Certificateless Authenticated Two-Party Key Agreement Protocols

Certificateless public key cryptography (CL-PKC) was proposed to overcome the weaknesses of the public key infrastructure (PKI) and identity-based cryptography (ID-PKC). In PKI, certificates are used to provide the authenticity of public keys. However, a PKI faces many challenges in practice, such as the scalability of the infrastructure and certificate management (distribution, revocation, storage, and validation costs). ID-PKC does not use certificates, but employs a key generation center (KGC) that will know every user’s private key. Hence, the KGC will also be able to trace each user transaction and may cause loss of privacy if it’s not trusted. In CL-PKC, on the other hand, the KGC does not have this information. Thus, CL-PKC is often considered a cross between PKI and ID-PKC. In their seminal paper on CL-PKC, Al-Riyami and Paterson (AP) proposed a certificateless authenticated key agreement protocol. Key agreement protocols are one of the fundamental primitives of cryptography, and allow two or more parties to establish secret keys securely in the presence of an eavesdropping adversary. AP’s protocol, the only certificateless key agreement protocol proposed so far, essentially requires each party to compute four bilinear pairings. Such pairings can be computationally intensive to compute, and should therefore be used moderately in protocols. In this thesis, we propose a new certificateless authenticated two-party key agreement protocol that only requires each party to compute two pairings. We perform a security analysis and heuristically argue that the protocol obtains the desired security attributes. We also show that our protocol can be used to establish keys between members of distinct domains (under different KGCs). Finally, we compare the protocol’s efficiency to current identity-based and certificateless protocols.