Implicit Certificates

Implicit Certificates

Implicit Certificates are a variant of public key certificate, such that a public key can be reconstructed from any implicit certificate, and is said then to be "implicitly" verified, in the sense that the only party who can know the associated private key is the party identified in the implicit certificate. This does not rule out the possibility that nobody knows the private key, but this possibility is not considered a major problem.

By comparison, traditional public-key certificates include a copy of the public key and the digital signature of the certification authority. Upon verification of the digital signature, the public key is "explicitly" verified, in the sense that the party identified in the certificate knows the associated private key and is the only party who can know the private key. Unlike an implicit certificate, there is no possibility that nobody knows the private key. For the purposes of this article, such certificates will be called "explicit" certificates.

Elliptic Curve Qu-Vanstone (ECQV) are one kind of implicit certificates. This article will use ECQV as a concrete example to illustrate implicit certificates.

The cryptographic portion of an ECQV implicit certificate is the size of an elliptic curve point, making it considerable smaller than a comparable explicit certificate. Smaller certificates are useful in highly constrained environments, such as Radio-frequency Identification RFID tags, where not a lot of memory or bandwidth is available.

Digital certificates are considered the best-known method of establishing identity in network communications. A certificate provides a binding between identity information and a public key; a key pair can subsequently be used for key exchange to set up secured communications and for digital signatures, to authenticate users or transactions for example.

Conventional explicit certificates are made up of three parts: identification data, a public key and a digital signature which binds the public key to the user’s identification data (ID). The digital certificate is created by a trusted third party and its signature can be independently verified by anyone in the network. The public key, ID and digital signature are distinct data elements which make the up the physical size of the certificate. Conventional certificates can get very large. For example, a standard X.509 certificate is on the order of 1KB in size (~8000 bits).

Implicit certificates carry the same data (ID, public key and digital signature) but the data elements are super imposed into a string the size of the public key. For example using an elliptic curve system at 160 bits would give us implicit certificates of size 160 bits.

With implicit certificates there is no explicit validation of the Certificate Authority's (CA’s) signature on a certificate. Instead, a user computes a public key from the implicit certificate and simply uses it in the intended ECC operation e.g. key agreement protocols such as ECDH and ECMQV, or signing such as ECDSA. The operation will fail if the certificate is invalid. Thus ECQV is regarded as an implicit validation scheme. Computing the public key is very fast, much faster than a public key operation.

Generating Implicit Certificates

Initially the elliptic curve parameters must be agreed upon. We define G , as a generating point of order n ,. The Certificate Authority (CA) will have private key c , and public key Q_{CA} = cG ,. Alice will be the user who requests the implicit certificate from the CA.

# Alice generates a random integer a , and computes aG , and sends that to the CA. The CA does all the rest.
# CA Select a random integer k , from [1, n-1] , and computes kG ,.
# CA computes gamma = aG + kG , (this is the implicit certificate)
# CA computes e = extrm{H}(gamma parallel extrm{ID}_A) ,, where extrm{H} , is a cryptographic hash function, such as SHA and extrm{ID}_A , is Alice's identifying information.
# CA computes s = ek + c pmod{n} ,
# CA sends (s, gamma) , to Alice

Alice’s private key is alpha = ea + s pmod{n} ,

Alice’s public key is Q_A = egamma + Q_{CA} ,

Computing the Public Key from the Implicit Certificate

Computing Alice's public key Q_A , can be computed by any third party provided they know gamma ,, extrm{ID}_A , and Q_{CA} ,.

Note that the size of the implicit certificate gamma , is the same size as Alice's public key Q_{CA} ,.


A security proof for ECQV has been published.


* Darrel Hankerson, Alfred Menezes and Scott Vanstone, "Guide to Elliptic Curve Cryptography, Springer", Springer, 2004.
* Certicom Research, [,docs_draft] "Standards for efficient cryptography, SEC 4: Elliptic Curve Cryptography", Draft document , November 11, 2006.
*, [,cc&issue=2-2&&article=3] "Explaining Implicit Certificates", Code and Cipher Vol. 2, no. 2
* Leon Pintsov and Scott Vanstone, "Postal Revenue Collection in the Digital Age", Financial Cryptography 2000, Lecture Notes in Computer Science 1962, pp. 105-120, Springer, February 2000.
* Daniel R. L. Brown, Robert P. Gallant and Scott A. Vanstone, "Provably Secure Implicit Certificate Schemes", Financial Cryptography 2001, Lecture Notes in Computer Science 2339, pp. 156-165, Springer, February 2001. [ Preprint (postscript)]

ee also

* Elliptic curve cryptography

Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Pilot licensing in Canada — is governed by Transport Canada in accordance with the Aeronautics Act and the Canadian Aviation Regulations (CARs). A person may operate an aircraft or act as a flight crew member only with a licence issued by Transport Canada. Personnel… …   Wikipedia

  • ECONOMIC AFFAIRS — THE PRE MANDATE (LATE OTTOMAN) PERIOD Geography and Borders In September 1923 a new political entity was formally recognized by the international community. Palestine, or Ereẓ Israel as Jews have continued to refer to it for 2,000 years,… …   Encyclopedia of Judaism

  • china — /chuy neuh/, n. 1. a translucent ceramic material, biscuit fired at a high temperature, its glaze fired at a low temperature. 2. any porcelain ware. 3. plates, cups, saucers, etc., collectively. 4. figurines made of porcelain or ceramic material …   Universalium

  • China — /chuy neuh/, n. 1. People s Republic of, a country in E Asia. 1,221,591,778; 3,691,502 sq. mi. (9,560,990 sq. km). Cap.: Beijing. 2. Republic of. Also called Nationalist China. a republic consisting mainly of the island of Taiwan off the SE coast …   Universalium

  • ZIONISM — This article is arranged according to the following outline: the word and its meaning forerunners ḤIBBAT ZION ROOTS OF ḤIBBAT ZION background to the emergence of the movement the beginnings of the movement PINSKER S AUTOEMANCIPATION settlement… …   Encyclopedia of Judaism

  • Christianity — /kris chee an i tee/, n., pl. Christianities. 1. the Christian religion, including the Catholic, Protestant, and Eastern Orthodox churches. 2. Christian beliefs or practices; Christian quality or character: Christianity mixed with pagan elements; …   Universalium

  • Puerto Rico — This article is about the Commonwealth of Puerto Rico. For other uses, see Puerto Rico (disambiguation). Commonwealth of Puerto Rico Estado Libre Asociado de Puerto Rico …   Wikipedia

  • Reputation management — is the process of tracking an entity s actions and other entities opinions about those actions; reporting on those actions and opinions; and reacting to that report creating a feedback loop. All entities involved are generally people, but that… …   Wikipedia

  • FTPS — (commonly referred to as FTP/SSL) is a name used to encompass a number of ways in which FTP software can perform secure file transfers. Each way involves the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or… …   Wikipedia

  • United States — a republic in the N Western Hemisphere comprising 48 conterminous states, the District of Columbia, and Alaska in North America, and Hawaii in the N Pacific. 267,954,767; conterminous United States, 3,022,387 sq. mi. (7,827,982 sq. km); with… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”