1. Field
Disclosed embodiments relate to a message communication technique, and more specifically, to technology for implementing an efficient identity-based encryption system.
2. Discussion of Related Art
In order to deliver data through communication channels and ensure confidentiality of the data, various cryptographic techniques have been developed. For example, public key-based encryption methods have been widely used for economical and flexible key management. In these methods, in order to prevent impersonation attacks, a public key infrastructure (PKI) can be applied. However, in a PKI technique, a certificate on which a trustable organization performs digital signing in order to verify an owner of a public key is used. When such a certificate is issued, stored, distributed and verified, a load is generated. On the other hand, in an identity-based encryption (IBE) technique, a public key is derived from an identity of a communication subject. Therefore, according to this technique, a load of a series of procedures in which the certificate is used to obtain the public key can be removed.
In encryption systems using the IBE technique, there is a need to update a public key corresponding to the same identity in order to reduce key management costs. As one example, when information indicating a variable date and/or time (for example, a key expiration date) is used to generate the public key, it is possible to prevent the same public key from being constantly generated for the same identity, and a previous public key and a private key paired therewith can be naturally discarded. For example, an identity-based authenticated key exchange (IBAKE) protocol is provided to settle a secret key reliably between two communication subjects using the IBE technique without management of the certificate for the public key, and the public key is generated using a time value to occasionally update the public key.
When the public key is generated in this manner, if additional information is used together with an identity of any communication subject, the public key does not match the identity of the communication subject itself, and the communication subject can obtain its private key from a private key generator (PKG) only when the above additional information is recognized. Therefore, in an IBAKE system of the related art, additional information of a date or time that can be easily recognized by two communication subjects (for example, without involvement of a server) was used and an update cycle of the public key was short. However, such a system has a limitation of being unable to use various types of additional information in order to generate the public key. Also, interest in a method of transferring the additional information described above to the communication subject that receives a message encrypted using the public key is insufficient.