Research On Key Escrow Problem Of Identity-Based Cryptography

This dissertation studies the key escrow problem in identity-based cryptosystem. The main results are that the author proposed two new schemes for this problem from the two hands.Identity-based cryptography, for short, is IBC. Its public key is user's identity straight, for example,E-mail, telephone number or IP address. User's private key is bound with public key by using fixed algorithm. Then complicated authentication and burdensome key management are all avoided. IBC have many advantages over PKI based cryptosystems in many hands, for examples key generation, key distribution, key management, etc.But, IBC also has an inherent drawback. Key generation center keeps the master key s. User's private key is generated by multiplying s with H(ID). Algorithm H is known to all. In other words, All users' private keys are known to the key generation center because all keys are generated with s. So, it is a so-called problem that "user's secret key completely depends on the trusted escrow agency".The traditional method is by escrowing the master key s with threshold scheme. But It seems not reasonable fully. For example, in course of monitoring, once that monitor agency reconstructed user's private key with t effective escrow agencies, he can continue to monitor the user's all communications all times. It is a doubt if monitor agency could abuse the power. So, it is a so-called problem of "once monitor, monitor for ever".These are all the escrow problems of IBC.To these problems, in this dissertation, the traditional identity-based cryptosystem is improved. The key generation center's oversize power is controlled effectively by two patterns. So, the problem is solved successfully.The main idea of the first scheme is that we introduced the idea of shadow transformation. Integrating with threshold escrow mechanism, we then proposed an improved threshold escrow scheme.The main idea of the second scheme is that we adopted the idea of partial key escrow that Shamir proposed for the first time. Now, user decided the key by himself, then the private key is escrowed paritially, not totally.