Hu Xiong,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1016/j.ins.2010.06.010

IF: 8.1

2013-01-01

Information Sciences

Abstract:Threshold signature is an extension of the standard signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key-escrow problem in the Identity-based (ID-based) cryptography. In this paper, we propose a certificateless threshold signature scheme with concrete implementation which is provably secure in the standard model. Furthermore, this scheme is proven secure against the malicious-but-passive KGC attack. To the best of author's knowledge, this is the first construction of certificateless threshold signature scheme that does not rely on random oracle or ideal ciphers.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2007.06.014

IF: 8.1

2007-01-01

Information Sciences

Abstract:This paper proposes the first certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. The scheme is secure against threshold chosen-ciphertext attack. It tolerates the Type I adversary that can replace public key and the Type II adversary that has access to the system's master key. The formal proof of security is presented in the random oracle model, assuming some underlying problems closely related to the Bilinear Diffie-Hellman Problem are computationally hard.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

H. Xiong,F. Li,Z. Qin

DOI: https://doi.org/10.1080/1206212x.2009.11441953

2009-01-01

Abstract:Recently, Paterson and Schuldt proposed an Identity-based (ID-based) signature scheme which is provably secure in the absence of random oracles. In this paper, we propose an ID-based threshold signature scheme based on their signature scheme. The proposed construction is proved secure in the standard model and its security rests on the hardness of discrete log assumption along with the computational Diffe-Hellman problem. To the best of our knowledge, previous-related schemes could only be proved secure in the random oracle model.Key Words: Identity-based threshold signatureprovable securitystandard model Additional informationNotes on contributorsH. XiongHu Xiong received his B.S. and M.S. degrees from University of Electronic Science and Technology of China in 2004 and 2006 respectively. He is now a Ph.D. candidate in School of Computer Science and Engineering, University of Electronic Science and Technology of China. His recent research interests include information security and cryptography.F. LiFagen Li received his B.S. degree from Luoyang Institute of Technology, Luoyang, P.R. China in 2001, M.S. degree from Hebei University of Technology, Tianjin, P.R. China in 2004, and Ph.D. degree in Cryptography from Xidian University, Xi’an, P.R. China in 2007. He is now a lecturer in the School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, P.R. China. His recent research interests include cryptography and network security.Z. QinZhiguang Qin isa professorinthe School of Computer Science and Engineering, University of Electronic Science and Technology of China. He received his Ph.D. degree from University of Electronic Science and Technology of China in 1996. His research interests include information security and computer network.

Tao Yang,Hu Xiong,Jianbin Hu,Yonggang Wang,Yong Deng,Biao Xiao,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-20291-9_39

2011-01-01

Abstract:Using our (t, n) threshold proxy signature scheme, the original signer can delegate the power of signing messages to a designated proxy group of a members. Any t or more proxy signers of the group can cooperatively issue a proxy signature on behalf of the original signer, but t - 1 or less proxy signers cannot. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography; the notion of certificateless public key cryptography was introduced. In this paper; we present a traceable certificateless threshold proxy signature scheme based on bilinear pairings. For the privacy protection, all proxy signers remain anonymous but can be traceable by KGC through a tag setting. We show the scheme satisfies the security requirements in the random oracle model. To the best of our knowledge; our scheme is the first traceable certificateless threshold proxy signature scheme from bilinear pairings.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/IJESDF.2014.064409

2014-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.1606

2010-01-01

Key Engineering Materials

Abstract:Liu et al. proposed the first certificateless signature scheme without random oracles in 2007. However, Xiong et al. showed that Liu et al.'s scheme is insecure against a malicious-but-passive KGC attack and proposed an improved scheme. In ISA 2009, Yuan et al. also proposed a new certificateless signature scheme without random oracles. Although they claimed that the two schemes are secure in the standard model, this paper shows that both Xiong et al.'s improved scheme and Yuan et al.'s new scheme are vulnerable to key replacement attack, where an adversary, obtaining a signature on a message and replacing the public key of a signer, can forge valid signatures on the same message under the replaced public key. We also give the corresponding modifications of the two schemes to resist key replacement attack.

Xun Sun,Jian-hua Li,Shu-tang Yang,Gong-liang Chen

DOI: https://doi.org/10.1631/jzus.a0720028

2008-01-01

Abstract:A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an identity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.

Zhong-mei Wan,Xue-jia Lai,Jian Weng,Sheng-li Liu,Yu Long,Xuan Hong

DOI: https://doi.org/10.1631/jzus.a0820714

2011-01-01

Abstract:Leakage of the private key has become a serious problem of menacing the cryptosystem security. To reduce the underlying danger induced by private key leakage, Dodis et al. (2003) proposed the first key-insulated signature scheme. To handle issues concerning the private key leakage in certificateless signature schemes, we devise the first certificateless key-insulated signature scheme. Our scheme applies the key-insulated mechanism to certificateless cryptography, one with neither certificate nor key escrow. We incorporate Waters (2005)’s signature scheme, Paterson and Schuldt (2006)’s identity-based signature scheme, and Liu et al. (2007)’s certificateless signature scheme to obtain a certificateless key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved under the non-pairing-based generalized bilinear Diffie-Hellman (NGBDH) conjecture, without utilizing the random oracle model; second, it solves the key escrow problem in identity-based key-insulated signatures.

Fei Li,Wei Gao,Yilei Wang,Xueli Wang

DOI: https://doi.org/10.4304/jcp.7.12.2987-2996

2012-01-01

Journal of Computers

Abstract:As the combination of certificateless encryption and threshold cryptography, the certificateless threshold decryption (CLTD) scheme can avoid both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. This paper presents a CLTD schemes from pairings. We use the Shamir secret sharing method to indirectly split the private keys in the group G into the shares in the finite field Zq. Our CLTD scheme succeed in involving much less pairing computation for generating or verifying decryption shares. The decryption share supports short length, fast generation and batch verification. Sharing the private key is completed by its holder himself without needing help from KGC. The security proof is provided in the random oracle model.

Wei Gao,Zhenyou Wang,Fei Li,Li'e Chen

DOI: https://doi.org/10.1109/cis.2009.40

2009-01-01

Abstract:We present a robust threshold signature scheme which is provably secure without random oracles under the computational Diffie-Hellman assumption. Our construction derives from a novel application of the recent signature scheme due to Waters. Compared with Wang et al.'s threshold signature scheme without random oracles, the signing procedure of our scheme is much more efficient in terms of communication and computation. In fact, our threshold signature scheme's efficiency is comparable to Boldyreva's threshold signature scheme which is provably secure in the random oracle model (ROM).

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1002/dac.2310

2013-01-01

International Journal of Communication Systems

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography as it does not require certificates in traditional public key cryptography and, at the same time, solves the inherent key escrow problem in identity-based cryptography. Recently, an efficient certificateless signature scheme without using pairings was proposed by He, Chen and Zhang. They claimed that it is provably secure under the discrete logarithm assumption in the random oracle model. However, in this paper, we show that their scheme is insecure against a type II adversary who can access to the master secret key of the system. Copyright (c) 2012 John Wiley & Sons, Ltd.

Bo Yang,Zhao Yang,Nengfei Liu,Shougui Li

DOI: https://doi.org/10.1109/cis.2015.89

2013-01-01

Abstract:Certificate less public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. Proposed a certificate less signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under the random oracle model. He et al. Pointed out that Xiong et al.'s scheme is insecure against the Type II adversary. But, their forged signatures are not random, and their improved scheme has the same security defects as Xiong et al.'s scheme. In this paper, we present two malicious-but-passive KGC attack methods on Xiong et al.'s scheme and our results show that their scheme is insecure against malicious-but-passive KGC attack. We also propose an improved scheme which is secure against the super Type I adversary and super Type II adversary.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2009.12.008

IF: 8.1

2010-01-01

Information Sciences

Abstract:As a practical extension of our previous work on certificateless threshold cryptosystem, this paper proposes the first direct certificateless threshold key encapsulation mechanism that inherits the same trust level of the original scheme and removes the length limitation of a traditional public key encryption. Security against threshold chosen-ciphertext attacks are proved in a random oracle model under a new assumption. It tolerates the Type I adversary that can replace public keys and the Type II adversary that has access to the system’s master key. The implied encapsulation scheme is very efficient when compared to the most efficient schemes in a traditional public key cryptosystem, and it is slightly more efficient in terms of key length and encapsulation speed when compared to the identity-based cryptosystems that have the same ciphertext overhead. Finally, we describe several potential modifications of our scheme.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Man Ho Au,Jing Chen,Joseph K. Liu,Yi Mu,Duncan S. Wong,Guomin Yang

DOI: https://doi.org/10.1145/1229285.1266997

2006-01-01

Abstract:ABSTRACTIdentity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

Haomin Yang,Yaoxue Zhang,Yuezhi Zhou

DOI: https://doi.org/10.1109/wicom.2012.6478268

2012-01-01

Abstract:Certificateless public key cryptography has appealing features, namely it does not require the use of certificates and yet does not have a private key escrow property. In this paper, we propose a certificateless challenge-response signature scheme from bilinear pairings and a dual version of it, and prove these schemes secure under the bilinear Diffie-Hellman assumption in the random oracle model. Using the signatures as blocking blocks, we propose a certificateless two-party key agreement protocol. The proposed key agreement protocol preserves the desirable security properties. The protocol requires each party to compute one pairing operation, three scalar multiplications and no modular exponentiation. Compared with the other related protocols, the protocol has advantages in both security and computational efficiency.

ZHANG Qiu-yu,ZHANG Jun-min,YU Dong-mei

2007-01-01

Abstract:In this paper,we shall propose a (t,n) threshold signature with(k,l) threshold-shared verification to be used in a group-oriented cryptosystem without a Shared Distribution Center(SDC).In this scheme,any t participants can represent a group (signing group) to sign a message,and any k participants can represent another another group(verifying group) to verify the signature.We need no SDC to distribute the public and private keys to all the participants in the two groups.Hence,this scheme is more practical in real-world application and more efficient than its predecessors in terms of communication and computationa;complexity as well as storage.

Hu Xiong,Zhong Chen,Zhiguang Qin

DOI: https://doi.org/10.1080/00207160.2011.568613

IF: 1.75

2011-01-01

International Journal of Computer Mathematics

Abstract:Key agreement protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities and which cannot be predetermined by any party. Key agreement can be achieved using a public key infrastructure or identity-based cryptography. However, the former suffers from a heavy certificate management burden, while the latter is subject to the so-called key escrow problem. Recently, the notion of certificateless public key cryptography (CL-PKC) was introduced to mitigate these limitations. In this paper, we introduce the notion of three-party authenticated key agreement into CL-PKC and propose a concrete certificateless three-party authenticated key agreement protocol. We show that the proposed protocol is secure (i.e. conforms to defined security attributes) while being efficient.

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.