Alternative Approaches—Identity-Based Encryption

Learn about some alternative approaches to resolve issues of implementing a certificate-based approach to public-key management.

Identity-based encryption

The main purpose of a public-key certificate is to bind an identity to a public-key value. Thus, one way of eliminating the need for public-key certificates is to build this binding directly into the public keys themselves.

The idea behind identity-based encryption

One way in which this binding could be built-in is if the public-key value can be uniquely derived from the identity, for example, by assigning the public-key value and the identity the same value. As we noted previously, this is the main motivation behind identity-based encryption (IBE).

A significant difference between IBE and certificate-based approaches to managing conventional public-key cryptography is that IBE requires a trusted third party in a private-key generation. We will refer to this trusted third party as a trusted key center (TKC) since its main role is to generate and distribute private keys. The basic idea behind IBE is:

  • A public-key owner’s ‘identity’ is their public key. A publicly known rule converts the owner’s ‘identity’ into a string of bits, and then some publicly known rule converts this string of bits into a public key.

  • The public-key owner’s private key can be calculated from their public key only by the TKC, who has some additional secret information.

In this way, public-key certificates are not required since the linkage between the owner’s identity and the public key uses the publicly known rules. Even though anyone easily determines public keys, private keys are only computable by the TKC.

A model for IBE

The illustration below shows the process behind using IBE to encrypt a message from Alice to Bob. The model consists of the following stages:

  • Encryption: Alice derives Bob’s public key PubB from Bob’s identity using the publicly known rules. Alice then encrypts her message using PubB and sends the resulting ciphertext to Bob.

  • Identification: Bob identifies himself to the TKC by presenting appropriate credentials and requests the private key PrivB corresponding to PubB.

  • Private key derivation: If the TKC accepts Bob’s credentials, then the TKC derives PrivB from PubB and a system secret value sTKC, known only by the TKC.

  • Private-key distribution: The TKC sends PrivB to Bob using a secure channel.

  • Decryption: Bob decrypts the ciphertext using PrivB.

Get hands-on with 1200+ tech skills courses.