Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.1016/j.compeleceng.2006.11.003

IF: 4.152

2007-01-01

Computers & Electrical Engineering

Abstract:This paper proposes an identity-based threshold decryption scheme IB-ThDec and reduces its security to the Bilinear Diffie–Hellman problem. Compared with previous work, this conceals two pairing computations in the ciphertext validity verification procedure. The formal proof of security of this scheme is provided in the random oracle model. Additionally, we show that IB-ThDec can be applied to the threshold key escrow and the mediated cryptosystems.

Hu Xiong,Zhiguang Qin,Fagen Li

DOI: https://doi.org/10.1109/CIS.2008.104

2008-01-01

Abstract:The idea of threshold cryptography is to distribute secret information and computation among multi parties in order to prevent a single point of failure or abuse. Certificateless public key cryptography(CL-PKC) does not require certificates to guarantee the authority of public keys while avoids the inherent key escrow of identity-based cryptography(IBC). In this paper, we propose a certificateless threshold signature scheme with concrete implementation which is probably secure in the standard model. Furthermore, this scheme is proven secure against the malicious-but-passive KGC attack. To the best of authors' knowledge, this is the first construction of certificateless threshold signature scheme that does not rely on random oracle or ideal ciphers.

Hu Xiong,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1016/j.ins.2010.06.010

IF: 8.1

2013-01-01

Information Sciences

Abstract:Threshold signature is an extension of the standard signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key-escrow problem in the Identity-based (ID-based) cryptography. In this paper, we propose a certificateless threshold signature scheme with concrete implementation which is provably secure in the standard model. Furthermore, this scheme is proven secure against the malicious-but-passive KGC attack. To the best of author's knowledge, this is the first construction of certificateless threshold signature scheme that does not rely on random oracle or ideal ciphers.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2009.12.008

IF: 8.1

2010-01-01

Information Sciences

Abstract:As a practical extension of our previous work on certificateless threshold cryptosystem, this paper proposes the first direct certificateless threshold key encapsulation mechanism that inherits the same trust level of the original scheme and removes the length limitation of a traditional public key encryption. Security against threshold chosen-ciphertext attacks are proved in a random oracle model under a new assumption. It tolerates the Type I adversary that can replace public keys and the Type II adversary that has access to the system’s master key. The implied encapsulation scheme is very efficient when compared to the most efficient schemes in a traditional public key cryptosystem, and it is slightly more efficient in terms of key length and encapsulation speed when compared to the identity-based cryptosystems that have the same ciphertext overhead. Finally, we describe several potential modifications of our scheme.

Fei Li,Wei Gao,Yilei Wang,Xueli Wang

DOI: https://doi.org/10.4304/jcp.7.12.2987-2996

2012-01-01

Journal of Computers

Abstract:As the combination of certificateless encryption and threshold cryptography, the certificateless threshold decryption (CLTD) scheme can avoid both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. This paper presents a CLTD schemes from pairings. We use the Shamir secret sharing method to indirectly split the private keys in the group G into the shares in the finite field Zq. Our CLTD scheme succeed in involving much less pairing computation for generating or verifying decryption shares. The decryption share supports short length, fast generation and batch verification. Sharing the private key is completed by its holder himself without needing help from KGC. The security proof is provided in the random oracle model.

LONG Yu,CHEN Ke-Fei,HONG Xuan

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.09.023

2006-01-01

Chinese Journal of Computers

Abstract:This paper proposes a fully secure identity-based threshold decryption scheme IBThDec and reduces its security to the quadruple Decision Bilinear Diffie-Hellman problem. The formal security proof of this scheme is provided in the random oracle model. Additionally, the authors show that IB-ThDec can be used to certificateless public key cryptosystem and the identitybased dynamic threshold decryption system.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1002/dac.2310

2013-01-01

International Journal of Communication Systems

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography as it does not require certificates in traditional public key cryptography and, at the same time, solves the inherent key escrow problem in identity-based cryptography. Recently, an efficient certificateless signature scheme without using pairings was proposed by He, Chen and Zhang. They claimed that it is provably secure under the discrete logarithm assumption in the random oracle model. However, in this paper, we show that their scheme is insecure against a type II adversary who can access to the master secret key of the system. Copyright (c) 2012 John Wiley & Sons, Ltd.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.15388/informatica.2006.152

2006-01-01

Informatica

Abstract:This paper proposes a threshold key escrow scheme from pairing. It tolerates the passive adversary to access any internal data of corrupted key escrow agents and the active adversary that can make corrupted servers to deviate from the protocol. The scheme is secure against threshold adaptive chosen-ciphertext attack. The formal proof of security is presented in the random oracle model, assuming the decision Bilinear Diffie-Hellman problem is computationally hard.

Yu Long,Xiang-xue Li,Ke-fei Chen,Xuan Hong

DOI: https://doi.org/10.1007/s12204-009-0102-7

2009-01-01

Abstract:This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti’s adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.

Debiao He,Baojun Huang,Jianhua Chen

DOI: https://doi.org/10.1049/iet-ifs.2012.0176

2013-01-01

IET Information Security

Abstract:The certificateless public key cryptography has attracted wide attention since it could solve the certificate management problem in the traditional public key cryptography and the key escrow problem in the identity-based public key cryptography. Recently, several certificateless short signature schemes, which could satisfy the requirement of low-bandwidth communication environments, have been proposed. However, most of them are not secure against either the Type I adversary or the Type II adversary. In this study, the authors propose a new efficient certificateless short signature scheme. The analysis shows the authors' scheme has better performance than the related schemes and is secure against both of the super Type I and the super Type II adversaries.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/IJESDF.2014.064409

2014-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.

Yu Long,Zheng Gong,Kefei Chen,Shengli Liu

2009-01-01

Abstract:This paper proposes an identity-based threshold key escrow scheme. The scheme is secure against identity-based threshold chosen-plaintext attack. It tolerates the passive adversary to access data of corrupted key escrow agency servers and the active adversary that can modify corrupted servers’ keys. The formal proof of security is presented in the random oracle model, assuming the Bilinear Di‐e-Hellman problem is computationally hard.

Yu Long,Ke-fei Chen,Xian-ping Mao

DOI: https://doi.org/10.1007/s12204-014-1520-8

2014-01-01

Abstract:This study deals with the dynamic property of threshold cryptosystem. A dynamic threshold cryptosystem allows the sender to choose the authorized decryption group and the threshold value for each message dynamically. We first introduce an identity based dynamic threshold cryptosystem, and then use the Canetti-Halevi-Katz (CHK) transformation to transform it into a fully secure system in the traditional public key setting. Finally, the elegant dual system encryption technique is applied to constructing a fully secure dynamic threshold cryptosystem with adaptive security.

Xiujie Zhang,Chunxiang Xu,Wenzheng Zhang,Wanpeng Li

DOI: https://doi.org/10.1007/s11704-013-3051-0

IF: 2.6688

2013-01-01

Frontiers of Computer Science

Abstract:Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their constructions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leakage model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.

Changshe Ma,Kefei Chen,Dong Zheng,Shengli Liu

DOI: https://doi.org/10.1007/11556992_17

2005-01-01

Abstract:To make the system more secure and robust, threshold schemes are proposed to avoid single point failure. At the same time, there are more and more applications which utilize the two basic blocks encryption and digital signature to secure message delivery (such as SSL, SSH). Combining the three tools organically leads to an interesting security tool termed as threshold signcryption which can be used in distributed systems especially the mobile networks. In this paper, we present an efficient threshold signcryption scheme. The scheme is designed for an asynchronous network model which may better present practical distributed systems, especially Internet or mobile ad hoc networks. In order to resist mobile attacks, we add proactive property to our scheme. To the best of our knowledge, the proposed scheme is the first threshold signcryption scheme which is noninteractive, proactive and provably secure and works on asynchronous network models.

Zhong-mei Wan,Xue-jia Lai,Jian Weng,Sheng-li Liu,Yu Long,Xuan Hong

DOI: https://doi.org/10.1631/jzus.a0820714

2011-01-01

Abstract:Leakage of the private key has become a serious problem of menacing the cryptosystem security. To reduce the underlying danger induced by private key leakage, Dodis et al. (2003) proposed the first key-insulated signature scheme. To handle issues concerning the private key leakage in certificateless signature schemes, we devise the first certificateless key-insulated signature scheme. Our scheme applies the key-insulated mechanism to certificateless cryptography, one with neither certificate nor key escrow. We incorporate Waters (2005)’s signature scheme, Paterson and Schuldt (2006)’s identity-based signature scheme, and Liu et al. (2007)’s certificateless signature scheme to obtain a certificateless key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved under the non-pairing-based generalized bilinear Diffie-Hellman (NGBDH) conjecture, without utilizing the random oracle model; second, it solves the key escrow problem in identity-based key-insulated signatures.

Man Ho Au,Jing Chen,Joseph K. Liu,Yi Mu,Duncan S. Wong,Guomin Yang

DOI: https://doi.org/10.1145/1229285.1266997

2006-01-01

Abstract:ABSTRACTIdentity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

Florian Le Mouël,Maxime Godon,Renaud Brien,Erwan Beurier,Nora Boulahia-Cuppens,Frédéric Cuppens

2024-08-29

Abstract:Threshold cryptography has gained momentum in the last decades as a mechanism to protect long term secret keys. Rather than having a single secret key, this allows to distribute the ability to perform a cryptographic operation such as signing or encrypting. Threshold cryptographic operations are shared among different parties such that a threshold number of them must participate in order to run the operation. This makes the job of an attacker strictly more difficult in the sense that they would have to corrupt at least a threshold number of parties to breach the security. Most works in this field focus on asymmetric-key schemes that allow threshold signing or decrypting. We focus on the symmetric-key setting, allowing both threshold encryption and threshold decryption. Previous work relies on the presence of a trusted third party. Such a party may not exist in some use cases, and it represents a single point of failure. We propose to remove the requirement of a trusted third party by designing a dealer-free setup in which no entity can at any point obtain full knowledge of the secret keys. We implement a proof of concept of our construction in Python. We evaluate the proof of concept with timing metrics to compare to theoretical expectations and assess the cost in complexity of not relying on a trusted third party. While the setup phase suffers moderate additional cost, the encryption and decryption phases perform the same as the original algorithm.

Cryptography and Security

Xiujie Zhang,Chunxiang Xu,Wenzheng Zhang

DOI: https://doi.org/10.1109/EIDWT.2013.76

2013-01-01

Abstract:Threshold Public Key Encryption allows a set of servers to decrypt a cipher text if a given threshold of authorized servers cooperate. Forward security allows one to mitigate the damage caused by exposure of secret keys. Forward-secure public encryptions are used to the threshold setting, this model guarantees that even if an adversary have broken into more than t distinct servers(for some i), messages encrypted during all time periods prior to i remain secret. In this paper, we present the first probably secure (non-interactive) forward-secure threshold public-key encryption scheme against chosen-cipher text attacks in the random oracle model. The encryption and update operations are very efficient when compared with the scheme presented by Libert et al. A formal definition, as well as a detailed analysis of the security performance of this scheme, is presented. The security of this scheme is based on the Computational Bilinear Diffie Hellman assumption, which leads to a unique approach to prove security in the random oracle model. Furthermore, in our model, the servers update their keys individually and asynchronously, without any communication between them.