近年來，隨著網路的發展，人們的生活與網路緊緊相連，不論是聊天、購物、寄信、娛樂、工作都可以透過網路進行，甚至政府公文也會通過網路傳輸。因為網路的依賴性越來越高，通過這些行為，有大量私密訊息，甚至個人資料會被放到網路上、並通過網路來傳輸，因此資訊的安全、傳輸的安全變的越發重要。

在密碼系統中，基於使用者身分的密碼系統一直有金鑰託管的問題，因為其完全使用KGC（金鑰產生中心）來產生金鑰，因此衍生出金鑰託管的問題。而免憑證密碼系統能夠解決金鑰託管的問題，因為在其中KGC只負責產生部分金鑰，還需要搭配上由使用者自己額外產生的祕密值，才會產生完整的金鑰，因此有越來越多研究者開始研究，並提出相關的安全性證明。

其中，公開金鑰的認證與管理在非對稱密碼學中一直是一個很重要的議題，在傳統公開金鑰密碼學裡，公開金鑰的管理問題已經有非常完整的研究，然而在免憑證密碼系統的背景之下，這仍是一個需要被探討的問題。
因為在其中金鑰是由使用者自己產生，因此惡意的KGC也可以藉由已知使用者部分金鑰來產生無限多組使用者金鑰進行簽章，並且該簽章能夠過驗證，
並且惡意的使用者也可以自行產生無限多組的金鑰來簽章，並且否認金鑰及簽章的真實性，因此無法達到不可否認性。

因此我們提出一種公開金鑰管理機制，在於基於在原有的免憑證系統下，透過我們的公開金鑰管理方式，能夠有效避免使用者和KGC皆可產生多金鑰的問題，達到真正的不可否認信。

關鍵字：免憑證密碼系統、公開金鑰管理。

In cryptography, the key escrow issue has been extensively studied for ID-based cryptography because KGC conducts both asymmetry key generation of private and public key with a record. In order to overcome the key escrow issue in ID-based cryptography, in 2003, the notion of “Certificateless public key cryptography (CL-PKC) ” similar to ID-based cryptography was proposed by Al-Riyami and Paterson. The different part between two cryptographies is that KGC is not aware of the user's full private key and just computes a partial private key. A full private key is generated from the combination of the partial private key and user-chosen secret value. In this way, the key escrow problem can be conquered.

The management and validation of the public key have been an important research area of asymmetric cryptography. The research on management of public key is almost complete under the consideration of traditional public key encryption but not under the certificateless setup. There is no certification mechanism which confirms authenticity of the key pair corresponding to the individual. Tampered KGC responsible for partial private key parameters could forge multiple key pairs by choosing any secret value from known users and these key pairs can further promote the effective signature which is valid even under verification procedure. Malicious users could generate limitless correct key pairs by grafting random secret values onto key parameters, and they could deny having generated these key pairs. In latter case, non-repudiation can not be achieved by digital signature statements under the current certificateless infrastructure.

Therefore, we designed a public key management scheme for certificateless cryptosystems to ascertain authenticity and non-repudiation of all key pairs by attaching an extra trusted third party. Verification is conducted by the receiver and non-repudiation is warranted by the trusted third party.

Keywords: Certificateless Public Key Cryptography, Public key management

Table of Contents i
List of Figures ii
List of Tables iii
1 Introduction 1
2 Background 5
2.1 Certificateless Public Key Cryptography . . . . . . . . . . . . . . . . 5
2.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3 Related Works 21
3.1 Review of Choi et al.’s Certificateless Signature Scheme . . . . . . . . 21
3.2 Review of Tso et al’s Certificateless Signature Scheme . . . . . . . . . 23
4 Proposed Scheme 25
4.1 The overview of scheme . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.2 Public Key Management Scheme for Certificateless Cryptosystem . . 31
4.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5 Security Analysis 35
5.1 Type I Adversary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.2 Type II Adversary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
6 Implementation 42
6.1 System Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6.2 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7 Conclusions and Future Work 51

[1] Nazar Abbas Saqib Çetin Kaya Koç Francisco Rodríguez-Henríquez, Arturo Díaz Pérez. Cryptographic Algorithms on Reconfigurable Hardware. Springer US, 2007 .
[2] Thomas Schack Achim Schneider Frank Seliger Uwe Hansmann, Martin S. Nicklous. Smart Card Application Development Using Java. Springer-Verlag Berlin Heidelberg, 2002 .
[3] Mahima Ranjan Adhikari Avishek Adhikari. Basic Modern and Algebra with and Applications. Springer India, 2014 .
[4] Adi Shamir. Identity-based cryptosystems and signature scheme. In G.R. Blakley and D. Chaum, editors, LECT NOTES COMPUT SC, volume 196, pages 47–53, 1985 .
[5] Dae Hyun Yum and Pil Joong Lee. Identity-based cryptography in public key management. In S.K. Katsikas et al., editors, EuroPKI, volume 3093, pages 71–84, 2004 .
[6] Qianhong Wu Bo Qin Weiran Liu, Xiao Liu. Experimental performance comparisons between (h)ibe schemes over composite-order and prime-order bilinear groups. In IBCAST, pages 203–209, 2014 .
[7] Sattam S. Al-Riyami and Kenneth G. Paterson. Certificateless public key cryptography. In AsiaCrypt, pages 452–473, 2003 .
[8] Xinyi Huang, Willy Susilo, Yi Mu, and Futai Zhang. On the security of certificateless signature schemes from asiacrypt 2003. In Y.G. Desmedt et al., editors, CANS, volume 3810, pages 13–25, 2005 .
[9] Xinyi Huang, Yi Mu, Willy Susilo, Duncan S. Wong, and Wei Wu. Certificateless signature revisited. In J. Pieprzyk, H. Ghodosi, and E. Dawson, editors, ACISP, volume 4586, pages 308–322, 2007 .
[10] Yang Lu, Quanling Zhang, and Jiguo Li. An improved certificateless strong key-insulated signature scheme in the standard model. In AIMS, volume 9, pages 353–373, 2015 .
[11] Willy Susilo Joseph K. Liu, Man Ho Au. Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In ASIACCS, pages 273–283, 2003 .
[12] Wun-She Yap, Swee-Huay Heng, and Bok-Min Goi. An efficient certificateless signature scheme. In EUC, pages 322–331, 2006 .
[13] Zhenfeng Zhang, Duncan S. Wong, Jing Xu, and Dengguo Feng. Certificateless public-key signature: Security model and efficientcient construction. In J. Zhou, M. Yung, and F. Bao, editors, ACNS, volume 3989, pages 293–308, 2006 .
[14] L. Zhang and F. Zhang. A new provably secure certificateless signature scheme. In ICC, pages 1685–1689, 2008 .
[15] Lei Zhang, Futai Zhang, and Fangguo Zhang. New efficient certificateless signature scheme. In M. Denko et al., editors, EUC Workshops, volume 4809, pages 692–703, 2007 .
[16] Hongzhen Du and Qiaoyan Wen. Efficient and provably-secure certificateless short signature scheme from bilinear pairings. In COMPUT STAND INTER, pages 390–394, 2009 .
[17] Kyu Young Choi, Jong Hwan Park, Jung Yeon Hwang, and Dong Hoon Lee. Efficientcient certificateless signature schemes. In J. Katz and M. Yung, editors, ACNS, volume 4521, pages 443–458, 2007 .
[18] Willy Susilo Wei Wu, Yi Mu and Xinyi Huang. Certificate-based signatures: New definitions and a generic construction from certificateless signatures. In K.-I. Chung, K. Sohn, and M. Yung, editors, WISA, volume 5379, pages 99–114, 2009 .
[19] Kyu Young Choi, Jong Hwan Park, and Dong Hoon Lee. A new provably secure certificateless short signature scheme. In COMPUT MATH APPL, volume 61, pages 1760–1768, 2011 .
[20] Raylin Tso, Xun Yi, and Xinyi Huang. Efficient and short certificateless signature. In M.K. Franklin, L.C.K. Hui, and D.S. Wong, editors, CANS, volume 5339, pages 64–79, 2008 .
[21] Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the weil pairing. In AsiaCrypt, pages 514–532, 2001 .
[22] Kuo-Hui Yeh, Kuo-Yu Tsai, and Chuan-Yen Fan. An efficient certificateless signature scheme without bilinear pairings. In MULTIMED TOOLS APPL, volume 74, pages 6519–6530, 2014 .
[23] Kumar Sharad. Certificateless Encryption Scheme Using Biometric Identity. Master’s Thesis, 2012 .
[24] Benjamin Lynn. Pairing-based cryptography library. url http:// crypto.stanford.edu/pbc/. 2007 .
[25] Angelo De Caro. jpbc: Java pairing based cryptography. In ISCC, pages 850– 855, 2011.