# I. INTRODUCTION he advent of asymmetric encryption represented a great advances in safety of computers, especially because it solved the problem of key exchange algorithms for symmetric encryption. But attacks have been taking the advantage of the fact that it does not have a guarantee on who and the true owner of a public key, so that a user can impersonate another easily by making use of a necessary mechanism of association between a public key and its owner. To resolve this problem was created the mechanism of certified digital, that uses a hierarchical structure of certifying authorities, able to ensure properly the possession of a given public key. This mechanism works very well in open organizations such as the internet. In 1984 a model-based cryptographic identities was proposed by Shamir [1]. This model was intended to prevent the use of Digital Certificates, using the identity of the user as its public key. This identity could be an address of e-mail, Social Security number, full name, or a combination is of these elements. The private key would be obtained through a trusted third party(TA -trust authoraty). With this, digital certificates would be necessary only in identification of this central authority, drastically reducing their use. A problem that exists in this idea is the knowledge of the private key by the central authority, needed a total expectations by the user, which requires a lot of care from practical and legal point of view. On the other hand, does not need the entire infrastructure of hierarchical authorities for the management of the keys by making the model more simple and suitable for organizations where hierarchy and its limitations are well controlled. Shamir developed a signature scheme based on identities, whose operation is similar to the RSA. He also speculated on the existence of a scheme that has a problem that has been solved in practice by the cryptosystem of Boneh and Franklim [2], whose safety has been rigorously demonstrated. # a) Signature Scheme Based on Identities of Shamir The signature scheme of Shamir based on Identities and all other forms of encryption based on identities, being divided into four steps: 1. Setup: this step and held by authority of expectations to generate the global parameters of the system and the master key, which will underpin that only the TA can generate private keys. 2. Generation of private key: this algorithm receives as input the master key and the identity of a user, returning the associated private key. 3. Signature: given a private key and a message, the algorithm returns the signature. 4. Checking: given an identity, a message and a signature, the algorithm returns true if the signature of that message matches the identity supplied, and returns false if contradicts. # II. INTRODUCTORY CONCEPTS a) Security We will now define some important issues to determine the security of an algorithm based on an additive group, as is the case of elliptic curves encryption [4]: ? Problem of discrete logarithm: Given Q = nP, determine n. ? Problem Computational Diffie-Hellman: Three Data points P, aP, bP, determine abP. ? Problem of decision Diffie-Hellman: Four Data elements P, aP, bP and cP belonging to a group G, answer true if and only if C? ab(Mod #G). T One of the first uses of pairings was made by Joux [5]. In this article he showed how the decision has to be taken to issue the Diffie-Hellman can be easy through the bilinear maps, thus managed to produce an application for key sharing among three parties in a single round. # b) Elliptic Curves An elliptic curve E defined over a finite field F p m and a set of points P = (x, y) with x,y ? F p m such that y 2 + a 1 xy+a 3 y +a 2 = x 3 + a 2 x 2 + a 4 x + a 6 (standard medium Weiers trass) for a i ? F p m there, beyond the point at infinity, denoted by ?. Setting up an operation in an appropriate sum, the elliptic curve form an additive Abelian group with neutral element given by the point at infinity. An operation widely used in elliptic curve cryptography and scalar multiplication, where a point P and coupled with it own times k to k ? Z. A point of order positive integer this property. # III. IDENTITY-BASED ENCRYPTION Is the public key is predetermined (equal to the identity), and then calculate the secret key ? The answer to this question comes with the first model of security assumptions: there is a CA, with the following main responsibilities: ? Create and maintain safe custody of a secret master key S AC ? Identify and record all users of the system ? Calculate the secret keys of the users ? Deliver the secret keys securely (with confidentiality and authenticity) In 1984, Shamir described the model and algorithms for digital signature. It took almost two decades until efficient encryption algorithms were discovered and demonstrated for the identity -based model to create interest among researchers and industry. For comparison, in Table 1, we see that the secret key is calculated according to the secret system of authority and the user's identity. For a convenient f, it is not feasible to recover the master key from the ID values. And just the authority is able to generate secret keys, so that secret itself is a guarantee that the use of ID will work in cryptographic operations involving the owners identity. To encrypt a message to the owner ID or verify a signature ID, user ID using the identity over the public parameters of the system, They include the public key of the authority (see Figure 1). To decrypt a message to ID or to create a signature, the secret key ID is required. # a) Advantages The identity -based model is attractive because it has many interesting advantages. The first is that the public key can in most cases be easily remembered by humans. Very different from the conventional public key, which is usually a binary string with hundreds or thousands of bits? The identity can be informed by the user to their partners and there is no requirement to maintain key directories. To be able to view the saving processing time, storage costs and data transmissions, we will recall, for example, as It is generally a cryptographic operation with PCI. If Bob wants to encrypt a message to Alice, first of all, he must obtain the certificate that was issued to Alice (consulting a public directory or Alice itself). Bob needs check the validity period and the signature contained in the certificate. The signature verification is a process that sometimes runs the certification path of the certifying authorities involved in the hierarchy until they reach the root certification authority. If nothing goes wrong, Bob can save the Alice certificate for future use. The central idea of the public key cryptographic system based on Identity is very simple, because of the fact that the public key is a numeric value without explicit direction and which can be calculated from string of any significance?. In [ 1], it was proposed that the public key can be the user's identity, such as name , email address, social security number, cell phone number, IP address, serial number of electronic devices, etc. However, before each use, Bob need to consult a validation authority to verify that the certificate has not been revoked (often, a referral to a server that is online). Once the certificate is valid and not revoked, Bob extracts the public key of Alice, encrypts the message and transmits. In identity-based model, just if the system parameters are authentic Bob can encrypt a message based on the identity of Alice and send (considering that identity withdrawal is treated as explained below). A peculiarity of identity -based model is that the public key can be used before the secret key calculation. Thus, it is possible to encrypt a message for those who have not registered with the system authority or has secret key for decryption. In contrast to the model based on certificates, the user must first register and get the certificate, and then to receive an encrypted message under your public key. # b) Disadvantages The first disadvantage, which is characteristic of identity-based systems is the custody of keys. As explained above, the system authority has the ability to generate secret keys of all users under their responsibility. This implies that the authority reaches to the level of confidence that defined in [10]. Consequently, you can decrypt any encrypted texts that have access (if you can identify the recipient's identity). You can also sign on behalf of any user and there is no irreversibility guarantee. Therefore, it is essential that the system of authority is reliable enough for eavesdropping of shares or counterfeiting as these are controllable. Custody of property keys, referenced by key escrow in English texts is not always undesirable. Within a company , for example, if all sensitive documents and data are encrypted by the employee who created it , the board may have access to decryption in case of death or termination of the employee . When there is need for monitoring the content of encrypted e-mail, it can also be justifiable custody of keys. However, for most applications, custodial key is a disadvantage. Another point unfavourable to identity -based model is the need for a secure channel for distribution of secret keys. If delivery occurs in networked and remote environment, it is necessary to ensure mutual authentication and delivery with secrecy. Another concern that one must have in identitybased model is the possibility of identity revocation. If the secret key of a user is compromised, its identity should be repealed. Therefore, it is not recommended to simply use the number of CPF or mobile phone, for example, as a user identifier. # c) Additional features As noted by [1], the identity -based model is ideal for groups of users, such as executives of a multinational company or branch of a bank, once the headquarters of these corporations can serve as system authority in all trust. Applications small scale, where the cost of deploying and maintaining an ICP are prohibitive, are candidates for the use of identity -based model. When the disadvantages cited above are not critical, the characteristics model allow interesting implementations. Some examples of services with time availability confidential document that can be revealed to the press or to a particular group , only from certain date and time ; bids an auction that should be kept secret until the end of negotiations ; or view a film that should be enabled only within the rental period contracted. The identity -based model has also been the subject of studies in search for alternatives to SSL / TLS, to Web applications, as shown in [ 7 ]. With the elimination of certificates the process of distributing public keys and access control will be simplified. Similarly, the model has been explored to provide security in a number of other application areas , such as grid computing and sensor networks (see for example [5 ] and [8 ] ) and other applications. # IV. PAIRINGS A pairing and a pair of mapping linearly independent points of an elliptic curve elements of a finite field is not cyclic. We denote the pairing of two points P and Q e(P, Q). The properties listed below are very interesting for cryptographic applications, are present both in pairing as Weil pairing Tate: ? Identity: Pairing a pair of matched points and mapped to the neutral element of the underlying finite field ? Bilinearidade: Data three points P, Q, R, pairing P + Q and R and the multiplication of the P and R pairing by pairing Q and R. This property is the most important of all, because through it we get the following: ? e(P,nQ) = e(P,Q) n = e(nP,Q) ? Do not degeneration: If P and Q are linearly independent, so their pairing and distinct from the neutral element of the underlying finite field. ? Efficiency: data any two points, its pairing can be calculated efficiently by a computer. a) Tate Pairing K is an integer such that F q k contains the n nth roots of unity. Pairing Tate and defined through the following mapping: e : E[n] × E/nE ? F q k /(F q k ) n where E [n] are the points P of the curve such that nP = ?.The Tate pairing can be calculated as e(P, Q) = g (D) where D and a divider point Q associated with a function whose rational divider n[P] -n [?]. The Miller algorithm [Mil04] can be used to calculate the function g. Menezes, Okamoto, and Vanstone [6] pairings used to perform a transformation of an elliptic curve points super singular to elements of a finite field generated by the unitary roots of unity. This transformation has allowed a large reduction in the difficulty of the discrete logarithm problem for these curves. Sakai, Ohgishi and Kasahara [8] made possible the construction of a ciframento protocol based on identities using pairings, this solved the problem proposed by Shamir in his article. # V. PROPOSED SCHEME Now we can describe in detail the proposed scheme. Configuration: Given k, the PKG singles groups of bilinear maps, G 1 , G 2 and G t , of prime order p> 2 k generators Q ? G 2 ,P=Ø(Q) ? G 1 ,g=e(P,Q) ? G t Select s random belonging to Z* p a public key of Q pub = SQ ? G 2 system summary cryptographic functions H 1 , H 2 and H 3 . Generation of key pair: For an identity ID, the private key and S ID = 1 ??1(????)+?? Q?G 2 . Encryption: Given a message M , the identity of the sender ID r and the identity of the recipient ID d , random x is used belonging to Z * p to calculate r=g x ,C=M ? H 3 ( r) and h =H 2 (M,r). It is estimated S=(x + h) ?? (S ID ) and T = x(H T (ID r )P + ??(Q pub) . The cipher text and the triple (c, S, T). Deciphering and verification: Given the triple (c, S, T) and the identity of the ID R sender is calculated as r = e(T, S IDd ), M = c ? H 3 (r) and h = H 2 (M, r). Accept message if r = e(S, H-1 (ID r )Q+Q pub )g -h , in which case the message M and signature (h, S) are returned. # VI. REVIEW This proposed scheme is interesting because their safety was demonstrated by Barreto semantically, in order to not be subject to attacks that occur when they are used some optimizations of Weil and Tate pairings. Also, please note that the simple junction of the features of this scheme and signature represents a gain of security. But there is a problem that has not been discussed, which is the abrogation of the private key. This question this open and represents a major problem for the security of any key establishment protocol, because the User can and should change your private key regularly. The problem is in the fact that the private key calculation is deterministic, that is, given the master key sea identity ID, the algorithm always returns the same private key. As the public key and the very identity, the User can not change your identity to obtain a new private key, and needed some other solution. Other asymmetric encryption schemes do not have this problem because the public key is published and revoked with its corresponding private key. # VII. CONCLUSION In this work it was possible to see that cryptosystems based on Identities are very interesting and represent an area of research that is growing. However the joint utilization of digital certificates and Identity-Based Protocols can be even more interesting as these two possible solutions to the problem of ensuring association between public key and its owner seem to be complementary. 1![Figure 1 : Encrypting the model based on the identity](image-2.png "Figure 1 :") 1![Journal of Computer Science and Technology Volume XVI Issue IV Version I Identity-Based Cryptosystem based on Tate Pairing n such that an extent NP = ? and n the smallest](image-3.png "Global 1 C") 1Secret keyPublicWarrantykeyS= f (ID, S AC )IDSCalculated by the authorityChosenand chosen by the user orbytheshared with the useruserorsharedwith theuserformattedforauthority * Identity-based cryptosystems and signature schemes AShamir Advances in Cryptology -Proceedings of CRYPTO 84 Lecture Notes in Computer Science 1985 196 * Identity-based encryption from the Weil pairing DBoneh MFranklin Advances in Cryptology -CRYPTO Lecture Notes in Computer Science 2001. 2001. 2003 32 * A comparison between traditional public key infrastructures and identitybased cryptography KPaterson GPrice 2003 8 Information Security Technical Report * Modern Cryptography -theory and practice WMao 2004 Prentice Hall * A one round protocol for tripartite Diffie-Hellman AJoux Algorithmic Number Theory, IV-Symposium (ANTS IV) WBosma Springer-Verlag 2000 1838 * Reducing elliptic curve logarithms to a finite field AJMenezes TOkamoto SAVanstone In IEEE Trans. Info. Theory 39 1983 * Function field sieve methods for discrete logarithms over finite fields LAdleman MHuang Information and Computation 151 1999 * Cryptosystem based on pairing RSakai KOhgishi MKasahara Symposium on Cryptography and Information Security Okinawa, Japan January 2000 * Software implementation of arithmetic in F3m OAhmadi DHankerson AMenezes International Workshop on Arithmetic of Finite Fields Lecture Notes in Computer Science WAIFI 2007. 2007 4547 * Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) ANSI X9.62 1999 American National Standards Institute * AAtkin FMorain Elliptic curves and primality proving 1993 * The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm RBalasubramanian NKoblitz Journal of Cryptology 11 1998 * Efficient pairing computation on supersingular abelian varieties PBarreto SGalbraith C´o MScott Designs, Codes and Cryptography 42 2007 * Efficient algorithms for pairing-based cryptosystems PBarreto HKim BLynn MScott Advances in Cryptology -CRYPTO 2002 Lecture Notes in Computer Science 2002 * Efficient implementation of pairing-based cryptosystems PBarreto BLynn MScott Journal of Cryptology 17 2004 * Pairing-friendly elliptic curves of prime order PBarreto MNaehrig Selected Areas in Cryptography -SAC 2005 Lecture Notes in Computer Science 2006 3897 * Diffie-Hellman is as strong as discrete log for certain primes BBoer Advances in Cryptology -CRYPTO '88 Lecture Notes in Computer Science 1996 403 * Efficient threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme ABoldyreva Public Key Cryptography -PKC 2003 Lecture Notes in Computer Science 2003 * Short group signatures DBoneh XBoyen HShacham Advances in Cryptology -CRYPTO Lecture Notes in Computer Science 2004. 2004 3152 * Public key encryption with keyword search DBoneh GDiCrescenzo ROstrovsky GPersiano Advances in Cryptology -EUROCRYPT 2004 Lecture Notes in Computer Science 2004 3027 * Identity-based encryption from the Weil pairing DBoneh MFranklin Advances in Cryptology -CRYPTO Lecture Notes in Computer Science 2001. 2001. 2003 32 * Aggregate and verifiably encrypted signatures from bilinear maps DBoneh CGentry HShacham BLynn Advances in Cryptology -EUROCRYPT 2004 Lecture Notes in Computer Science 2003 * Short signatures from the Weil pairing DBoneh BLynn HShacham Advances in Cryptology -ASIACRYPT Lecture Notes in Computer Science 2001. 2001. 2004 17 * The Technical Writer's Handbook. Mill Valley MYoung 1989 CA: University Science