (105).

9. The receiver device (105) of any preceding claim 7 and 8, wherein the receiver device (105) is configured to verify a trusted center public key associated with the trusted center (101 ) using the receiver partial private key and to determine a private session key, two public session keys comprising a first public session key and a second public session key, and a first ciphertext set if a verification condition is satisfied, said verification condition being satisfied if the receiver device (105) determines that a first value is equal to a second value, said first value being determined by applying the bilinear map to the receiver device partial private key and to the trusted center public key, said second value being determined by applying the bilinear map to the output of the first cryptographic hash function applied to the receiver identifier and to the output of the first cryptographic hash function applied to the trusted center identifier.

10. The receiver device (105) of claim 9, wherein the receiver device (105) is configured to determine a random value and to determine said private session key by applying an exponentiation function of a base equal to the receiver partial private key and an exponent equal to said random value, said two public session keys comprising a first public session key and a second public session key, the receiver device (105) being configured to determine said first public session key by applying an exponentiation function of a base equal to the output of the application of the first cryptographic hash function to a trusted center identifier and an exponent equal to said random value, and to determine said second public session key by applying an

exponentiation function of a base equal to the trusted center public key and an exponent equal to said random value.

1 1. The receiver device (105) of claim 6, wherein the first ciphertext set comprises a first ciphertext, a second ciphertext, a third ciphertext, a fourth ciphertext, and a fifth ciphertext, the receiver device (105) being configured to randomly generate a random secret key, the receiver device (105) being configured to determine a transmitter public key by applying the first cryptographic hash function to the transmitter device identifier, and to determine a first intermediate value by applying the third cryptographic hash function to said random secret key, to the first public session key, and to the second public session key, the receiver device (105) being further configured to:

- determine said first ciphertext by applying an exponentiation function of a basis equal to the trusted user public key and an exponent equal to said first intermediate value;

- add said random secret key to a value, which provides said second ciphertext, said value being the result the second cryptographic hash function applied to the output of the bilinear map applied to a first input and a second input, said first input being the result of an exponentiation function having a basis given by the transmitter device public key and an exponent given by said intermediate value, said second input being of the result of the first cryptographic hash function to applied to the trusted center identifier;

- determine said third ciphertext by applying a cipher algorithm to the first public session key, said cipher algorithm using said random secret key as encryption key;

- determine said fourth ciphertext by applying a cipher algorithm to the second public session key; and

- determine said fifth ciphertext by applying a second cryptographic hash function to the output of the application of the bilinear map exponent said first intermediate value, said output being obtained by applying said bilinear map to the receiver partial private key and the transmitter public key.

12. The receiver device of any preceding claims 6 and 7, wherein the second ciphertext set further comprises a first component, a second component, and a third component, said first component, the receiver device (105) being configured to:

- determine a transmitter public key by applying the first cryptographic hash function to the transmitter identifier;

- determine a secret key by applying a subtraction operation to the second component comprised in the second ciphertext set and to the output of the application of the second cryptographic hash function to the result of the application of the bilinear map to the first component comprised in the second ciphertext set and to the private session key;

- determine said original message by decrypting said encrypted message using a decipher that uses said secret key as a decryption key;

- determine an auxiliary value by applying the third cryptographic hash function to said secret key and said original message; and

- verify the identity of the transmitter device (103) by checking if a transmitter identity verification condition is satisfied, said transmitter identity verification condition being satisfied if the receiver device (105) determines that the third component comprised in the second ciphertext set is equal to the output of the second cryptographic hash function applied to an output result to the power of said auxiliary value, said output result being determined by the application of the bilinear map to the transmitter device public key and the receiver device partial private key.

13. An identity-based cryptosystem (100) comprising a trusted center (101 ), said trusted center (101 ) being configured to determine system parameters and a master private key from a trusted center security parameter and a trusted center identifier, said system parameters comprising a prime number, two algebraic groups of order equal to said prime number, an admissible bilinear map, a first cryptographic hash function, a second cryptographic hash function, a third cryptographic hash function, and a trusted center public key associated with said trusted center identifier,, said trusted center (101 ) being configured to:

- generate said prime number, said two algebraic groups and said admissible bilinear map byrunning a Bilinear Diffie-Hellman parameter generator that takes as input said trusted center security parameter;

- select a first cryptographic hash function, a second cryptographic hash function, and a third cryptographic hash function from a predefined set of cryptographic hash functions;

- determine a first value by applying the first cryptographic hash function to said trusted center identifier;

- randomly select a master secret key; and

- determine said trusted center public key by applying an exponentiation function defined by a base and an exponent, said base being equal to said first value, and said exponent being equal to said master private key.

14. The identity-based cryptosystem (100) of claim 13, wherein the trusted center (101 ) is configured to determine a transmitter partial private key and a receiver partial private key from said master secret key, said system parameters, a transmitter identifier and a receiver identifier, the trusted center (101 ) being configured to determine a transmitter public key by applying the first hash function to a transmitter device identifier and to determine the transmitter partial private key by applying an exponentiation function defined by a base and an exponent, the base being equal to said transmitter public key, and the exponent being equal to the inverse of said master secret key, the trusted center (101 ) being configured to determine a receiver public key by applying the first hash function to the receiver identifier and to determine the receiver partial private key by applying an exponentiation function defined by a base and an exponent, the base being equal to said receiver public key, and the exponent being equal to the inverse of said master secret key.