Authenticated key exchange protocol with selectable identities.

In the traditional identity-based cryptography, a user, who holds multiple identities, has to manage multiple private keys, where each private key is associated with an identity. In this paper, we present a key agreement protocol, which allows a single private key to map multiple public keys (identities) that are selectable by the user. That is, the established session key is associated with an arbitrary subset of identities held by the user, while the unselected identities remain secret to other participants. As a bonus, our scheme can be considered as a credential-based key agreement, where the unique private key can be treated as a credential of the user and the user only proves that his credential is associated with some selected identities. We prove that our scheme is secure in the random oracle model. Copyright © 2010 John Wiley & Sons, Ltd. To avoid managing multiple private keys for a user who holds multiple identities in the identity-based cryptography, this paper presents a key agreement protocol, which allows a single private key to map multiple public keys (identities) that are selectable by the user. That is, the established session key is associated with an arbitrary subset of identities held by the user, while the unselected identities remain secret to other participants. We prove that our scheme is secure in the random oracle model. [ABSTRACT FROM AUTHOR]