ID-based Cryptography and User Authentication

Published in

GigTricks

8 min readAug 7, 2018

Before we get involved with a complex topic as such as cryptographic identity involving user authentication let’s first fathom the two concepts individually. After reading this article you will acquire the basic knowledge of cryptographic identity and how it is used for the means to authenticate users.

What is Cryptography?

Let’s create a scenario of why you would be finding a need for the cryptography. Consider you need to send an urgent message to a friend of yours, who’s on the other side of the planet. The message is a secret or contains sensitive information that you don’t want to reach the hands of any untrusted individual. For this case, to prevent others from reading your message you encrypt the plaintext (text written in any common language) to an encryption. Now what really happens is, the plaintext become ciphertext and no one could read what’s written in the message or understand it without the help of a key to decrypt the encryption. So that is what the process of cryptography involves.

The concept of cryptography is here now and it is widely used in terms of the user authentication process. Now that you have understood cryptography we can proceed further to the real target we want to achieve through this article.

What is Cryptographic Identity aka ID based Cryptography?

Cryptographic Identity or ID-based cryptography is the kind of a public key cryptography. Where the strings used to represent an individual or an organization are in general the public keys. Hence a public string may incorporate email, or a domain name or an IP address to be precise.
In an identity-based system, a party is able to create public key via any known value. Private Key generator acts as the third party that is tasked to create the corresponding private key. For beginning the operation, a master public key is published by the PKG (Private Key Generator), whereas the master private key is retained by PKG. The public key can be computed in case a party contains the Master Public Key. It corresponds to the ID while combining the master public key with the (identity) value. For the (corresponding) private key, parties that authorized to use the ID contact the PKG.

Why do we find the Need for Cryptographic Identity?

We as Internet users often rely on the Internet for communications, file transfers, gaining information, and accessing literally anything via the Internet. Mostly nowadays our private information is dealt with digitally and online. Our passwords, pin codes, bank accounting transactions, insurance, even health reports are often stored digitally. But the thing of worry is, the servers where you store your private and personal information Consider Gmail or Facebook, they are centralized, the entire Internet is centralized so security can be compromised easily.
Identity theft is a major reason why cryptography has come to the aid of users digitally. That you will come to know later as we proceed further with the article. The consequences of identity digitally compromised may result in you changing credit cards, passwords, pin codes and other information. Any hacker can breakthrough your system’s firewall or Smartphone’s and get through your data with ease. Without even your knowledge your information will be easily accessed and used whatever way they want.

Blockchain here comes to your rescue in the most digital way possible. You can get your centralized model of information and get it into a decentralized environment with the implementation of a blockchain technology along with cryptographic hashing.

The Use of Verifying Cryptographic Identity

The first and probably the foremost of uses of cryptographic identity is its part in verification in digital conversation. The conversation can be either an ssh client logging into the ssh server, uploading of a package by Debian Developer to the server, bank’s website being displayed and accessed over a browser and the list can go on. What is the work of cryptography in these different and distinct cases? You must be wondering that at the moment. Well to suffice you with an easy answer, cryptography is here ensuring that the received replies on the software are from the user or an entity they are expected from. This execution is executed with the help of checking the correct cryptographic key against the current key. As there is no point of reference, the key you see for the first, you will consider it to be the one you are expecting. Because you don’t really have a way to figure that out.

For the process to be executed successfully there is a need for a method to verify a given key and give it a reference. Regarding the concept of implementation, there are various discreet means to perform this execution.

• Central Certificate Authorities: Generating a list of central certificate authorities same as the one HTTPS uses.

• Verification of Fingerprints: What I mean to narrate to you is the means to introduce a middle channel where the two people involved in a conversation may manually check one another’s key (fingerprints).

• SMP (Social Millionaires’ Protocol) consists of user-generated questions and the cryptographic method will determine whether the other user has answered questions correctly or not.

• Persistence of Pseudonym: this method implies you saving the key the time you see it. And later on, using that key as the reference (mostly people use SSH this way).

• Share a secret: This method works like you and the person on the other side, both share a common secret and exchange it for the identification.

Implementation of these methods has their own merits and demerits which you will come to know probably when you have implemented one or the other. I believe personally people would often and easily adapt the technique Persistence of Pseudonym.

An insight into the Merits and Demerits of ID-Based Cryptography

Since we have fathomed the concepts of cryptography, ID-based cryptography and the concept of its functioning, let’s delve and discuss their advantages against the disadvantages. So let’s just sketch the merits first:

Pros of ID-based Cryptography

It is emphasized over the user’s public key is their identity. Eliminating certificate needs.
An entity working towards generating the private key of a public key in parallel.
One of the biggest perks of ID-based Cryptography is that there is a need for preparation of any sort for receiving an encrypted message by the recipient.
Another pro that we must keep in sight is you don’t have to manage the public key infrastructure.
No public key distribution infrastructure.
No Revocation Problem incurs in the Identity-based schemes (as public keys can be any of the identities).

Cons of ID-based Cryptography

Probably the most discussed disadvantage is inherent key escrow. Some cases it emerges to be a pro but often it is regarded and termed to be a disadvantage of Identity-based cryptography. What I would like is for an option available of choosing whether the adopters want or don’t want this feature.
Since all our private are held with PKG it requires more than expected means to assure the consumers.
One major con is that IBE (Identity-based Encryption) allows global key escrow.

Dual Nature of “Inherent Key Escrow”

We can fathom the term Key Escrow from the simple definition that “it is the organization where those keys are stored which carry the (encrypted) data to decrypt it.” This may let (authorized) third parties to access these keys stored in the escrow.

Key Escrow is regarded as the problem found to be in all identity-based cryptographic systems. in the public domain. Consider the IBE schemes, where the private keys are issued to the users by the key generator (PKG). PKG decrypts/signs the messages, however, in encryption this is only useful when the privacy of a user is limited.

I don’t consider the escrow desirable with the regards to the signatures, because of digital signature schemes find the non-repudiation property as an essential requirement.

The disadvantage we encounter working with the inherent key escrow is that it makes decryption and signature both reside on the system.
Even though it has a notable disadvantage still it opens the door for many other features that aren’t observed in PKI systems.
PKG handle cryptographic operations for users tend to focus on improving the user-friendliness which doesn’t need any client-side installation.
The user who has not got possession of their private keys, it might be stored over the PKG. As the PKG tends to have a better and more secure environment than the workstation users have.

The Implementations of Identity-based Cryptography

Talking about the implementation of Identity-Based Cryptography following are some of the many systems implementing the IDC and are enlisted down below:

Stanford IBE System: Was built and developed by Boneh and Franklin, which was built using C++ based IBE implementation, MIT–style license published it.
MIRACL: It is a C++ based library (cryptographic) developed by the Shamus Software.
Voltage Security Inc. has built the most renowned implementation of the IBE. They offer valuable plugins for various mail clients

ID-based Cryptography application in MANETs:

Ever since the introduction of ID-based cryptography, it has been successfully linked with MANETs. Secure Routing, Key Management, Improvement of PKI, and many other aspects of the MANET are enhanced by the application of ID-Based Cryptography. Let us have a look at the application in Secure Routing Protocols and the IDC based PKIs for now:

1. Secure Routing Protocols

One of the crucial application of IBC is in the MANET. It is done in order to style the secure routing protocols. As the key is the unit is available, the ICB will be applied to either the on-demand routing protocols like DSR or the OLSR (link state routing protocol). Routing message will be encrypted and then signed by the sender, where it is decrypted and verified by the receiver.

2. IDC based PKI:

The PKC is what the PKIs are based upon in a MANET as the resources (computational/communication) are limited so these aren’t very suitable for any case. With the application of an IDC in MANET, a different and hybrid PKI is placed in the MANET. Many authorities go in favor of the MANET implementing a hybrid PKI. Therefore, a robust and scalable key management scheme comes into existence.

3. Peer Collaboration in MANETs

Peer collaboration in the ad hoc networks faces troubles in terms of autonomous peers, malignant, heterogeneous networks. The solution to this problem was supposed to be a mechanism (payment-incited) but they do have a demerit. The payment-incited mechanism is dependent on the interactive authorities. If not that, then they are heavy for wireless ad hoc networks.

So using Identity-Based cryptography will lay fruitful results. This incorporate development of using schemes that will use ID-based signature along with the verification mechanism for the authentication. The above were some of the many phases where Identity-based cryptography and Identity-based encryption may play a vital role towards enhancement and better functioning of the MANET. Not only that, this will lead to developing, innovating, and enhancing the wireless ad-hoc network.

Though claiming or proclaiming any predictions over the future of the Identity-based Cryptography right now can be properly put, neither is there much information nor data in literature present at the moment. But the implementation of this may be revolutionizing in terms of user authentication. This might be the digital fingerprint and open doors to the future in the aspects of authentication.

GigTricks is a blockchain based startup seeking to create benefit in the freelance and on-demand industry with the help of its innovative features that will empower freelancers and entrepreneurs alike. GigTricks have already achieved 112% of its soft cap and raised US $2.83 Million. The Token Sale is LIVE, buy GBTC tokens before the sale ends.

Handy Links

Join GigTricks Token Sale: https://gigtricks.io/
Telegram Group: https://t.me/gigtricks
Twitter @GigTricksGlobal: https://twitter.com/gigtricksglobal
Instagram @GigTricks: https://www.instagram.com/gigtricks/
Reddit: https://www.reddit.com/r/GigTricks/
Discord: https://discord.gg/naFTcpG
Medium: medium.com/gigtricks
Facebook: Like GigTricks
Linkedin: Company Page
Youtube: Subscribe Channel
Slack: Join Community
Google+: Join Us