Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/ijict.2014.057968

2012-01-01

Abstract:Currently, short signature is receiving significant attention since it is particularly useful in low-bandwidth communication environments. However, most of the short signature schemes are only based on one intractable assumption. Recently, Su presented an identity-based short signature scheme based on knapsack and bilinear pairing. He claimed that the signature scheme is secure in the random oracle model. Unfortunately, in this paper, we show that his scheme is insecure. Concretely, an adversary can forge a valid signature on any message with respect to any identity in Su's scheme.

QI Ya-ping,LIU Wen-hua,YU Yong

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.24.034

2007-01-01

Abstract:Recently,Willy、Zhang and Yi proposed an identity-based strong designated verifier signature scheme(noted as WZY scheme) and gave the security proof of the scheme.Unfortunately,We find that their security proof is improper:in the proof of the unforgeability of the scheme,they supposed that the adversary has the secret key of the designated verifier.Under a simple assumption that the hash function is considered as an oracle that on each valid input known to the adversary beforehand produces a random value,a new proof that the unforgeability of WZY scheme relies on the Bilinear Diffie-Hellman Problem is given.

Debiao He,Mingwu Zhang,Baowen Xu

DOI: https://doi.org/10.1093/comjnl/bxu097

2014-01-01

The Computer Journal

Abstract:Recently, Gu et al. proposed an efficient identity-based proxy signature scheme and demonstrated their scheme was provably secure in the standard model. In this paper, we show their scheme is not secure against the malicious user through proposing three concrete attacks.

WU Huai,SUN Ying,XU Chun-xiang,WU Wei

DOI: https://doi.org/10.3969/j.issn.1001-0548.2013.06.022

2013-01-01

Abstract:The security of the identity-based ring signature scheme of [18] is analyzed in this paper. It is found that this scheme did not possess the unforgeability property. It is also shown that the proposed scheme is insecure against a new kind of forgery attack, i.e. the identity assembly forgery attack. With such an attack, an adversary is able to forge valid ring signatures on any message based on the features of its identity, and the identity of the adversary can be even not included in the ring of the forged signature.

Kwangsu Lee,Dong Hoon Lee

DOI: https://doi.org/10.1371/journal.pone.0128081

2014-11-18

Abstract:Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a single short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan {\it et al.} proposed an IBAS scheme with full aggregation in bilinear maps and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there exists an efficient forgery attacker on their IBAS scheme and their security proof has a serious flaw.

Cryptography and Security

Wuqiang Shen,Shaohua Tang,Lingling Xu

DOI: https://doi.org/10.1109/CSE.2013.66

2013-01-01

Abstract:Multivariate Public Key Cryptosystem (MPKC) is one of post-quantum cryptosystems which can potentially resist quantum computer attacks. It has increasingly been seen by some as a possible alternative to public key cryptosystems RSA, ECC, etc., which are widely in use today. Moreover, MPKC schemes are in general much more computationally efficient than number theoretic-based schemes. However, the oversize key poses obstacle on the calculation and transmission in MPKC. We notice the feature and benefit of the identity-based cryptography - the public key is directly gained from the user's identity information. Based on this, we consider introducing the identity-based semantics to MPKC, and it can cut down the size of public key of MPKC. Using the idea of constructing certificate-based Identity-Based Signature (IBS), we propose a novel and secure Identity-Based Unbalanced Oil-Vinegar (IBUOV) signature scheme based on the ordinary Unbalanced Oil-Vinegar (UOV) signature scheme. We provide the provable security to explain that our proposal is secure.

Jinyong Chang,Hui Ma,Anling Zhang,Maozhi Xu,Rui Xue

DOI: https://doi.org/10.1109/access.2019.2908244

IF: 3.9

2019-01-01

IEEE Access

Abstract:Recently, Lin et al. proposed a new primitive identity-based (IB) homomorphic signature scheme and presented an ingenious implement by using any IB-signature scheme as a building block. In this paper, we consider a new type of attack on their scheme: Related-key attack (RKA) is introduced by Bellare and Kohno in 2003 and widely considered for kinds of cryptographic primitives. Specifically, for the first time, we define the RKA security of IB-homomorphic signature scheme. By modifying the signing secret key as its linear form, we prove that Lin et al.’s IB-homomorphic signature scheme is not RKA secure. But a slight modification of it yields an RKA secure one under the original assumptions. We also present security proof in detail. However, we remark that the reason why RKA on Lin et al.’s scheme can be successful lies in that RKA is outside of its security model. Finally, the numerical analysis and experimental results demonstrate that our modified scheme does not distinctly decrease the computational efficiency of Lin et al.’s scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

XIA Qi,XU Chun-xiang

2009-01-01

Abstract:The security of Yang et al. verifiably encrypted signature schemes is analyzed.Although the scheme is proved security in the standard model,it is vulnerable to key substitution attack in a multi-user setting,where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users.A concrete instance of fair exchange of digital signature protocol is given to show that this kind attack can breach the fairness when they are used in fair exchange in a multi-user setting.

Fagen Li,Tsuyoshi Takagi

DOI: https://doi.org/10.1016/j.mcm.2011.06.043

2013-01-01

Mathematical and Computer Modelling

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. In 2009, Yu et al. [12] proposed an identity-based signcryption (IBSC) scheme in the standard model. In 2010, Zhang [17] pointed out that Yu et al.'s scheme does not have the indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) and proposed an improved IBSC scheme. He proved that the improved scheme has the IND-CCA2 property and existential unforgeability against adaptive chosen messages attacks (EUF-CMA). However, in this paper, an attack is proposed to show that Zhang's scheme does not have the IND-CCA2 property (not even chosen plaintext attacks (IND-CPA)). We present a fully secure IBSC scheme in the standard model. We prove that our scheme has the IND-CCA2 property under the decisional bilinear Diffie-Hellman assumption and has the EUF-CMA property under the computational Diffie-Hellman assumption. (C) 2011 Elsevier Ltd. All rights reserved.

Zhen Qin,Chen Yuan,Yilei Wang,Hu Xiong

DOI: https://doi.org/10.1016/j.ipl.2016.02.003

IF: 0.851

2016-01-01

Information Processing Letters

Abstract:ID-based signature enables users to verify signatures using only public identifier. Very recently, Rossi and Schmid (2015) [9] proposed two identity-based signature schemes along with the application to group communications. Unfortunately, by proposing concrete attack, we demonstrate that the former scheme is insecure against forgery attack, while the latter scheme has been totally broken in the sense that the signing key can be recovered from the valid signature easily.

Li Calsi, Davide

DOI: https://doi.org/10.1007/s11128-024-04564-x

IF: 1.965

2024-10-20

Quantum Information Processing

Abstract:A few years ago Hong et al. (Quantum Inf Process 16:236, 2017) proposed a quantum identity authentication protocol using single photons and executable on currently available quantum hardware. Zawadzki later published two attacks on this protocol, and suggested a mitigation in the same work. In this comment we point out an additional vulnerability that causes the prover Alice to leak a percentage of her secret key at every authentication attempt. The latter is due to a problematic policy in the generation and management of decoy states. We conclude by showing a simple mitigation that addresses the issue.

physics, multidisciplinary,quantum science & technology, mathematical

Zahid Mehmood,Gongliang Chen,Jianhua Li,Aiiad Albeshri

DOI: https://doi.org/10.3837/tiis.2017.03.027

2017-01-01

Abstract:Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.' s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.' s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.' s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.' s protocol, the proposed scheme is lightweight with improved security.

Xiong Li,Jianwei Niu,Muhammad Khurram Khan,Junguo Liao

DOI: https://doi.org/10.1109/ISBAST.2013.27

2013-01-01

Abstract:Remote user authentication is an important and efficient method to ensure security for many network-based application systems. So far, several dynamic identity based authentication schemes have been proposed to protect the user's anonymity. Recently, Sood pointed out the security weaknesses of a dynamic identity based authentication scheme, which was proposed by Wang et al. presented an improved scheme. However, in this paper, we demonstrate that Sood's scheme cannot resist leak of verifier attack, impersonation attack and server spoofing attack. Furthermore, Sood's scheme cannot achieve mutual authentication between the user and the server. Consequently, in this paper, we propose a new dynamic identity based user authentication scheme using elliptic curve cryptosystem to resolve all the aforementioned problems.

Shan Shan,Bo Zhang

DOI: https://doi.org/10.1007/s11277-024-11012-7

IF: 2.017

2024-04-19

Wireless Personal Communications

Abstract:Recently, Kasyoka et al. (Wirel Pers Commun 118:3349–3366, 2021) presented a new pairing free certificateless signcryption scheme for use in ubiquitous healthcare systems. Kasyoka et al. gave a formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack for their scheme in random oracle model. In this paper, we give a cryptographic analysis and the results show that, in their newly proposed scheme, internal users can forge the signcryption ciphertext sent to them. The more serious is that Kasyoka et al.'s scheme can not resist public key replacement attack. Any user can forge or unsigncrypt a signcryption ciphertext by launching a public key replacement attack without knowing partial private key. Therefore, Kasyoka et al.'s scheme is not safe for use in ubiquitous healthcare systems.

telecommunications

Zheng Yang,Shuangqing Li

DOI: https://doi.org/10.1016/j.ipl.2015.08.006

IF: 0.851

2016-01-01

Information Processing Letters

Abstract:In this paper, we revisit the security result of an authenticated key exchange (AKE) scheme proposed in AsiaCCS'14 by Alawatugoda, Stebila and Boyd (which is referred to as ASB scheme). The ASB scheme is proved to be secure in a new bounded (continuous) after-the-fact leakage extended Canetti–Krawczyk (B(C)AFL-eCK) model without random oracles, where the B(C)AFL-eCK is extended from the eCK model. However we disprove their security results. We first show an attack against ASB scheme in the eCK model. This also implies that the insecurity of ASB scheme in the B(C)AFL-eCK model. Secondly we point out that the security of ASB scheme is incorrectly reduced to DDH assumption. A solution is proposed to fix the problem of ASB scheme with minimum changes, which yields a new ASB' scheme. We prove the eCK security of ASB' in the random oracle model under Gap Diffie–Hellman assumption.

guobin zhu,hu xiong,ruijin wang,zhiguang qin

DOI: https://doi.org/10.1007/978-81-322-1759-6_12

2014-01-01

Abstract:As one of the fundamental cryptographic primitives, signcryption can achieve unforgeability and confidentiality simultaneously at the cost significantly lower than the signature-then-encryption approach in terms of computational costs and communication overheads. In view of the damage caused by the secret key leakage, Chen et al. proposed an efficient identity-based key-insulated signcryption (ID-KI-SC) scheme secure in the standard model recently. However, in this paper, we show that their scheme does not achieve the indistinguishability against adaptively chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptively chosen message attacks (EUF-CMA). Furthermore, we propose an improved scheme that remedies the weakness of Chen et al.' s scheme.

Qi Xia,Chunxiang Xu

DOI: https://doi.org/10.1109/dasc.2009.144

2009-01-01

Abstract:Recently, Yu et al. proposed two identity based signcryption schemes, one is an identity based signcryption scheme for multiple receivers and the other is an identity based signcryption scheme without random oracles. They showed their former scheme is secure against adaptive chosen ciphertext attacks and unforgeable in the random oracle model, and the latter scheme is secure against adaptive chosen ciphertext attacks and unforgeable in the standard model. In this paper, however, we show that their first scheme is vulnerable to universal forgery attack and their second scheme is not secure against adaptive chosen ciphertext attack.

Yu Chen,LiQun Chen,DongDai Lin

DOI: https://doi.org/10.1007/s11425-013-4673-2

2013-01-01

Science China Mathematics

Abstract:In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash functions of the original BF-IBE. Compared with prior proofs, our new proof provides a tighter security reduction and minimizes the use of random oracles, thus indicates BF-IBE has better provable security with our new choices of hash functions. The techniques developed in our proof can also be applied to improving security analysis of some other IBE schemes. As an independent technical contribution, we also give a rigorous proof of the Fujisaki-Okamoto (FO) transformation in the case of CPA-to-CCA, which demonstrates the efficiency of the FO-transformation (CPA-to-CCA), in terms of the tightness of security reduction, has long been underestimated. This result can remarkably benefit the security proofs of encryption schemes using the FO-transformation for CPA-to-CCA enhancement.

Cong Peng,Jianhua Chen,Lu Zhou,Kim-Kwang Raymond Choo,Debiao He

DOI: https://doi.org/10.1016/j.jisa.2020.102504

IF: 4.96

2020-01-01

Journal of Information Security and Applications

Abstract:Digital signatures are important cryptographic primitive for authentication. To resist quantum attacks, many post-quantum signature schemes have been proposed. Among them, isogeny-based signature schemes, such as SeaSign, rapid development in recent years along with the proposed CSIDH construction. In this paper, inspired by the Fiat-Shamir transform, we construct the first identity-based signature scheme based on isogenies from the isogeny-based identification scheme. Then, we analyze its security in the random oracle model under the hardness of the isogeny problem, and demonstrate that it achieves the required security properties. Finally, we evaluate the performance and give the corresponding computational and storage costs. (C) 2020 Elsevier Ltd. All rights reserved.

Yaqing Song,Chunxiang Xu,Yuan Zhang,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101851

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:<p>In this letter, we analyze the identity-based signature with conditional privacy-preserving authentication scheme (short for IBS-CPPA, published in Journal of Systems Architecture, doi: 10.1016/j.sysarc.2019.101692) and demonstrate that it cannot provide secure authentication between vehicles. Specifically, in IBS-CPPA, two types of adversaries can launch different attacks to forge a valid signature on any traffic-related message to impersonate a target vehicle, so as to invalidate the authentication between vehicles.</p>

computer science, software engineering, hardware & architecture