Article by Adi Shamir ID-Based

Foreword

Shamir Adi - Israeli cryptanalyst, professor of computer science and applied mathematics at the Weizmann Institute, winner of the Turing Prize. He is one of the three creators of the famous RSA cryptosystem. In 1984, Shamir wrote an article about a new cryptosystem called ID-Based Cryptography (personal cryptography).
In this article, I would like to provide a translation of this article.

Idea

In this article, we will present a new type of cryptographic scheme that allows any pair of users to safely communicate and verify their signatures without exchanging public or private keys. The scheme assumes the presence of a trusted key generator center, the sole purpose of which is to provide each user with a personalized smart card at the moment when the user first joins the network. The information embedded in this card allows the user to sign and encrypt the messages he sends, and to decrypt and make sure the signatures of the messages he receives.

The scheme is ideal for closed user groups, such as heads of a multinational company or branches of large banks, as the corporate headquarters can serve as a key generator center that every user trusts. The scheme can even be used nationwide with hundreds of key generator centers and millions of users; it can become the basis for a new type of identity card with which everyone can electronically sign checks, credit card receipts, legal documents and letters.
')
The scheme is based on a public key of a cryptosystem with an additional condition: instead of generating a random pair of public (or /) private key and publishing one of them, the user declares his name and address on the Internet as his public key. The public key can be any combination of name, social security number, home address, office or telephone number (depending on context), provided that the user's combination is unique and he cannot deny it later.

The corresponding secret key is calculated by the key generator center and issued to the user in the form of a smart card when he first joins the network. The card contains a microprocessor, an input / output port, RAM, a ROM with a secret key, and programs for encrypting and decrypting messages, establishing and authenticating signatures.

ID-Based reminds an ideal mail system: if you know someone's name and address, you can send him a message, and only he can read this message. You can also verify its signature, since only the recipient can reproduce it.

All this makes the cryptographic aspects of the system almost transparent to the user. This system can be effectively used even by non-professionals who know nothing about keys and protocols. When User A wants to send a message to User B, A signs the message with a secret key that is located on the smart card, encrypts the result with the name and address on the Internet User B, adds his own name and address and sends a message. When user B receives a message, he decrypts it with the secret key located on his smart card and verifies the signature using the name and address of user A.

The secret key must be calculated by the key generator center, and not by users, since there is nothing special about the user ID: if user A can calculate the secret key corresponding to his public key, then he can also calculate the secret keys of users B, C, etc. ., and the scheme ceases to be safe.

The center of the key generator must have some secret information, for example, it knows the factorization of large numbers.

The overall safety of the circuit depends on the following points:
• Security underlying cryptographic functions
• Secrecy of privileged key generator center information
• Precautions taken by users to prevent the loss, copying or unauthorized use of cards


In all schemes, the message m is encrypted with the key k, the ciphertext c is transmitted through the channel and is decrypted with the key kd.

Key selection is based on truly random data k. In a private key scheme, kd = ke = k, and a separate channel key must be kept secret by both correspondents. In a public key scheme, encryption and decryption keys are obtained from k by applying 2 different functions - k = fe (k) and kd = fe (k) and a separate channel key is used to verify the authenticity of the channel.

In ID-Based, the encryption key is information about the user ke = i, and the decryption key is obtained from I and k through the function kd = f (i, k). A separate channel key between users is completely excluded and is replaced only by interaction with the center of the key generator when the participant first connects to the network.

The scheme based on the public key and ID-Based is a mirror image of the corresponding cryptosystems.