An Identity Based-Identification Scheme with Tight Security against Active and Concurrent Adversaries

Abstract

Identification schemes are used by machines to securely authenticate the identity of other machines or their users over computer networks. As conventional public key schemes require a trusted third party (TTP) or a public file to ensure the corresponding public key matches with the identity, identity-based cryptosystems emerged as a form of certificate-free system. The entity's identity is the public key itself, therefore eliminating the need for a TTP. The identity-based identification (IBI) scheme introduced by Kurosawa and Heng using their transform in 2004 remains as the only IBI derived from the Boneh-Lynn-Shacham (BLS) short signature scheme which has the advantage of shorter keys. We show tight security reduction against active and concurrent attackers (imp-aa/ca) on our scheme that is obtained from the same transform. As the transform will only produce schemes that are only secure against passive attackers (imp-pa), security against imp-aa/ca scheme relies on a strong One-More interactive assumption and therefore resulted in weak security. While the OR-proof method allows schemes secure against imp-pa to be secure against imp-aa/ca, the resulting security against imp-aa/ca will suffer from loose bounds in addition to the user secret keys being doubled in size. Our work avoids both OR-proof and strong interactive assumptions by showing an ad-hoc proof for our construction which utilizes the weaker well-studied co-computational Diffie-Hellman assumption and yet still has tight security against imp-aa/ca. We demonstrate the tight security of our scheme which allows usage of even shorter key sizes.