In the traditional identity-based cryptography, a user, who holds multiple identities, has to manage multiple private keys, where each private key is associated with an identity. In this paper, we present a key agreement protocol, which allows a single private key to map multiple public keys (identities) that are selectable by the user. That is, the established session key is associated with an arbitrary subset of identities held by the user, while the unselected identities remain secret to other participants. As a bonus, our scheme can be considered as a credential-based key agreement, where the unique private key can be treated as a credential of the user and the user only proves that his credential is associated with some selected identities. We prove that our scheme is secure in the random oracle model.

• 出版日期2011-2
• 单位北京航空航天大学