WANG Ji-lin,CHEN Xiao-feng,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.04.010

2006-01-01

Abstract:Exchange of digitally signed certificates was often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions.Automated trust negotiation(ATN) was an approach to regulate the flow of sensitive information during such an exchange.But ATN cannot handle cyclic policy interdependency satisfactorily.Oblivious signature-based envelope(OSBE) is a scheme to solve this problem.However,the existed scheme could only be implemented on a secure channel.An efficient OSBE scheme without the secure channel is proposed using the ideas of identity-based systems and certificate-based encryption,which satisfies all the properties required by OSBE such as soundness and oblivious et al.Also,the scheme can achieve the desired security notations in the random oracle model.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Chandrasekaran Pandurangan,Akash Gautam,Sangeetha Jose

DOI: https://doi.org/10.22667/JOWUA.2014.03.31.122

Abstract:Blind signatures have key role in real world applications like e-cash, e-voting etc. The first blind signature was proposed by Chaum under public key infrastructure(PKI) model. The inherent problem in PKI is the certificate management which is overcome by identity(ID) based system. The ID based system is susceptible to key escrow problem. By removing the inherent problems of both PKI and ID based cryptosystems, Al Riyami et al. proposed a new cryptosystem called certificateless cryptosystem. Certificateless blind signature overcomes inherent key escrow problem in identity based blind signatures and does not require expensive certificates as in the public key infrastructure. Even though different certificateless blind signatures are proposed in the literature, rigorous formal proof is absent for all the proposals. Therefore in this paper we propose a new efficient provably secure certificateless blind signature scheme whose security can be proven to be equivalent to solving computational Diffie-Hellman (CDH) and chosen-target CDH problem in the random oracle model. As per our knowledge, our scheme is the only certificateless blind signature scheme which is proven to be strongly unforgeable and satisfies blindness property.

Computer Science

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yiming Mou,Lunzhi Deng,Yu Ruan

DOI: https://doi.org/10.1002/cpe.8321

2024-10-31

Concurrency and Computation Practice and Experience

Abstract:Certificateless cryptography, which solves the key escrow problem and avoids the complexity of certificate management, is an important part of public key cryptography. In the multi‐user scenarios, broadcast encryption can improve computational efficiency and reduce communication cost. Moreover, there may be some malicious users in the above scenarios, and the decryption permissions of these users need an effective mechanism to revoke them. In this paper, a revocable certificateless encryption scheme for multi‐user (RCLE‐MU) is proposed to address this issue. In the scheme, the Cloud Server Provider (CSP) utilizes the master time key to periodically generate time keys for legitimate users. For illegitimate users, their decryption privileges are revoked since they are unable to obtain the time keys. Then this new scheme is proved to be ciphertext indistinguishable under selected identity and chosen‐ciphertext attacks (sID‐CCAs). Finally, compared with several other schemes, the new scheme has more efficiency advantage. So it is suitable for multi‐user scenarios.

computer science, theory & methods, software engineering

Qiu Zhang,Yinxia Sun,Yang Lu,Guoqiang Zhang

DOI: https://doi.org/10.1016/j.jisa.2024.103892

IF: 4.96

2024-10-24

Journal of Information Security and Applications

Abstract:Cloud computing has revolutionized in the healthcare industry, particularly in the management and accessibility of Electronic health records (EHR). However, maintaining the integrity and authenticity of EHR in cloud environments remains a crucial concern. To tackle this challenge, certificateless proxy re-signature is a promising cryptographic primitive for developing a practical EHR sharing system in the cloud. User revocation is a necessary issue in such system, but revocation introduces a new challenge, namely the continued validity of signatures from revoked users. A conventional method to solve this problem is to make the unrevoked users re-sign those valid EHR by using their current signing keys, which brings a lot of burden to the users. Therefore, we should establish an efficient mechanism to ensure that only signatures of valid data from non-revoked users can pass verification. In this paper, we propose a notion called revocable certificateless proxy re-signature with signature evolution (RCLPRS-SE), which allows for dynamic management of users and the ability to update signatures efficiently in accordance with evolving data requirements. We present a concrete construction of RCLPRS-SE and provide formal security proofs in the standard model. Compared with the existing related works, our scheme has a significant advantage in terms of signature updating efficiency.

computer science, information systems

Haomin Yang,Yaoxue Zhang,Yuezhi Zhou

DOI: https://doi.org/10.1109/wicom.2012.6478268

2012-01-01

Abstract:Certificateless public key cryptography has appealing features, namely it does not require the use of certificates and yet does not have a private key escrow property. In this paper, we propose a certificateless challenge-response signature scheme from bilinear pairings and a dual version of it, and prove these schemes secure under the bilinear Diffie-Hellman assumption in the random oracle model. Using the signatures as blocking blocks, we propose a certificateless two-party key agreement protocol. The proposed key agreement protocol preserves the desirable security properties. The protocol requires each party to compute one pairing operation, three scalar multiplications and no modular exponentiation. Compared with the other related protocols, the protocol has advantages in both security and computational efficiency.

Yan Wu,Hu Xiong,Chuanjie Jin

DOI: https://doi.org/10.1007/s11235-019-00623-2

2019-10-24

Telecommunication Systems

Abstract:Proxy re-signature (PRS) allows a semi-trusted proxy served as a translator to transform a signature of delegatee into a signature of delegator on the same message. The heavy overhead of certificate management and the key escrow problem hinder the development of the public key infrastructure-based PRS scheme and the identity (ID)-based PRS, respectively. Featured with the certificate-free and escrow-free properties, certificateless PRS (CL-PRS) has attracted great attention from researchers. However, none of the existing CL-PRS satisfies the multi-use and unidirectional properties. Motivated by the practical applications with long signing chains and the untrusted relationship between two parties, it is desirable to construct a CL-PRS scheme with multi-use and unidirectional properties. This paper proposes the first multi-use unidirectional CL-PRS scheme based on the bilinear pairing. The presented scheme is proved to be secure based on the extended computational Diffie–Hellman assumption under the random oracle model. Performance evaluations demonstrate that our scheme is superior to related works.

telecommunications

Guilin Wang,Fubiao Xia,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-25516-8_28

2011-01-01

Abstract:After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer . If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification , in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analyzed in generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.

Denis Roio,Rebecca Selvaggini,Gabriele Bellini,Andrea D'Intino

2024-08-16

Abstract:Ensuring privacy and protection from issuer corruption in digital identity systems is crucial. We propose a method for selective disclosure and privacy-preserving revocation of digital credentials using second-order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. We make holders able to present proofs of possession of selected credentials without disclosing them, and we protect their presentations from replay attacks. Revocations may be distributed among multiple revocation issuers using publicly verifiable secret sharing (PVSS) and activated only by configurable consensus, ensuring robust protection against issuer corruption. Our system's unique design enables extremely fast revocation checks, even with large revocation lists, leveraging optimized hash map lookups.

Cryptography and Security

Xinyi Luo,Zhuo Xu,Kaiping Xue,Qiantong Jiang,Ruidong Li,David Wei

DOI: https://doi.org/10.1109/icdcs54860.2022.00121

2022-01-01

Abstract:As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Fan Zhang,Philip Daian,Iddo Bentov

2018-01-01

Abstract:Conventional (M,N )-threshold signature schemes leave users with a painful choice. SettingM = N offers maximum resistance to key compromise. With this choice, though, loss of a single key renders the signing capability unavailable, creating paralysis in systems that use signatures for access control. Lower M improves availability, but at the expense of security. For example, a (3, 3)-multisignature cryptocurrency wallet experiences access-control paralysis upon loss of a single key, but a (2, 3)-multisig allows any two players to collude and steal funds from the third. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. Our schemes permit, e.g., a (3, 3)-multisig, to be downgraded to a (2, 3)multisig if a player goes missing. This downgrading is secure in the sense that it occurs only if a player is provably unavailable. Our main tool is what we call a Paralysis Proof, evidence that players, i.e., key holders, are unavailable or incapacitated. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System, which can securely and flexibly update target access structures without a trusted third party such as a system administrator. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorshipresistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and define and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. Paralysis Proofs can help address pervasive key-management challenges in many different settings. We present DASS schemes for three important example use cases: recovery of cryptocurrency funds should players become unavailable, returning funds to users when cryptocurrency custodians fail, and remediating critical smartcontract failures such as frozen funds. We report on practical implementations for Bitcoin and Ethereum.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Haibin Chen,Lei Zhang,Junyuan Xie,Chongjun Wang

DOI: https://doi.org/10.1109/TrustCom.2016.82

2016-01-01

Abstract:As a new paradigm, certificateless public key cryptography was introduced by AI-Riyami and Paterson. It resolves the high cost of certificate in the traditional public key cryptography and the inherent key escrow problem in the identity-based cryptography. Due to the advantages of certificateless public key cryptography, a new efficient certificateless blind signature scheme from bilinear maps is proposed, which requires less computational effort by comparing with previous constructions. The number of pairing operations in the signing and verification phase of our scheme is only one. This is probably the best to achieve in pairing based signature schemes. Furthermore, we show that the proposed scheme is provably secure in the random oracle model. The security of our scheme is proven based on the hardness of q-Strong Diffie-Hellman problem and the Inverse Computational Diffie-Hellman problem.

Lucas Mayr,Gustavo Zambonin,Frederico Schardong,Ricardo Custódio

2024-08-02

Abstract:Electronic documents are signed using private keys and verified using the corresponding digital certificates through the well-known public key infrastructure model. Private keys must be kept in a safe container so they can be reused. This makes private key management a critical component of public key infrastructures with no failproof answer. Therefore, existing solutions must employ cumbersome and often expensive revocation methods to handle private key compromises. We propose a new cryptographic key management model built with long-term, irrevocable digital certificates, each bound to a single document. Our model issues a unique digital certificate for each new document to be signed. We demonstrate that private keys associated with these certificates should be deleted after each signature, eliminating the need to store those keys. Furthermore, we show that these certificates do not require any revocation mechanism to be trusted. We analyze the overhead caused by the frequent generation of new key pairs for each document, provide a security overview and show the advantages over the traditional model.

Cryptography and Security

Chengyuan Zhang,Changqing An,Tao Yu,Zhiyan Zheng,Jilong Wang

DOI: https://doi.org/10.1109/noms59830.2024.10575605

2024-01-01

Abstract:The validity and efficiency of certificate revocation in today's web Public Key Infrastructure (PKI) are consistently overlooked. In this paper, we analyse current certificate revocation schemes from the perspective of Certificate Authorities (CAs) and browsers. We find that the average size of CRL files collected from popular CAs can be as large as 2MB and the average response time of OCSP is around 430ms, which means that the time overhead brought by current certificate revocation schemes is not negligible. Moreover, browsers often fail to perform the revocation check correctly and allow websites to use revoked certificates, which can help attackers to launch man-in-the-middle attacks using fraudulent certificates.We also summarise existing problems and propose a novel certificate revocation scheme utilizing DNS resource records for efficient and privacy-preserving distribution. We have implemented a prototype to evaluate the performance of our scheme, and test results show that our scheme is time-efficient and able to withstand realistic workloads. We hope that our work can stimulate further discussion of the problems in Web PKI.

Bargav Jayaraman,Hannah Li,David Evans

DOI: https://doi.org/10.48550/arXiv.1706.03370

2017-10-10

Abstract:The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its value is based on trust in the corresponding public key which is primarily distributed by browser vendors. Compromise of a CA private key represents a single point-of-failure that could have disastrous consequences, so CAs go to great lengths to attempt to protect and control the use of their private keys. Nevertheless, keys are sometimes compromised and may be misused accidentally or intentionally by insiders. We propose splitting a CA's private key among multiple parties, and producing signatures using a generic secure multi-party computation protocol that never exposes the actual signing key. This could be used by a single CA to reduce the risk that its signing key would be compromised or misused. It could also enable new models for certificate generation, where multiple CAs would need to agree and cooperate before a new certificate can be generated, or even where certificate generation would require cooperation between a CA and the certificate recipient (subject). Although more efficient solutions are possible with custom protocols, we demonstrate the feasibility of implementing a decentralized CA using a generic two-party secure computation protocol with an evaluation of a prototype implementation that uses secure two-party computation to generate certificates signed using ECDSA on curve secp192k1.

Cryptography and Security

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Kai Zhang,Zirui Guo,Liangliang Wang,Lei Zhang,Lifei Wei

DOI: https://doi.org/10.1016/j.csi.2024.103848

IF: 3.721

2024-08-01

Computer Standards & Interfaces

Abstract:Provable Data Possession (PDP) has gained widespread adoption for ensuring the integrity of data in remote cloud storage, where a data owner can delegate a third party auditor (TPA) to perform data auditing. To eliminate key escrow problem or complicated certificate management in classic solutions, numerous certificateless PDP schemes have been proposed while they failed to achieve efficient user revocation and protect user identity privacy. Therefore, we propose ReCIP, a revocable certificateless PDP scheme with identity privacy, where a TPA can perform public data integrity batch verification for a user while learning no useful knowledge about user identity privacy. Technically, we introduce a new user revocation strategy that directly revokes users’ secret keys, with no correlation to the number of data blocks in place for revocation time cost. To further boost the efficiency of ReCIP, we employ a semi-generic online–offline strategy to obtain an online–offline ReCIP (ReCIPoo) to reduce the time cost of tag generation. Moreover, we conduct a formal security proof of ReCIP, where the security is reduced to simple computational Diffie–Hellman problem and discrete logistic problem. Compared to state-of-the-art solutions, our ReCIPoo achieves comparable computation and communication cost while still achieving user revocation and protecting user identity privacy.

computer science, software engineering, hardware & architecture