Main Page: Difference between revisions

From formulasearchengine
Jump to navigation Jump to search
No edit summary
mNo edit summary
Line 1: Line 1:
{{About||the green vehicle|Triac (car)|triiodothyroacetic acid|Tiratricol}}
'''ID-based encryption''' (or '''identity-based encryption (IBE)''') is an important primitive of [[ID-based cryptography]]. As such it is a type of [[public-key encryption]] in which the [[public key]] of a user is some unique information about the identity of the user (e.g. a user's email address).  This can use the text-value of the name or domain name as a key or the physical IP address it translates to.


[[Image:triac.svg|thumb|TRIAC schematic symbol]]
The first implementation of an email-address based PKI was developed by [[Adi Shamir]] in 1984,<ref name="iseca.org">Adi Shamir, [http://www.iseca.org/modules/mydownloads/visit.php?cid=56&lid=33 Identity-Based Cryptosystems and Signature Schemes]. ''Advances in Cryptology: Proceedings of CRYPTO 84, Lecture Notes in Computer Science'', 7:47--53, 1984</ref> which allowed users to verify [[digital signature]]s using only public information such as the user's identifier. 


'''TRIAC''', from '''Triode for Alternating Current''', is a [[genericized tradename]] for an [[electronic component]] that can conduct [[electric current|current]] in either direction when it is triggered (turned on), and is formally called a '''bidirectional triode thyristor''' or '''bilateral triode thyristor'''.
ID-based encryption was proposed by [[Adi Shamir]] in 1984.<ref name="iseca.org"/> He was however only able to give an instantiation of [[ID-based cryptography|identity-based signatures]]. Identity-based encryption remained an open problem for many years. One example of the research leading up to identity-based encryption is provided in Maurer.<ref>Ueli M. Maurer: Protocols for Secret Key Agreement by Public Discussion Based on Common Information. CRYPTO 1992: 461-470</ref>


TRIACs belong to the [[thyristor]] family and are closely related to [[Silicon-controlled rectifier]]s (SCR). However, unlike SCRs, which are unidirectional devices (i.e. can conduct current only in one direction), TRIACs are bidirectional and so current can flow through them in either direction. Another difference from SCRs is that TRIACs can be triggered by either a positive or a negative current applied to its ''gate'' electrode, whereas SCRs can be triggered only by currents going into the gate. In order to create a triggering current, a positive or negative voltage has to be applied to the gate with respect to the A1 terminal (otherwise known as MT1).  
The [[pairing-based cryptography|pairing]]-based [[Boneh–Franklin scheme]]<ref>Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing ''Advances in Cryptology - Proceedings of CRYPTO 2001'' (2001)</ref> and [[Cocks IBE scheme|Cocks's encryption scheme]]<ref>Clifford Cocks, [http://groups.csail.mit.edu/cis/crypto/classes/6.876/papers/cocks-IBE.pdf An Identity Based Encryption Scheme Based on Quadratic Residues], ''Proceedings of the 8th IMA International Conference on Cryptography and Coding'', 2001</ref> based on [[quadratic residue]]s both solved the IBE problem in 2001.


Once triggered, the device continues to conduct until the current drops below a certain threshold, called the [[Silicon controlled rectifier#Modes_of_operation|holding current]].  
==Usage==
Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string.  A trusted third party, called the [[Private Key Generator]] (PKG), generates the corresponding private keys.  To operate, the PKG first publishes a master public key, and retains the corresponding '''master private key''' (referred to as ''master key'').  Given the master public key, any party can compute a public key corresponding to the identity ''ID'' by combining the master public key with the identity value.  To obtain a corresponding private key, the party authorized to use the identity ''ID'' contacts the PKG, which uses the master private key to generate the private key for identity ''ID''.


The bidirectionality makes TRIACs very convenient switches for AC circuits, also allowing them to control very large power flows with [[Ampere|milliampere]]-scale gate currentsIn addition, applying a trigger pulse at a controlled phase angle in an AC cycle allows one to control the percentage of current that flows through the TRIAC to the load ([[phase control]]), which is commonly used, for example, in controlling the speed of low-power [[induction motors]], in dimming lamps and in controlling AC heating resistors.
As a result, parties may encrypt messages (or verify signatures) with no prior distribution of keys between individual participants.  This is extremely useful in cases where pre-distribution of authenticated keys is inconvenient or infeasible due to technical restraintsHowever, to decrypt or sign messages, the authorized user must obtain the appropriate private key from the PKG.  A caveat of this approach is that the PKG must be highly trusted, as it is capable of generating any user's private key and may therefore decrypt (or sign) messages without authorization.  Because any user's private key can be generated through the use of the third party's secret, this system has inherent [[key escrow]]. A number of variant systems have been proposed which remove the escrow including [[certificate-based encryption]],<ref>Craig Gentry [http://eprint.iacr.org/2003/183.pdf Certificate-Based Encryption and the Certificate Revocation Problem] ''Advances in Cryptology - Proceedings of EUROCRYPT 2003'' (2003)</ref> [[secure key issuing cryptography]]<ref>{{cite conference | first1 = Byoungcheon | last1 = Lee | first2 = Colin | last2 = Boyd | first2 = Ed | last2 = Dawson | first3 = Kwangjo | last3 = Kim | first4 = Jeongmo | last4 = Yang | first5 = Seungjae | last5 = Yoo | id = {{citeseerx|10.1.1.6.337}} | title = Secure Key Issuing in ID-based Cryptography | copnference = ACS Conferences in Research and Practice in Information Technology - Proceedings of the Second Australian Information Security Workshop-AISW 2004 | year = 2004 }}</ref> and [[certificateless cryptography]].<ref>SS Al-Riyami, KG Paterson [http://www.springerlink.com/index/4WC47ELK7FP8XWTY.pdf Certificateless Public Key Cryptography] ''Advances in Cryptology - Proceedings of ASIACRYPT 2003'' (2003)</ref>
The steps involved are depicted in this diagram:[[Image:ID Based Encryption.png|center|thumb|600px|ID Based Encryption: Offline and Online Steps]]


==Physics of the device==
==Protocol framework==
{{anchor|figure1}}{{Gallery
[[Dan Boneh]] and [[Matthew K. Franklin]] defined a set of four algorithms that form a complete IBE system:
|width=350
* '''Setup''': This algorithm is run by the PKG one time for creating the whole IBE environment. The master key is kept secret and used to derive users' private keys, while the system parameters are made public. It accepts a [[security parameter]] <math>\textstyle k</math> (i.e. binary length of key material) and outputs:
|height=265
# A set <math>\textstyle \mathcal{P}</math> of system parameters, including the [[message space]] and [[ciphertext space]] <math>\textstyle \mathcal{M}</math> and <math>\textstyle \mathcal{C}</math>,
|lines=2
# a master key <math>\textstyle K_m</math>.
|align=right
|Image:TRIAC Equivalent Circuit.png|alt1=Figure 1: Triggering modes.|Figure 1: Triggering modes.
|File:Triac structure.svg|alt2=Figure 2: TRIAC semiconductor construction.|Figure 2: TRIAC semiconductor construction.
}}
To explain how TRIACs work, one has to individually analyze the triggering in each one of the four quadrants. The four quadrants are illustrated in Figure 1, according to the voltage on the gate and the A2 terminals with respect to the A1 terminal. The A1 and A2 terminals are sometimes referred to as MT1 and MT2, respectively.<ref name="ThyristorTheory"/>


The relative sensitivity depends on the physical structure of a particular triac, but as a rule, quadrant I is the most sensitive (least gate current required) and quadrant IV is the least sensitive (most gate current required).{{Clarify|post-text=Why is Q-IV the least sensitive? See [[Talk:TRIAC#Request of explanation: why Q-IV is the least sensitive quadrant?|discussion]]| date=October 2011}}
* '''Extract''': This algorithm is run by the PKG when a user requests his private key. Note that the verification of the [[Authentication|authenticity]] of the requestor and the secure transport of <math>\textstyle d</math> are problems with which IBE protocols do not try to deal. It takes as input <math>\textstyle \mathcal{P}</math>, <math>\textstyle K_m</math> and an identifier <math>\textstyle ID \in \left\{0,1\right\}^*</math> and returns the private key <math>\textstyle d</math> for user <math>\textstyle ID</math>.


In quadrants 1 and 2, A2 is positive, and current flows from A2 to A1 through P, N, P and N layers.  The N region attached to A2 does not participate significantly.  In quadrants 3 and 4, A2 is negative, and current flows from A1 to A2, also through P, N, P and N layers.  The N region attached to A2 is active, but the N region attached to A1 only participates in the initial triggering, not the bulk current flow.
* '''Encrypt''': Takes <math>\textstyle \mathcal{P}</math>, a message <math>\textstyle m \in \mathcal{M}</math> and <math>\textstyle ID \in \left\{0,1\right\}^*</math> and outputs the encryption <math>\textstyle c \in \mathcal{C}</math>.


In most applications, the gate current comes from A2, so quadrants 1 and 3 are the only operating modes.
* '''Decrypt''': Accepts <math>\textstyle d</math>, <math>\textstyle \mathcal{P}</math> and <math>\textstyle c \in \mathcal{C}</math> and returns <math>\textstyle m \in \mathcal{M}</math>.
{{-}}


===Triggering in Quadrant I===
===Correctness constraint===
{{Gallery
In order for the whole system to work, one has to postulate that:
|width=220
|height=323
|lines=2
|align=right
|Image:Triac Quad I.svg|alt1=Figure 3: Operation in Quadrant I|Figure 3: Operation in Quadrant I
|Image:Triac Quad I like SCR.JPG|alt2=Figure 4: Equivalent electric circuit for a triac in Q-I operation mode.|Figure 4: Equivalent electric circuit for a triac in Q-I operation mode.
}}
Quadrant I operation occurs when the gate and A2/MT2 are positive with respect to A1/MT1. <sup>[[#figure1|Figure 1]]</sup>


The precise mechanism is illustrated in Figure 3. The gate current makes an equivalent NPN transistor switch on, which in turn draws current from the base of an equivalent PNP transitor, turning it on also. Part of the gate current (dotted line) is lost through the ohmic path across the p-silicon, flowing directly into MT1 without passing through the NPN transistor base.  In this case, the injection of holes in the p-silicon makes the stacked n, p and n layers beneath MT1 behave like a NPN transistor, which turns on due to the presence of a current in its base. This, in turn, causes the p, n and p layers over MT2 to behave like a PNP transistor, which turns on because its n-type base becomes forward-biased with the emitter (MT2). Thus, the triggering scheme is the same as an SCR and the equivalent circuit is outlined in Figure 4.
<math> \forall m \in \mathcal{M}, ID \in \left\{0,1\right\}^*: Decrypt\left(Extract\left(\mathcal{P}, K_m, ID\right), \mathcal{P}, Encrypt\left(\mathcal{P}, m, ID \right) \right) = m </math>


However, the structure is different from SCRs. In particular, in TRIACs there is always a small current flowing directly from the gate to MT1 through the p-silicon without passing through the p-n junction between the base and the emitter of the equivalent NPN transistor. This current is indicated in Figure 3 by a dotted red line and it is the reason why a TRIAC needs more gate current to turn on than a comparably rated SCR.<ref name="PowerElec"/>
==Encryption schemes==
The most efficient identity-based encryption schemes are currently based on [[Pairing|bilinear pairings]] on [[elliptic curves]], such as the [[weil pairing|Weil]] or [[Tate pairing|Tate]] pairings.  The first of these schemes was developed by [[Dan Boneh]] and [[Matthew K. Franklin]] (2001), and performs [[probabilistic encryption]] of arbitrary ciphertexts using an [[ElGamal encryption|Elgamal]]-like approach.  Though the [[BonehFranklinScheme|Boneh-Franklin scheme]] is [[Provable security|provably secure]], the security proof rests on relatively new assumptions about the hardness of problems in certain elliptic curve groups.


Generally, this quadrant is the most sensitive one of the four; this is because it is the only quadrant in which the gate current is injected directly into the base of one of the main device transistors.{{Clarify|post-text=Why is Q-I the most sensitive? See [[Talk:TRIAC#Request of explanation: why Q-IV is the least sensitive quadrant?|discussion]]| date=October 2011}}
Another approach to identity-based encryption was proposed by [[Clifford Cocks]] in 2001.  The [[Cocks IBE scheme]] is based on well-studied assumptions (the [[quadratic residuosity problem|quadratic residuosity assumption]]) but encrypts messages one bit at a time with a high degree of [[ciphertext expansion]]. Thus it is highly inefficient and impractical for sending all but the shortest messages, such as a session key for use with a [[symmetric cipher]].
{{-}}


===Triggering in Quadrant II===
== Advantages ==
{{Gallery
One of the major advantages of any identity-based encryption scheme is that if there are only a finite number of users, after all users have been issued with keys the third party's secret can be destroyed. This can take place because this system assumes that, once issued, keys are always valid (as this basic system lacks a method of [[key revocation]]).  The majority of derivatives of this system which have key revocation lose this advantage.
|width=220
|height=323
|lines=2
|align=right
|Image:Triac Quad II.JPG|alt1=Figure 5: Operation in Quadrant II|Figure 5: Operation in Quadrant II.
}}
Quadrant II operation occurs when the gate is negative and A2/MT2 is positive with respect to A1/MT1. <sup>[[#figure1|Figure 1]]</sup>


Figure 5 gives a graphical explanation of the triggering process. The turn-on of the device is three-fold and starts when the current from MT1 flows into the gate through the p-n junction under the gate. This switches on a structure composed by an NPN transistor and a PNP transistor, which has the gate as cathode (the turn-on of this structure is indicated by "1" in the figure). As current into the gate increases, the potential of the left side of the p-silicon under the gate rises towards MT1, since the difference in potential between the gate and MT2 tends to lower: this establishes a current between the left side and the right side of the p-silicon (indicated by "2" in the figure), which in turn switches on the NPN transistor under the MT1 terminal and as a consequence also the pnp transistor between MT2 and the right side of the upper p-silicon. So, in the end, the structure which is crossed by the major portion of the current is the same as Quadrant I operation ("3" in Figure 5).<ref name="PowerElec"/>
Moreover, as public keys are derived from identifiers, IBE eliminates the need for a public key distribution infrastructure. The [[Authentication|authenticity]] of the public keys is guaranteed implicitly as long as the transport of the private keys to the corresponding user is kept secure ([[Authentication#Computer_security|Authenticity]], [[Data integrity|Integrity]], [[Confidentiality]]).
{{-}}


===Triggering in Quadrant III===
Apart from these aspects, IBE offers interesting features emanating from the possibility to encode additional information into the identifier. For instance, a sender might specify an expiration date for a message. He appends this timestamp to the actual recipient's identity (possibly using some binary format like X.509).  When the receiver contacts the PKG to retrieve the private key for this public key, the PKG can evaluate the identifier and decline the extraction if the expiration date has passed. Generally, embedding data in the ID corresponds to opening an additional channel between sender and PKG with authenticity guaranteed through the dependency of the private key on the identifier.
{{Gallery
|width=220
|height=323
|lines=2
|align=right
|Image:Triac Quad III.JPG|alt1=Figure 6: Operation in Quadrant III|Figure 6: Operation in Quadrant III.
}}
Quadrant III operation occurs when the gate and A2/MT2 is negative with respect to MT1. <sup>[[#figure1|Figure 1]]</sup>


The whole process is outlined in Figure 6. The process happens in different steps here too. In the first phase, the pn junction between the MT1 terminal and the gate becomes forward-biased (step 1). As forward-biasing implies the injection of minority carriers in the two layers joining the junction, electrons are injected in the p-layer under the gate. Some of these electrons do not recombine and escape to the underlying n-region (step 2). This in turn lowers the potential of the n-region, acting as the base of a pnp transistor which switches on (turning the transistor on without directly lowering the base potential is called '''remote gate control'''). The lower p-layer works as the collector of this PNP transistor and has its voltage heightened: actually, this p-layer also acts as the base of an NPN transistor made up by the last three layers just over the MT2 terminal, which, in turn, gets activated. Therefore, the red arrow labeled with a "3" in Figure 6 shows the final conduction path of the current.<ref name="PowerElec"/>
== Drawbacks ==
{{-}}
* If a Private Key Generator (PKG) is compromised, all messages protected over the entire lifetime of the public-private key pair used by that server are also compromised. This makes the PKG a high value target to adversaries. To limit the exposure due to a compromised server, the master private-public key pair could be updated with a new independent key pair. However, this introduces a key-management problem where all users must have the most recent public key for the server.
* Because the Private Key Generator (PKG) generates private keys for users, it may decrypt and/or sign any message without authorisation.  This implies that IBE systems cannot be used for [[non-repudiation]].  This may not be an issue for organizations that host their own PKG and are willing to trust their system administrators and do not require non-repudiation.
* The issue of implicit key escrow does not exist with the current [[Public key infrastructure|PKI]] system wherein private keys are usually generated on the user's computer.  Depending on the context key escrow can be seen as a positive feature (e.g., within Enterprises). A number of variant systems have been proposed which remove the escrow including [[certificate-based encryption]], [[secret sharing]], [[secure key issuing cryptography]] and [[certificateless cryptography]].
* A secure channel between a user and the Private Key Generator (PKG) is required for transmitting the private key on joining the system. Here, a [[Secure Sockets Layer|SSL]]-like connection is a common solution for a large-scale system. It is important to observe that users that hold accounts with the PKG must be able to authenticate themselves. In principle, this may be achieved through username,password or through public key pairs managed on smart cards.
* IBE solutions may rely on cryptographic techniques that are insecure against code breaking [[quantum computer]] attacks (see [[Shor's algorithm]])


===Triggering in Quadrant IV===
==See also==
{{Gallery
*[[ID-based cryptography]]
|width=220
|height=323
|lines=2
|align=right
|Image:Triac Quad IV.JPG|alt1=Figure 7: Operation in Quadrant IV|Figure 7: Operation in Quadrant IV.
}}
Quadrant IV operation occurs when the gate is positive and A2/MT2 is negative with respect to MT1. <sup>[[#figure1|Figure 1]]</sup>


Triggering in this quadrant is similar to triggering in Quadrant III. The process uses a remote gate control and is illustrated in Figure 7. As current flows from the p-layer under the gate into the n-layer under MT1, minority carriers in the form of free electrons are injected into the p-region and some of them are collected by the underlying np-junction and pass into the adjoining n-region without recombining. As in the case of a triggering in Quadrant III, this lowers the potential of the n-layer and turns on the PNP transistor formed by the n-layer and the two p-layers next to it. The lower p-layer works as the collector of this PNP transistor and has its voltage heightened: actually, this p-layer also acts as the base of an NPN transistor made up by the last three layers just over the MT2 terminal, which, in turn, gets activated. Therefore, the red arrow labeled with a "3" in Figure 6 shows the final conduction path of the current.<ref name="PowerElec"/>
==References==
{{Reflist}}


Generally, this quadrant is the least sensitive of the four{{Clarify|post-text=Why is Q-IV the least sensitive? See [[Talk:TRIAC#Request of explanation: why Q-IV is the least sensitive quadrant?|discussion]]| date=October 2011}} In addition, some models of TRIACs cannot be triggered in this quadrant but only in the other three.
==External links==
* [http://www.crypto.rub.de/its_seminar_ws0708.html Seminar 'Cryptography and Security in Banking'/'Alternative Cryptology', Ruhr University Bochum]
* [http://www.ietf.org/rfc/rfc5091.txt RFC 5091 - the IETF RFC defining two common IBE algorithms]
* [http://www.hpl.hp.com/techreports/2003/HPL-2003-21.pdf HP Role-Based Encryption]
* [http://www.larc.usp.br/~pbarreto/pblounge.html The Pairing-Based Crypto Lounge]
* [http://www.voltage.com/vsn The Voltage Security Network - IBE encryption web service]
* [http://vsn.visus-it.com VSN Fully Managed Email Encryption Service - UK based IBE encryption web service]
* [http://www.ferris.com/2006/05/30/the-total-cost-of-ownership-for-voltage-identity-based-encryption-solutions/ Analyst report on the cost of IBE versus PKI]


== Typical issues ==
{{DEFAULTSORT:Id-Based Encryption}}
[[Category:Public-key cryptography]]
[[Category:Identity-based cryptography]]


There are some drawbacks one should know when using a TRIAC in a circuit. In this section, a few are summarized.
[[fr:Schéma basé sur l'identité]]
 
[[ko:신원 기반 암호]]
===Gate threshold current, latching current and holding current===
[[ja:IDベース暗号]]
 
A TRIAC starts conducting when a current flowing into or out of its gate is sufficient to turn on the relevant junctions in the quadrant of operation. The minimum current able to do this is called '''gate threshold current''' and is generally indicated by I<sub>GT</sub>. In a typical TRIAC, the gate threshold current is generally few milliampères, but one has to take into account also that:
 
* I<sub>GT</sub> depends on the temperature: indeed, the higher the temperature, the higher the reverse currents in the blocked junctions. This implies the presence of more free carriers in the gate region, which lowers the gate current needed.
* I<sub>GT</sub> depends on the quadrant of operation, since a different quadrant implies a different way of triggering, as explained in the section "Physics of the device". As a rule, the first quadrant is the most sensitive (i.e. requires the least current to turn on), whereas the fourth quadrant is the least sensitive.
* When turning on from an off-state, I<sub>GT</sub> depends on the voltage applied on the two main terminals MT1 and MT2. Higher voltage between MT1 and MT2 cause greater reverse currents in the blocked junctions requiring less gate current similar to high temperature operation. Generally, in datasheets, I<sub>GT</sub> is given for a specified voltage between MT1 and MT2.
 
When the gate current is discontinued, if the current flowing between the two main terminals is more than the so-called '''latching current,''' the device keeps conducting, otherwise the device might turn off. Latching current is the minimum that can make up for the missing gate current in order to keep the device internal structure latched. The value of this parameter varies with:
 
* gate current pulse (amplitude, shape and width)
* temperature
* control circuit (resistors or capacitors between the gate and MT1 increase the latching current because they steal some current from the gate before it can help the complete turn-on of the device)
* quadrant of operation
 
In particular, if the pulse width of the gate current is sufficiently large (generally some tens of microseconds), the TRIAC has completed the triggering process when the gate signal is discontinued and the latching current reaches a minimum level called '''holding current'''. Holding current is the minimum required current flowing between the two main terminals that keeps the device on after it has achieved commutation in every part of its internal structure.
 
In datasheets, the latching current is indicated as I<sub>L</sub>, while the holding current is indicated as I<sub>H</sub>. They are typically in the order of some milliampères.
 
=== Static dv/dt ===
A high d''v''/d''t'' between A2/MT2 and A1/MT1 may turn on the TRIAC when it is off. Typical values of critical static d''v''/d''t'' are in the tens of volts per microsecond.
 
The turn-on is due to a parasitic capacitive coupling of the gate terminal with the A2/MT2 terminal, which lets currents flow into the gate in response to a large rate of voltage change at A2/MT2. One way to cope with this limitation is to design a suitable RC or RCL [[snubber]] network. in many cases this is sufficient to lower the impedance of the gate towards A1/MT1. By putting a resistor or a small capacitor (or both in parallel) between these two terminals, the capacitive current generated during the transient, flows out of the device without activating it. A careful reading of the application notes provided by the manufacturer and testing of the particular device model to design the correct network is in order.  Typical values for capacitors and resistors between the gate and A1/MT1 may be up to 100nF and 10Ω up to 1kΩ.<ref name="AN3008"/>. Normal TRIACs, except for low-power types marketed as ''sensitive gate''<ref>{{cite web |url=http://www.onsemi.com/pub/Collateral/2N6071-D.PDF |title=2N6071A/B Series Sensitive Gate Triacs |publisher=Semiconductor Components Industries, LLC |accessdate=June 28, 2012}}</ref>, already have such a resistor built-in to safeguard against spurious dv/dt triggering. It should be noted that this will mask the gate's supposed diode-type behaviour when testing a TRIAC with a [[multimeter]].
 
In datasheets, the static d''v''/d''t'' is usually indicated as <math> \left (\frac{\operatorname{d}v}{\operatorname{d}t}\right )_s </math> and, as mentioned before, is in relation to the tendency of a TRIAC to turn on '''from the off state''' after a large voltage rate of rise even without applying any current in the gate.
 
===Critical di/dt===
 
A high rate of rise of the current flowing between A1/MT1 and A2/MT2 (in either direction) '''when the device is turning on''' can damage or destroy the TRIAC even if the pulse duration is very short. The reason is that during the commutation, the power dissipation is not uniformly distributed across the device. When switching on, the device starts to conduct current before the conduction finishes to spread across the entire junction. The device typically starts to conduct the current imposed by the external circuitry after some nanoseconds or microseconds but the complete switch on of the whole junction takes a much longer time, so too swift a current rise may cause local hot spots that can permanently damage the TRIAC.
 
In datasheets, this parameter is usually indicated as <math>\frac{\operatorname{d}i}{\operatorname{d}t}</math> and is typically in the order of the tens of ampère per microsecond.<ref name="ThyristorTheory"/>
 
===Commutating dv/dt and di/dt===
 
The commutating d''v''/d''t'' rating applies when a TRIAC has been conducting and attempts to turn off with a partially reactive load, such as an inductor. The current and voltage are out of phase, so when the current decreases below the holding value, the triac attempts to turn off, but because of the phase shift between current and voltage, a sudden voltage step takes place between the two main terminals, which turns the device on again.
 
In datasheets, this parameter is usually indicated as <math> \left ( \frac{\operatorname{d}v}{\operatorname{d}t} \right ) _c </math> and is generally in the order of up to some volts per microsecond.
 
The reason why '''commutating d''v''/d''t'' is less than static d''v''/d''t''''' is that, shortly before the device tries to turn off, there is still some excess minority charge in its internal layers as a result of the previous conduction. When the TRIAC starts to turn off, these charges alter the internal potential of the region near the gate and A1/MT1, so it is easier for the capacitive current due to d''v''/d''t'' to turn on the device again.
 
Another important factor during a commutation from on-state to off-state is the d''i''/d''t'' of the current from A1/MT1 to A2/MT2. This is similar to the recovery in standard diodes: the higher the d''i''/d''t'', the greater the reverse current. Because in the TRIAC there are parasitic resistances, a high reverse current in the p-n junctions inside it can provoke a voltage drop between the gate region and the A1/MT1 region which may make the TRIAC stay turned on.
 
In a datasheet, the commutating d''i''/d''t'' is usually indicated as <math> \left ( \frac{\operatorname{d}i}{\operatorname{d}t} \right ) _c </math> and is generally in the order of some ampères per microsecond.
 
The commutating d''v''/d''t'' is very important when the TRIAC is used to drive a load with a phase shift between current and voltage, such as an inductive load. Suppose one wants to turn the inductor off: when the current goes to zero, if the gate is not fed, the TRIAC attempts to turn off, but this causes a step in the voltage across it due to the afore-mentioned phase shift. If the commutating d''v''/d''t'' rating is exceeded, the device will not turn off.
 
==Application==
Low power TRIACs are used in many applications such as [[electric light|light]] [[dimmer]]s, speed controls for [[electric fan]]s and other [[electric motor]]s, and in the modern computerized control circuits of many household [[Small appliance|small]] and [[major appliance]]s.
 
However, when used with [[inductor|inductive]] loads such as electric fans, care must be taken to assure that the TRIAC will turn off correctly at the end of each half-cycle of the AC power. Indeed, TRIACs can be very sensitive to high values of dv/dt between A1/MT1 and A2/MT2, so a phase shift between current and voltage (as in the case of an inductive load) leads to sudden voltage step that can make the device turn on in an unwanted manner.<ref name="PowerElec"/>
 
Unwanted turn-ons can be avoided by using a snubber circuit (usually of the RC or RCL type) between A1/MT1 and A2/MT2. Snubber circuits are also used to prevent premature triggering, caused for example by voltage spikes in the mains supply.
 
Because turn-ons are caused by internal capacitive currents flowing into the gate as a consequence of a high voltage d''v''/d''t'', a gate resistor or capacitor (or both in parallel) may be connected between the gate and A1/MT1 to provide a low-impedance path to A1/MT1 and further prevent false triggering. This, however, increases the required trigger current or adds latency due to capacitor charging. On the other hand, a resistor between the gate and A1/MT1 helps draw leakage currents out of the device, thus improving the performance of the TRIAC at high temperature, where the maximum allowed d''v''/d''t'' is lower. Values of resistors less than 1kΩ and capacitors of 100nF are generally suitable for this purpose, although the fine-tuning should be done on the particular device model.<ref name="AN3008"/>
 
For higher-powered, more-demanding loads, two [[Silicon-controlled rectifier|SCRs]] in inverse parallel may be used instead of one TRIAC. Because each SCR will have an entire half-cycle of reverse polarity voltage applied to it, turn-off of the SCRs is assured, no matter what the character of the load. However, due to the separate gates, proper triggering of the SCRs is more complex than triggering a TRIAC.
 
In addition to commutation, a TRIAC may also not turn on reliably with non-resistive loads if the [[Phase_(waves)#Phase_shift|phase shift]] of the current prevents achieving [[Silicon_controlled_rectifier#Modes_of_operation|holding current]] at trigger time. To overcome that, [[pulse wave|pulse train]]s may be used to repeatedly try to trigger the TRIAC until it finally turns on. The advantage is that the gate current does not need to be maintained throughout the entire [[phase control|conduction angle]], which can be beneficial when there is only limited drive capability available.
 
== Example data ==
{| class="wikitable" style=text-align:center
|+ Some typical TRIAC specifications<ref name="nxp138">{{cite web |title=Philips Semiconductors Product specification Triacs BT138 series |url=http://www.nxp.com/acrobat_download/datasheets/BT138_SERIES_2.pdf}} 090119 nxp.com</ref><ref name="st3035/50">{{cite web |title=STMicroelectronics T3035H, T3050H Snubberless high temperature 30 A Triacs |url=http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/DATASHEET/CD00263568.pdf}} st.com 100922<!--Marcelodin--></ref>
|-
! Variable name      !! Parameter                            !! Typical value        !! {{nowrap|  Unit  }}
|-
| <math>V_{gt}</math>
|align=left| Gate threshold voltage             
|align=right| 1.5
| [[Volt|V]]
|-
| <math>I_{gt}</math>
|align=left| Gate threshold current             
|align=right| {{nowrap|10–50}}
| [[Ampere|mA]]
|-
| <math>V_{drm}</math>
|align=left| Repetitive peak off-state voltage 
|align=right| {{nowrap|600–800}}
| [[Volt|V]]
|-
| <math>I_{t}</math>
|align=left| [[Root mean square|RMS]] on-state current
|align=right| {{nowrap|4–40}}
| [[Ampere|A]]
|-
| <math>I_{tsm}</math>
|align=left| On-state current, non-repetitive peak
|align=right| {{nowrap|100–270}}
| [[Ampere|A]]
|-
| <math>V_{t}</math>
|align=left| On-state forward voltage
|align=right| {{nowrap|1.5}}
| [[Volt|V]]
|}
 
==Three-quadrant TRIAC==
A TRIAC which can only operate in quadrants I through III, and cannot be triggered in quadrant IV, has improved turn-off (commutation) characteristics.
 
These devices are made specifically for improved commutation when controlling a highly-inductive load, such as a motor or [[solenoid]], an application where normal TRIACs have problems due to high voltage/current angles; as soon as they turn off due to the current falling to zero, they experience a voltage spike which can turn them back on again. Most TRIACs' commutation with inductive loads can be improved by use of a [[snubber]] network, but these components are designed to often be able to dispense with need for such a circuit. This improvement is achieved at the expense of the ability to trigger the device in the 4th quadrant (negative voltage and positive gate current). However, this is usually no problem, because this trigger mode is seldom used since even normal TRIACs are least sensitive there.
 
The first were marketed by Thomson Semiconductors (now [[ST Microelectronics]]) under the name '''Alternistor''', and now sells additional models under the trademark "SNUBBERLESS".
 
[[Littelfuse]] also uses the name "Alternistor".  [[NXP Semiconductors]] calls them "High commutation" ('''Hi-Com''') TRIACs.
 
== See also ==
* [[Thyristor]]
* [[DIAC|Diode for alternating current (DIAC)]]
* [[Silicon-controlled rectifier|Silicon-controlled rectifier (SCR)]]
* [[Quadrac]]
 
== References ==
{{Reflist|refs=
<ref name="ThyristorTheory">"Thyristor Theory and Design Considerations", ON Semiconductor, available at [http://www.onsemi.com/pub/Collateral/HBD855-D.PDF www.onsemi.com/pub/Collateral/HBD855-D.PDF]</ref>
<ref name="PowerElec">M.D. Singh, K.B. Khanchandani, Power Electronics, Second Edition, Tata McGraw-Hill, New Delhi, 2007, pages 148-152</ref>
<ref name="AN3008">Application Note AN-3008, ''RC Snubber Networks for Thyristor Power Control and Transient Suppression'', Fairchild Semiconductor, available at http://www.fairchildsemi.com/an/AN/AN-3008.pdf, pages 1-5 </ref>
}}
 
== External links ==
{{Commons category|Triacs}}
*[http://www.st.com/stonline/products/families/thyristors_acswitch/thyristors.htm ST Triacs]
*[http://www.st.com/stonline/products/literature/an/3577.pdf ST application note]
*[http://knol.google.com/k/max-iskram/electronic-circuits-design-for/1f4zs8p9zgq0e/26 The TRIAC, basic functionality]
*[http://www.du.edu/~etuttle/electron/elect5.htm A site about thyristors]
{{Electronic component}}
 
{{DEFAULTSORT:Triac}}
[[Category:Solid state switches]]
[[Category:Power electronics]]
 
[[ar:ترياك]]
[[bg:Симистор]]
[[ca:Triac]]
[[cs:Triak]]
[[da:Triac]]
[[de:Triac]]
[[et:Sümistor]]
[[es:Triac]]
[[eu:Triac]]
[[fa:ترایاک]]
[[fr:Triac]]
[[hr:Trijak]]
[[id:TRIAC]]
[[it:Triac]]
[[hu:Triac]]
[[nl:Triac]]
[[no:Triac]]
[[pl:Triak]]
[[pt:TRIAC]]
[[ru:Симистор]]
[[sk:Triak]]
[[sr:Trijak]]
[[sh:Trijak]]
[[fi:Triac]]
[[sv:TRIAC]]
[[vi:TRIAC]]

Revision as of 17:00, 11 August 2014

ID-based encryption (or identity-based encryption (IBE)) is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user (e.g. a user's email address). This can use the text-value of the name or domain name as a key or the physical IP address it translates to.

The first implementation of an email-address based PKI was developed by Adi Shamir in 1984,[1] which allowed users to verify digital signatures using only public information such as the user's identifier.

ID-based encryption was proposed by Adi Shamir in 1984.[1] He was however only able to give an instantiation of identity-based signatures. Identity-based encryption remained an open problem for many years. One example of the research leading up to identity-based encryption is provided in Maurer.[2]

The pairing-based Boneh–Franklin scheme[3] and Cocks's encryption scheme[4] based on quadratic residues both solved the IBE problem in 2001.

Usage

Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use the identity ID contacts the PKG, which uses the master private key to generate the private key for identity ID.

As a result, parties may encrypt messages (or verify signatures) with no prior distribution of keys between individual participants. This is extremely useful in cases where pre-distribution of authenticated keys is inconvenient or infeasible due to technical restraints. However, to decrypt or sign messages, the authorized user must obtain the appropriate private key from the PKG. A caveat of this approach is that the PKG must be highly trusted, as it is capable of generating any user's private key and may therefore decrypt (or sign) messages without authorization. Because any user's private key can be generated through the use of the third party's secret, this system has inherent key escrow. A number of variant systems have been proposed which remove the escrow including certificate-based encryption,[5] secure key issuing cryptography[6] and certificateless cryptography.[7]

The steps involved are depicted in this diagram:

File:ID Based Encryption.png
ID Based Encryption: Offline and Online Steps

Protocol framework

Dan Boneh and Matthew K. Franklin defined a set of four algorithms that form a complete IBE system:

  • Setup: This algorithm is run by the PKG one time for creating the whole IBE environment. The master key is kept secret and used to derive users' private keys, while the system parameters are made public. It accepts a security parameter k (i.e. binary length of key material) and outputs:
  1. A set 𝒫 of system parameters, including the message space and ciphertext space and 𝒞,
  2. a master key Km.
  • Extract: This algorithm is run by the PKG when a user requests his private key. Note that the verification of the authenticity of the requestor and the secure transport of d are problems with which IBE protocols do not try to deal. It takes as input 𝒫, Km and an identifier ID{0,1}* and returns the private key d for user ID.

Correctness constraint

In order for the whole system to work, one has to postulate that:

m,ID{0,1}*:Decrypt(Extract(𝒫,Km,ID),𝒫,Encrypt(𝒫,m,ID))=m

Encryption schemes

The most efficient identity-based encryption schemes are currently based on bilinear pairings on elliptic curves, such as the Weil or Tate pairings. The first of these schemes was developed by Dan Boneh and Matthew K. Franklin (2001), and performs probabilistic encryption of arbitrary ciphertexts using an Elgamal-like approach. Though the Boneh-Franklin scheme is provably secure, the security proof rests on relatively new assumptions about the hardness of problems in certain elliptic curve groups.

Another approach to identity-based encryption was proposed by Clifford Cocks in 2001. The Cocks IBE scheme is based on well-studied assumptions (the quadratic residuosity assumption) but encrypts messages one bit at a time with a high degree of ciphertext expansion. Thus it is highly inefficient and impractical for sending all but the shortest messages, such as a session key for use with a symmetric cipher.

Advantages

One of the major advantages of any identity-based encryption scheme is that if there are only a finite number of users, after all users have been issued with keys the third party's secret can be destroyed. This can take place because this system assumes that, once issued, keys are always valid (as this basic system lacks a method of key revocation). The majority of derivatives of this system which have key revocation lose this advantage.

Moreover, as public keys are derived from identifiers, IBE eliminates the need for a public key distribution infrastructure. The authenticity of the public keys is guaranteed implicitly as long as the transport of the private keys to the corresponding user is kept secure (Authenticity, Integrity, Confidentiality).

Apart from these aspects, IBE offers interesting features emanating from the possibility to encode additional information into the identifier. For instance, a sender might specify an expiration date for a message. He appends this timestamp to the actual recipient's identity (possibly using some binary format like X.509). When the receiver contacts the PKG to retrieve the private key for this public key, the PKG can evaluate the identifier and decline the extraction if the expiration date has passed. Generally, embedding data in the ID corresponds to opening an additional channel between sender and PKG with authenticity guaranteed through the dependency of the private key on the identifier.

Drawbacks

  • If a Private Key Generator (PKG) is compromised, all messages protected over the entire lifetime of the public-private key pair used by that server are also compromised. This makes the PKG a high value target to adversaries. To limit the exposure due to a compromised server, the master private-public key pair could be updated with a new independent key pair. However, this introduces a key-management problem where all users must have the most recent public key for the server.
  • Because the Private Key Generator (PKG) generates private keys for users, it may decrypt and/or sign any message without authorisation. This implies that IBE systems cannot be used for non-repudiation. This may not be an issue for organizations that host their own PKG and are willing to trust their system administrators and do not require non-repudiation.
  • The issue of implicit key escrow does not exist with the current PKI system wherein private keys are usually generated on the user's computer. Depending on the context key escrow can be seen as a positive feature (e.g., within Enterprises). A number of variant systems have been proposed which remove the escrow including certificate-based encryption, secret sharing, secure key issuing cryptography and certificateless cryptography.
  • A secure channel between a user and the Private Key Generator (PKG) is required for transmitting the private key on joining the system. Here, a SSL-like connection is a common solution for a large-scale system. It is important to observe that users that hold accounts with the PKG must be able to authenticate themselves. In principle, this may be achieved through username,password or through public key pairs managed on smart cards.
  • IBE solutions may rely on cryptographic techniques that are insecure against code breaking quantum computer attacks (see Shor's algorithm)

See also

References

43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.

External links

fr:Schéma basé sur l'identité ko:신원 기반 암호 ja:IDベース暗号

  1. 1.0 1.1 Adi Shamir, Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology: Proceedings of CRYPTO 84, Lecture Notes in Computer Science, 7:47--53, 1984
  2. Ueli M. Maurer: Protocols for Secret Key Agreement by Public Discussion Based on Common Information. CRYPTO 1992: 461-470
  3. Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing Advances in Cryptology - Proceedings of CRYPTO 2001 (2001)
  4. Clifford Cocks, An Identity Based Encryption Scheme Based on Quadratic Residues, Proceedings of the 8th IMA International Conference on Cryptography and Coding, 2001
  5. Craig Gentry Certificate-Based Encryption and the Certificate Revocation Problem Advances in Cryptology - Proceedings of EUROCRYPT 2003 (2003)
  6. 55 years old Systems Administrator Antony from Clarence Creek, really loves learning, PC Software and aerobics. Likes to travel and was inspired after making a journey to Historic Ensemble of the Potala Palace.

    You can view that web-site... ccleaner free download
  7. SS Al-Riyami, KG Paterson Certificateless Public Key Cryptography Advances in Cryptology - Proceedings of ASIACRYPT 2003 (2003)