Certificateless Public Key Cryptography

This paper introduces the concept of certificateless public key cryptography (CL-PKC).In contrast to traditional public key cryptographic systems, CL-PKC does not require theuse of certificates to guarantee the authenticity of public keys. It does rely on the useof a trusted third party (TTP) who is in possession of a master key. In these respects,CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the otherhand, CL-PKC does not suffer from the key escrow property that seems to be inherent inID-PKC. Thus CL-PKC can be seen as a model for the use of public key cryptographythat is intermediate between traditional certificated PKC and ID-PKC.We make concrete the concept of CL-PKC by introducing certificateless public keyencryption (CL-PKE), signature and key exchange schemes. We also demonstrate howhierarchical CL-PKC can be supported. The schemes are all derived from pairings onelliptic curves. The lack of certificates and the desire to prove the schemes secure in thepresence of an adversary who has access to the master key requires the careful developmentof new security models. For reasons of brevity, the focus in this paper is on the securityof CL-PKE. We prove that our CL-PKE scheme is secure in a fully adaptive adversarialmodel, provided that an underlying problem closely related to the Bilinear Diffie-HellmanProblem is hard.