GESG Identity-Based Public Key Cryptography (ID-PKC)

Amir Herzberg AMIR at
Wed Aug 1 05:10:09 EDT 2001

ID based public key is not a new concept, I believe first proposed by Adi
Shamir in Crypto 84 (the first I attended :-). It's a cute concept, but I'm
skeptic about its practical value - except of course as a way to force
parties to use private keys known to authorities :-(

The security requirement of ID based PKC is challanging, even more than
`regular` PKC (which is obviously a special case). So there were many works
proposing systems and also many attacks - although recently there are some
proposals with proofs of security (with strong assumptions...), e.g. Boneh &
Franklin in upcoming Crypto, see 

But, what is the practical value of ID based systems? Not sending the public
key? Give me a break... 
> M Taylor wrote:
> > The UK Communications-Electronics Security Group (CESG), the "defensive"
> > arm of the GCHQ, have published details about another PKC concept,
> > identity-based PKC, where every user's public key are predetermined by
> > unique identifier, such as email address. It does use a(/two) trusted
> > server(s), but might be viewed as an easier to use infrastructure than
> > tranditional PKI in some situations.

In what scenarios exactly? Many PKI scenarios are not ID specific at all -
ID is just one way to establish trust... And even when people use IDs, why
assume everybody trusts (completely!) the same authority?

Best, Amir 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list