Abstract: Identity-Based Encryption(IBE) provides much more convenience against traditional public key cryptography， but newly proposed schemes can not eliminate key escrow. Aiming at this problem, this paper proposes a new scheme to control key escrow or eliminate it completely. In this model, users are divided into different groups and these groups are associated with each other by inter-trust. A key agreement protocol based on it is provided. Analysis result proves that the model does not need extra infrastructures, and does not increase the cost of computation or communication for key agreement.

Key words: key management, Identity-Based Encryption(IBE), key escrow, key agreement

摘要： 与传统的公钥密码体系相比，基于身份加密(IBE)具有许多优点，但目前提出的IBE模型都未能消除密钥托管。针对该问题，提出一种新的IBE模型，该模型可以控制密钥托管的范围或完全消除密钥托管，通过区域划分和域间互信，实现跨域互连，并给出在此基础上的对等密钥协商协议。分析结果表明，该模型未增加额外的结构，也未增加密钥协商的计算量或通信开销。

关键词: 密钥管理, 基于身份加密, 密钥托管, 密钥协商

CLC Number: 

• TP309.2