Certificate-based cryptography and ID-based cryptography have been designed under different theoretical backgrounds and they have their own advantages and drawbacks, but there have been few works which try to provide them together in an efficient way. Chen et al. [4] considered a hybrid scheme of public key infrastructure (PKI) and ID-based encryption (IBE), and also discussed various trust relationship among multiple authorities, but they have not discussed more in-depth implementation issues

more »

... f the hybrid scheme. In IDbased cryptography issuing private keys to users in escrowfree way had been an important issue. Lee et al. [12] , [13] proposed a unique private key issuing protocol in the singleauthority multiple-observer (SAMO) model which can reduce the user authentication load a lot, but these schemes are subject to several attacks due to the lack of verifiable authentication of protocol messages [11] . In this paper we show that these two problems can be solved by combining certificate-based and ID-based cryptography. In the proposed scheme certificate is issued to user for user-chosen public key and ID-based private key is issued to user through a private key issuing protocol. In the private key issuing protocol user is authenticated using the certificate and protocol messages are blinded using the certified public key of the user, thus the private key issuing protocol becomes private and also verifiable, which solves the authentication problem of [13] . We further present the concept of unified public key infrastructure (UPKI) in which both certificate-based and ID-based cryptosystems are provided to users in a single framework. We also show that if interactions between end users are mainly executed using ID-based cryptography, then end users don't need to manage other end users' certificates, which is a great efficiency gain than traditional PKI.