Certificate-less authenticated encryption


Certificate-less authenticated encryption adds authentication to ID-based encryption. It is an asymmetric encryption algorithm that can exchange secrets between any two entities without the need to administer keys.

Trusted center

A user is to register itself with the trusted center by first authenticating itself with the trusted center. The TC generates the private key of the user and then distributes it to the user.
The trust of the user in the TC includes:
The user joins by acquiring a private key from a trusted third party 'trust center'. The recipient registers itself with the trusted center by first authenticating itself with the TC. Authentication can be anything like password-based, challenge-response, biometric authentication, etc. The TC generates a private key using its own private key and the identity of the joining user. The private key is then securely transmitted to the joining user.

Sender

The sender uses the identity of the recipient and the public key of the TC to locally generate the public key of the recipient. The sender can choose any TC, thus forcing the recipient to acquire his private key from that TC.

Recipient

After the recipient has joined, he can decrypt the received message.
Upon response to a message the sender becomes the recipient and vice versa.

Comparison

'Normally' a public/private key pair has to be generated and the public key distributed, before any messages can be securely sent or received. In the case of CLAE messages can already be sent with the public key, before the private key has been distributed to the recipient. The public key of any recipient can already be acquired from a TC, before the recipient has registered.

History

In August 2017 the patents for certificate-less authenticated encryption were transferred to VIBE Cybersecurity International LLC and the schema was re-branded as Verifiable Identity Based Encryption.