Recently, Au et al. [Au et al. 2007] pointed out a, seemingly neglected security concern for certificateless public key encryption (CL-PKE) scheme, where a malicious key generation center (KGC) can compromise the confidentiality of the messages by embedding extra trapdoors in the system parameter. Although some schemes are secure against such an attack, they require random oracles to prove the security. In this paper, we first show that two existing CL-PKE schemes without random oracles are not secure against malicious KGC, we then propose the first CL-PKE scheme secure against malicious KGC attack, with proof in the standard model.
|Pages (from-to)||463 - 480|
|Number of pages||18|
|Journal||Journal of Universal Computer Science|
|Publication status||Published - 2008|