Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

sun hua,guo li,wang aimin

2011-01-01

Abstract:Signcryption is a cryptographic primitive which provides authentication and confidentiality simultaneously with a computational cost lower than signing and encryption respectively. The ring signcryption has anonymity in addition to authentication and confidentiality, which allows any user to choose any set of users that includes himself and signcrypt messages without revealing who in the set has actually produced it. This paper presents an efficient identity-based ring signcryption scheme in the standard model, which proves its indistinguishability against adaptive chosen ciphertext attacks and existential unforgeability against adaptive chosen message and identity attacks in terms of the hardness of CDH problem and DBDH problem.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11556992_16

2005-01-01

Abstract:In PKC'04, a signcryption scheme with key privacy was proposed by Libert and Quisquater. Along with the scheme, some security models were defined with regard to the signcryption versions of confidentiality, existential unforgeability and ciphertext anonymity (or key privacy). The security of their scheme was also claimed under these models. In this paper, we show that their scheme cannot achieve the claimed security by demonstrating an insider attack which shows that their scheme is not semantically secure against chosen ciphertext attack (not even secure against chosen plaintext attack) or ciphertext anonymous. We further propose a revised version of their signcryption scheme and show its security under the assumption that the gap Diffie-Hellman problem is hard. Our revised scheme supports parallel processing that can help reduce the computation time of both signcryption and de-signcryption operations.

Chandrasekaran Pandurangan,Akash Gautam,Sangeetha Jose

DOI: https://doi.org/10.22667/JOWUA.2014.03.31.122

Abstract:Blind signatures have key role in real world applications like e-cash, e-voting etc. The first blind signature was proposed by Chaum under public key infrastructure(PKI) model. The inherent problem in PKI is the certificate management which is overcome by identity(ID) based system. The ID based system is susceptible to key escrow problem. By removing the inherent problems of both PKI and ID based cryptosystems, Al Riyami et al. proposed a new cryptosystem called certificateless cryptosystem. Certificateless blind signature overcomes inherent key escrow problem in identity based blind signatures and does not require expensive certificates as in the public key infrastructure. Even though different certificateless blind signatures are proposed in the literature, rigorous formal proof is absent for all the proposals. Therefore in this paper we propose a new efficient provably secure certificateless blind signature scheme whose security can be proven to be equivalent to solving computational Diffie-Hellman (CDH) and chosen-target CDH problem in the random oracle model. As per our knowledge, our scheme is the only certificateless blind signature scheme which is proven to be strongly unforgeable and satisfies blindness property.

Computer Science

Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signcryption and de-signcryption.

Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Wenyuan Liu,Zecui Xie,Jie Zhang,Baowen Wang,Yali Si

2011-01-01

Abstract:Recently, all of the identity-based generalized signcryption schemes were proved having no forward security, and can not guarantee the private key send-off after the leak of information. To resolve this problem, we introduce an identity-based generalized signcryption scheme with forward security by using the way of session key. At the same time, our scheme using multi-PKGs generates the private key to solve the problem of traditional key escrow. The private key is less dependent on the third part. Our scheme based on the bilinear Diffie-Hellman assumptions is secure against adaptive chosen cipher-text attacks in random oracle model. According to the multifunctional property of generalized signcryption, we propose a case that applies generalized signcryption scheme to a multifunctional E-mail system. © 2011 ISSN.

Wu Jian

DOI: https://doi.org/10.2495/isme20131592

2014-01-01

Abstract:Identity-based encryption and signature schemes that allow any pair of users to communicate securely and to verify each other's signatures without verifying certificate. A signcryption is a primitive that provides the properties of both digital signatures and encryption schemes in a way that is more efficient than signing and encrypting separately. Proxy signature schemes are a variation of ordinary digital signature scheme that allow a proxy signer to sign messages on behalf of the original singer which proxy signcryption simultaneously fulfill both the functions of signature and encryption in a single step with a lower computational cost than that required by the traditional signature-then-encryption. In this paper, we present identity-based proxy signcryption schemes with lower efficient..

Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

DOI: https://doi.org/10.1007/978-3-540-73408-6_6

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signeryption and de-signcryption.

Jiahui Chen,Jie Ling,Jianting Ning,Jintai Ding

DOI: https://doi.org/10.1093/comjnl/bxz013

2019-01-01

The Computer Journal

Abstract:In this paper, we proposed an idea to construct a general multivariate public key cryptographic (MPKC) scheme based on a user's identity. In our construction, each user is distributed a unique identity by the key distribution center (KDC) and we use this key to generate user's private keys. Thereafter, we use these private keys to produce the corresponding public key. This method can make key generating process easier so that the public key will reduce from dozens of Kilobyte to several bits. We then use our general scheme to construct practical identity-based signature schemes named ID-UOV and ID-Rainbow based on two well-known and promising MPKC signature schemes, respectively. Finally, we present the security analysis and give experiments for all of our proposed schemes and the baseline schemes. Comparison shows that our schemes are both efficient and practical.

Gang Yu,Xiaoxiao Ma,Yong Shen,Wenbao Han

DOI: https://doi.org/10.1016/j.tcs.2010.06.003

2010-01-01

Abstract:According to actual needs, a generalized signcryption scheme can flexibly work as an encryption scheme, a signature scheme or a signcryption scheme. In this paper, firstly, we give a security model for identity based generalized signcryption which is more complete than the existing model. Secondly, we propose an identity based generalized signcryption scheme. Thirdly, we give the security proof of the new scheme in this complete model. Compared with existing identity based generalized signcryption, the new scheme has less implementation complexity. Moreover, the new scheme has comparable computation complexity with the existing normal signcryption schemes.

Hu Xiong,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.2316/journal.202.2012.1.202-3156

2012-01-01

International Journal of Computers and Applications

Abstract:Signcryption is a cryptographic primitive that performs digitalsignature and public key encryption simultaneously at lower computational costs and communication overheads than the signature-then-encryption approach.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Bai Liu,Pengda Zhu,Kuikui Guo

DOI: https://doi.org/10.1063/5.0212258

IF: 1.697

2024-06-01

AIP Advances

Abstract:In recent years, identity-based quantum signature protocols have received much attention due to their unique advantages. Based on Bell states, we propose an efficient identity-based quantum signature scheme. In our scheme, the signer’s private key is generated from their identity information. The signer uses the private key and secret parameters to generate a signature for the verifier. The verifier, who possesses the identity information of the signer, can authenticate the signature. Our proposed scheme ensures signature non-forgeability and non-repudiation. In addition, the protocol does not require the preparation of long-term quantum memory or the performance of quantum swap tests, making it more efficient than previous schemes.

materials science, multidisciplinary,physics, applied,nanoscience & nanotechnology

Haibin Chen,Lei Zhang,Junyuan Xie,Chongjun Wang

DOI: https://doi.org/10.1109/TrustCom.2016.82

2016-01-01

Abstract:As a new paradigm, certificateless public key cryptography was introduced by AI-Riyami and Paterson. It resolves the high cost of certificate in the traditional public key cryptography and the inherent key escrow problem in the identity-based cryptography. Due to the advantages of certificateless public key cryptography, a new efficient certificateless blind signature scheme from bilinear maps is proposed, which requires less computational effort by comparing with previous constructions. The number of pairing operations in the signing and verification phase of our scheme is only one. This is probably the best to achieve in pairing based signature schemes. Furthermore, we show that the proposed scheme is provably secure in the random oracle model. The security of our scheme is proven based on the hardness of q-Strong Diffie-Hellman problem and the Inverse Computational Diffie-Hellman problem.

Yingjie Xia,Xuejiao Liu,Fubiao Xia,Guilin Wang

DOI: https://doi.org/10.1016/j.tcs.2015.12.025

IF: 1.002

2016-01-01

Theoretical Computer Science

Abstract:Since the invention of designated confirmer signatures (DCS), a number of schemes with various properties and different underlying mathematical problems have been developed. Although a considerable amount of work has been dedicated to the design of DCS schemes, the confusions of the security notions in the existing DCS models have not been formally discussed and clarified to achieve a proper level of confirmer's security. In order to achieve provable security, we propose a reduced security model and prove that a DCS cryptosystem only requires transcript-simulatability or alternatively invisibility plus non-transferability from a modelling perspective. Accompanied by the reduced DCS model, a generic DCS scheme is also constructed that still retains the feature of full verification, i.e., either the signer or the confirmer can interactively verify arbitrary signatures by providing a convincing proof. Our proposed scheme employs a computationally binding commitment scheme, together with an IND-CCA2 secure public encryption scheme, to achieve a provable security in the standard model. Meanwhile, we present an efficient concrete instantiation by using BLS signatures, CS-Paillier encryption scheme with labels, and Perdesen commitment scheme.

Sumithra Alagarsamy,S P Rajagopalan

DOI: https://doi.org/10.1371/journal.pone.0186207

IF: 3.7

2017-10-17

PLoS ONE

Abstract:Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Guilin Wang,Fubiao Xia,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-25516-8_28

2011-01-01

Abstract:After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer . If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification , in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analyzed in generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.

Jerzy Pejaś,Tomasz Hyla,Wojciech Zabierowski

DOI: https://doi.org/10.3390/e25091315

2023-09-09

Abstract:This paper addresses the certificate revocation problem and proposes the first revocable pairing-based signature scheme with implicit and explicit certificates (IE-RCBS-kCAA). We should no longer discuss whether to revoke certificates but how to do it effectively, ensuring both the scalability of the revocation operation and the non-repudiation of the signature in the short or long term. Under the computational difficulty assumptions of the modified collusion attack algorithm with k traitors (k-mCAA) and discrete logarithm (DL) problems, we demonstrate that our scheme is secure against existential unforgeability under chosen message attacks (EUF-IERCBS-kCAA-CMA) in a random oracle model. The proposed solution is scaled and allows the use of many trusted status authorities that issue explicit short-term certificates confirming the validity of explicit long-term certificates. Furthermore, we demonstrate that our signature scheme has a short-term non-repudiation property for the shell validity model.

Jinyong Chang,Yanyan Ji,Bilin Shao,Maozhi Xu,Rui Xue

DOI: https://doi.org/10.1109/TNET.2020.3013902

2020-12-15

IEEE/ACM Transactions on Networking

Abstract:Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks. As a public key cryptographic primitive, it also encounters the same problem of how to confirm the relationship between some public key $pk$ and the identity $ID$ of its owner. In the setting of distributed network coding, the intermediate and destination nodes need to use the public key of source node S to check the validity of vector-signature pairs. Therefore, the binding of S and its corresponding public key becomes crucial. The popular and traditional solution is based on certificates which are issued by a trusted certification authority (CA) center. However, the generation and management of certificates is extremely cumbersome. Hence, in recent work, Lin et al. proposed a new notion of identity-based homomorphic signature, which intends to avoid using certificates. But the key escrow problem is inevitable for identity-based primitives. In this article, we propose another new notion (for network coding): certificateless homomorphic signature (CLHS), which is a compromise for the above two techniques. In particular, we first describe the definition and security model of certificateless homomorphic signature. Then based on bilinear map and the computational Diffie-Hellman (CDH) assumption, give a concrete implementation and detailedly analyze its security. Finally, performance analysis illustrates that our construction is practical.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture