Alternative Approaches—IdentityBased Encryption
Learn about some alternative approaches to resolve issues of implementing a certificatebased approach to publickey management.
Identitybased encryption
The main purpose of a publickey certificate is to bind an identity to a publickey value. Thus, one way of eliminating the need for publickey certificates is to build this binding directly into the public keys themselves.
The idea behind identitybased encryption
One way in which this binding could be builtin is if the publickey value can be uniquely derived from the identity, for example, by assigning the publickey value and the identity the same value. As we noted previously, this is the main motivation behind identitybased encryption (IBE).
A significant difference between IBE and certificatebased approaches to managing conventional publickey cryptography is that IBE requires a trusted third party in a privatekey generation. We will refer to this trusted third party as a trusted key center (TKC) since its main role is to generate and distribute private keys. The basic idea behind IBE is:

A publickey owner’s ‘identity’ is their public key. A publicly known rule converts the owner’s ‘identity’ into a string of bits, and then some publicly known rule converts this string of bits into a public key.

The publickey owner’s private key can be calculated from their public key only by the TKC, who has some additional secret information.
In this way, publickey certificates are not required since the linkage between the owner’s identity and the public key uses the publicly known rules. Even though anyone easily determines public keys, private keys are only computable by the TKC.
A model for IBE
The illustration below shows the process behind using IBE to encrypt a message from Alice to Bob. The model consists of the following stages:

Encryption: Alice derives Bob’s public key PubB from Bob’s identity using the publicly known rules. Alice then encrypts her message using PubB and sends the resulting ciphertext to Bob.

Identification: Bob identifies himself to the TKC by presenting appropriate credentials and requests the private key PrivB corresponding to PubB.

Private key derivation: If the TKC accepts Bob’s credentials, then the TKC derives PrivB from PubB and a system secret value sTKC, known only by the TKC.

Privatekey distribution: The TKC sends PrivB to Bob using a secure channel.

Decryption: Bob decrypts the ciphertext using PrivB.
Get handson with 1200+ tech skills courses.