RIKE+: using revocable identities to support key escrow in public key infrastructures with flexibility

Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality require key escrow in certain scenarios, whereas some others such as non-repudiation and authentication usually prohibit key escrow. Moreover, these two conflicting requirements can coexist for one PKI user. The popular solution in which each user has two different certificates and an escrow authority backs up all escrowed private keys faces the problems of efficiency and scalability. In this study, a novel key management infrastructure called RIKE+ is proposed to integrate the ‘inherent key escrow’ of identity-based encryption (IBE) into PKIs. In RIKE+ , (the hash value of) a user's PKI certificate also serves as a ‘revocable identity’ to derive the user's IBE public key, and the revocation of this IBE key pair is achieved by the certificate revocation of PKIs. Therefore the certificate binds the user with two key pairs, one of which is escrowed inherently and the other is not. Furthermore, RIKE+ employs chameleon hash to flexibly control the relationship between the certificate and the IBE key pair. In the case of certificate renewal and revocation, chameleon hash enables RIKE+ to manipulate the hash value of the new certificate, so the user's IBE key pair is not unconditionally changed unless it is necessary. RIKE+ is an effective certificate-based solution compatible with traditional PKIs and can be built on existing X.509 PKIs.