密碼學發展的過程中，如何透過加密技術保護使用者資料的隱私及確認使用者身份常常是研究的主題，我們所熟悉的公鑰基礎建設（Public Key Infrastructure, PKI）為了確認用戶身份是合法的，須透過憑證管理中心（Certification Authority, CA）進行用戶認證，但由於CA在協同工作中需要彼此交換憑證，在憑證管理上需大量憑證存儲問題外，也需要花額外的計算來處理驗證和撤銷憑證等問題。
自身份公鑰加密技術（Identity-based Public Key Cryptography, ID-PKC）概念提出後，用戶可使用其身份代表其公鑰，並將其傳至金鑰產生中心（Key generation center, KGC），KGC收到後產生用戶的私鑰，這解決PKI需要交換憑證的問題，但是，ID-PKC卻存在一個金鑰託管問題，KGC知道所有用戶的私鑰。
因此，陸續有許多篇論文提出解決方案，近期有篇論文參考Lee等人所提出的方案後，改採區塊鏈之聯盟鏈方式去解決，該方案雖然成功解決了金鑰託管及原始金鑰授權中心(Key privacy authority, KPA)沒有機制驗證用戶身份的缺點，但因採用聯盟鏈太過龐大，且所需資源需求大。
在本文中，我們將研究Lee等人提出的方案，透過其原始架構優勢並結合身份密碼搭配免憑證優勢，提出我們的改良方案，讓KPA有驗證用戶身份的機制外，我們方案讓用戶在計算私鑰上，能有效減少雙線性配對計算以及減少KPA驗證等待的時間。

In the process of cryptography development, how to protect the privacy of user data and verify user identity through encryption technology is often the subject of research. Authority (CA) for user authentication but since CA needs to exchange certificates with each other in collaborative work, a large number of certificate storage issues are required in certificate management and additional calculations are required to handle problems such as authentication and revocation of certificates.
Since the concept of Identity-based Public Key Cryptography (ID-PKC) was proposed, the user can use its identity to represent its public key and transmit it to the Key generation center (KGC) and the KGC receives it and generates the user’s private key, which solves the problem that the PKI needs to exchange certificates. However, ID-PKC has a key escrow problem and KGC knows all user’s private keys.
Therefore, there are many papers proposing solutions one after another. Recently, one paper referred to the solution proposed by Lee et al. and adopted the Consortium Blockchain approach to solve the problem. Although the solution successfully solved the shortcomings of key escrow and the original Key privacy authority (KPA) without a mechanism to verify the user's identity, the Consortium Blockchain was too large and required large resources.
In this paper, we will study the scheme proposed by Lee et al. and propose our improved scheme by combining the advantages of its original architecture with the advantages of identity cryptography and certificateless, so that KPA has a mechanism to verify the user's identity and our scheme allows the user to effectively reduce the bilinear pairing calculations and reduce the waiting time for KPA authentication in the calculation of private keys.

[1] Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE transactions on Information Theory, 22(6), 644-654.
[2] Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
[3] ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4), 469-472.
[4] Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48(177), 203-209.
[5] Hunt, R. (2001, October). PKI and digital certification infrastructure. In Proceedings. Ninth IEEE International Conference on Networks, ICON 2001. (pp. 234-239). IEEE.
[6] Perlman, R. (1999). An overview of PKI trust models. IEEE network, 13(6), 38-43.
[7] Adams, C., & Lloyd, S. (2003). Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional.
[8] Chokhani, S., Ford, W., Sabett, R., Merrill, C. R., & Wu, S. S. (2003). Internet X. 509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC, 3647, 1-94.
[9] Shamir, A. (1984, August). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47-53). Springer, Berlin, Heidelberg.
[10] Boneh, D., & Franklin, M. (2001, August). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213-229). Springer, Berlin, Heidelberg.
[11] Boneh, D., Lynn, B., & Shacham, H. (2001, December). Short signatures from the Weil pairing. In International conference on the theory and application of cryptology and information security (pp. 514-532). Springer, Berlin, Heidelberg.
[12] Al-Riyami, S. S., & Paterson, K. G. (2003, November). Certificateless public key cryptography. In International conference on the theory and application of cryptology and information security (pp. 452-473). Springer, Berlin, Heidelberg.
[13] Liu, J. K., Au, M. H., & Susilo, W. (2007, March). Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 273-283).
[14] Waters, B. (2005, May). Efficient identity-based encryption without random oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 114-127). Springer, Berlin, Heidelberg.
[15] Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. computer, 35(10), 54-62.
[16] Huang, X., Mu, Y., Susilo, W., Wong, D. S., & Wu, W. (2007, July). Certificateless signature revisited. In Australasian Conference on Information Security and Privacy (pp. 308-322). Springer, Berlin, Heidelberg.
[17] Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557-594.
[18] Zhou, B., Li, H., & Xu, L. (2018, June). An authentication scheme using identity-based encryption & blockchain. In 2018 IEEE Symposium on Computers and Communications (ISCC) (pp. 00556-00561). IEEE.
[19] Boneh, D., Gentry, C., Lynn, B., & Shacham, H. (2003, May). Aggregate and verifiably encrypted signatures from bilinear maps. In International conference on the theory and applications of cryptographic techniques (pp. 416-432). Springer, Berlin, Heidelberg.
[20] Bellare, M., Namprempre, C., & Neven, G. (2007, July). Unrestricted aggregate signatures. In International Colloquium on Automata, Languages, and Programming (pp. 411-422). Springer, Berlin, Heidelberg.
[21] Boldyreva, A., Gentry, C., O'Neill, A., & Yum, D. H. (2007, October). Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In Proceedings of the 14th ACM conference on Computer and communications security (pp. 276-285).
[22] Ahn, J. H., Green, M., & Hohenberger, S. (2010, October). Synchronized aggregate signatures: new definitions, constructions and applications. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 473-484).
[23] Zhang, C., Lu, R., Lin, X., Ho, P. H., & Shen, X. (2008, April). An efficient identity-based batch verification scheme for vehicular sensor networks. In IEEE INFOCOM 2008-The 27th Conference on Computer Communications (pp. 246-250). IEEE.
[24] Wasef, A., Jiang, Y., & Shen, X. (2009). DCS: An efficient distributed-certificate-service scheme for vehicular networks. IEEE Transactions on Vehicular Technology, 59(2), 533-549.
[25] Xiong, H., Guan, Z., Chen, Z., & Li, F. (2013). An efficient certificateless aggregate signature with constant pairing computations. Information Sciences, 219, 225-235.
[26] Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., & Yoo, S. (2004, January). Secure key issuing in ID-based cryptography. In Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation-Volume 32 (pp. 69-74).
[27] Menezes, A. J., Okamoto, T., & Vanstone, S. A. (1993). Reducing elliptic curve logarithms to logarithms in a finite field. iEEE Transactions on information Theory, 39(5), 1639-1646.