Abstract
Identity-Based Cryptography (IBC) is a useful tool for the security of IoT devices, but securely deploying this cryptographic technique to the IoT systems is quite challenging. For instance, a leakage of the master secret key will result in the leakage of all IoT devices’ private keys. SM9 is the only approved IBC algorithm standard in China. It is critical to have mechanisms to protect the SM9 master secret keys. In this work, to reduce the risk of the master secret key leakage, we propose a (t, n)-threshold distributed private key generation scheme for SM9 with some techniques from multiparty computation. Our scheme is compatible with all the three SM9 sub-algorithms (i.e., the encryption, signature and key agreement). It is also provably secure and completely eliminates the single point of failures in SM9 that is concerned by the industry. The experimental analysis indicates that the proposed scheme is efficient, e.g., up to 1 million private key generation requests can be handled per day.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The Sony PS3 and Bitcoin crypto hacks. https://tinyurl.com/udg5tyg.
- 2.
DKG vs. DPKG: DPKG is a branch of DKG. Within IBCs, DPKG captures the property of distributedly generating user private keys more precisely. Besides user private keys, our scheme also generates the master secret key distributedly.
- 3.
\(n \ge 2t+1\) is required because the distributed extraction phase of SM9 involves secret reconstruction from 2t-privately Shamir shares.
References
GM/T 0044.1-2016: identity-based cryptographic algorithms SM9-part 1: General. Technical report (2016)
GM/T 0044.5-2016: identity-based cryptographic algorithms SM9-part 5: Parameter definition. Technical report (2016)
Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-40061-5_29
Asharov, G., Lindell, Y.: A full proof of the BGW protocol for perfectly secure multiparty computation. J. Cryptology 30(1), 58–151 (2017)
Baek, J., Safavi-Naini, R., Susilo, W.: Certificateless public key encryption without pairing. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 134–148. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_10
Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In: Rudnicki, P. (ed.) PODC 1989, pp. 201–209. ACM (1989)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Boyen, X.: General Ad Hoc encryption from exponent inversion IBE. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 394–411. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_23
Chen, L., Harrison, K., Soldera, D., Smart, N.P.: Applications of multiple trust authorities in pairing based cryptosystems. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 260–275. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45831-X_18
Cheng, Z.: The SM9 cryptographic schemes. IACR Cryptology ePrint Archive 2017, 117 (2017). https://eprint.iacr.org/2017/117.pdf
Cheng, Z.: Security analysis of SM9 key agreement and encryption. In: Guo, F., Huang, X., Yung, M. (eds.) Inscrypt 2018. LNCS, vol. 11449, pp. 3–25. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14234-6_1
Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_19
Gao, W., Wang, G., Wang, X., Chen, K.: Generic construction of certificate-based encryption from certificateless encryption revisited. Comput. J. 58(10), 2747–2757 (2015)
Geisler, M., Smart, N.P.: Distributing the key distribution centre in Sakai–Kasahara based systems. In: Parker, M.G. (ed.) IMACC 2009. LNCS, vol. 5921, pp. 252–262. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10868-6_15
Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_17
Goldwasser, S., Ben-Or, M., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computing. In: STOC, pp. 1–10 (1988)
Lai, J., Kou, W.: Self-generated-certificate public key encryption without pairing. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 476–489. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_31
Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., Yoo, S.: Secure key issuing in id-based cryptography. In: Hogan, J.M., Montague, P., Purvis, M.K., Steketee, C. (eds.) ACSW Frontiers 2004, CRPIT, vol. 32, pp. 69–74 (2004)
Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 613–644. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_21
Long, Y., Xiong, F.: Collaborative generations of SM9 private key and digital signature using homomorphic encryption. In: ICCCS 2020, pp. 76–81. IEEE (2020)
Sakai, R., Kasahara, M.: Id based cryptosystems with pairing on elliptic curve. IACR Cryptology ePrint 2003, 54 (2003). https://eprint.iacr.org/2003/054.pdf
Smart, N.P.: Cryptography Made Simple. Information Security and Cryptography. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-21936-3
Xu, S., Ren, X., Yuan, F., Guo, C., Yang, S.: A secure key issuing scheme of SM9. Comput. Appl. Softw. 37(01) (2020)
Acknowledgements
The authors would like to thank the anonymous reviewers for their valuable comments. This work was supported in part by National Natural Science Foundation of China (Nos. 61772520, 61802392, 61972094, 61472416, 61632020), in part by Key Research and Development Project of Zhejiang Province (Nos. 2017C01062, 2020C01078), in part by Beijing Municipal Science and Technology Commission (Project Number Z191100007119007 and Z191100007119002).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, R., Zou, H., Zhang, C., Xiao, Y., Tao, Y. (2021). Distributed Key Generation for SM9-Based Systems. In: Wu, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2020. Lecture Notes in Computer Science(), vol 12612. Springer, Cham. https://doi.org/10.1007/978-3-030-71852-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-71852-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71851-0
Online ISBN: 978-3-030-71852-7
eBook Packages: Computer ScienceComputer Science (R0)