# Distributed Threshold Certificate based Encryption Scheme with No Trusted Dealer

### Apostolos P. Fournaris

#### Abstract

Generating certified keys and managing certification information in a fully distributed manner can find a wide range of applications in the increasingly distributed IT environment. However, the prohibition of trusted entities within the distributed system and the high complexity certificate management and revocation mechanism, hinder the adoption of this approach in a large scale. Threshold cryptography offers an elegant solution to these issues through Shamir’s secret sharing scheme, where a secret (the Certificate Authority’s (CA) master key) is split and shared among all participants. Combining this approach with the reasonable certificate service requirements of Certificate based encryption (CBE) schemes could result in a functional and efficient distributed security scheme. However, centralized entities, denoted as trusted dealers, are needed in most threshold cryptography schemes even those few that support CBE, while the static way in which the system’s functionality is viewed, considerably limits possible applications (i.e. dynamic environments like p2p, Ad- Hoc networks, MANETS). In this paper, we explore the potentials of combining the latest developments in distributed key generation threshold cryptography schemes with efficient yet highly secure certificate based encryption schemes in order to provide a solution that matches the above concerns. We draft a fully distributed Threshold Certificate Based Encryption Scheme that has no need for any centralized entity at any point during its operating cycle, has few requirements concerning certificate management due to CBE and does not need any trusted dealer to create, and split secrets or distribute certificates. The proposed scheme has an easy participant addition-removal procedure to support dynamic environments.

#### References

- Boneh, D., Boyen, X., and Halevi, S. (2006). Chosen ciphertext secure public key threshold encryption without random oracles. In Pointcheval, D., editor, CTRSA, volume 3860 of Lecture Notes in Computer Science, pages 226-243. Springer.
- Boneh, D. and Franklin, M. K. (2001). Identity-based encryption from the weil pairing. In Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 7801, pages 213- 229, London, UK. Springer-Verlag.
- Boyen, X. (2008). A tapestry of identity-based encryption : practical frameworks compared. International Journal of Applied Cryptography, 1(1):3-21.
- Damgard, I. and Koprowski, M. (2000). Practical threshold rsa signatures without a trusted dealer. pages 152-165. Springer Verlag.
- Desmedt, Y. and Frankel, Y. (1989). Threshold cryptosystems. In Brassard, G., editor, CRYPTO, volume 435 of Lecture Notes in Computer Science, pages 307-315. Springer.
- Fournaris, A. P. (2011). Distributed threshold cryptography certification with no trusted dealer. In Lopez, J. and Samarati, P., editors, SECRYPT 2011, pages 400-404. SciTePress.
- Frankel, Y., Gemmell, P., MacKenzie, P. D., and Yung, M. (1997). Optimal resilience proactive public-key cryptosystems. In FOCS, pages 384-393. IEEE Computer Society.
- Fujisaki, E. and Okamoto, T. (1999). Secure integration of asymmetric and symmetric encryption schemes. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 7899, pages 537-554, London, UK. Springer-Verlag.
- Galindo, D., Morillo, P., and Rfols, C. (2008). Improved certificate-based encryption in the standard model. Journal of Systems and Software, 81(7):1218 - 1226.
- Gennaro, R., Jarecki, S., Krawczyk, H., and Rabin, T. (2001). Robust threshold dss signatures. Inf. Comput., 164(1):54-84.
- Gennaro, R., Jarecki, S., Krawczyk, H., and Rabin, T. (2007). Secure distributed key generation for discretelog based cryptosystems. Journal of Cryptology, 20:51-83. 10.1007/s00145-006-0347-3.
- Gentry, C. (2003). Certificate-based encryption and the certificate revocation problem. In Biham, E., editor, Advances in Cryptology EUROCRYPT 2003, volume 2656 of Lecture Notes in Computer Science, pages 641-641. Springer Berlin / Heidelberg.
- Herzberg, A., Jarecki, S., Krawczyk, H., and Yung, M. (1995). Proactive secret sharing or: How to cope with perpetual leakage. In Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 7895, pages 339-352, London, UK. Springer-Verlag.
- Libert, B. and Quisquater, J.-J. (2003). Efficient revocation and threshold pairing based cryptosystems. In Proceedings of the twenty-second annual symposium on Principles of distributed computing, PODC 7803, pages 163-171, New York, NY, USA. ACM.
- Lu, Y. (2011). An efficient and provably secure certificatebased encryption scheme. In Zhou, Q., editor, Theoretical and Mathematical Foundations of Computer Science, volume 164 of Communications in Computer and Information Science, pages 54-61. Springer Berlin Heidelberg.
- Lu, Y. and Li, J. (2009). Forward-secure certificate-based encryption. In Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02, IAS 7809, pages 57-60, Washington, DC, USA. IEEE Computer Society.
- Lu, Y., Li, J., and Xiao, J. (2009). Threshold CertificateBased Encryption: Definition and Concrete Construction. In 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing, pages 278-282. IEEE.
- Noack, A. and Spitz, S. (2008). Dynamic threshold cryptosystem without group manager. Cryptology ePrint Archive, Report 2008/380. http://eprint.iacr.org/.
- Park, C. and Kurosawa, K. (1996). New ElGamal Type Threshold Digital Signature Scheme. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E79-A(1):86-93.
- Pedersen, T. P. (1991). A threshold cryptosystem without a trusted party. In Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques, EUROCRYPT'91, pages 522-526, Berlin, Heidelberg. Springer-Verlag.
- Shamir, A. (1979). How to share a secret. Commun. ACM, 22:612-613.
- Shao, Z. (2011). Enhanced certificate-based encryption from pairings. Comput. Electr. Eng., 37:136-146.
- Shoup, V. (2000). Practical threshold signatures. In Proceedings of the 19th international conference on Theory and application of cryptographic techniques, EUROCRYPT'00, pages 207-220, Berlin, Heidelberg. Springer-Verlag.
- Wang, G. (2003). On the security of the li-hwang-leetsai threshold group signature scheme. In Lee, P. and Lim, C., editors, Information Security and Cryptology ICISC 2002, volume 2587 of Lecture Notes in Computer Science, pages 75-89. Springer Berlin / Heidelberg. 10.1007/3-540-36552-4-6.

#### Paper Citation

#### in Harvard Style

P. Fournaris A. (2012). **Distributed Threshold Certificate based Encryption Scheme with No Trusted Dealer** . In *Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)* ISBN 978-989-8565-24-2, pages 314-320. DOI: 10.5220/0004075803140320

#### in Bibtex Style

@conference{secrypt12,

author={Apostolos P. Fournaris},

title={Distributed Threshold Certificate based Encryption Scheme with No Trusted Dealer},

booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},

year={2012},

pages={314-320},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0004075803140320},

isbn={978-989-8565-24-2},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)

TI - Distributed Threshold Certificate based Encryption Scheme with No Trusted Dealer

SN - 978-989-8565-24-2

AU - P. Fournaris A.

PY - 2012

SP - 314

EP - 320

DO - 10.5220/0004075803140320