Jian Weng,Shengli Liu,Kefei Chen,Changshe Ma

DOI: https://doi.org/10.1007/11941378_29

2006-01-01

Abstract:In this paper, we apply the parallel key-insulation mechanism to identity-based encryption (IBE) scenarios, and minimize the damage caused by key-exposure in IBE systems. We first formalize the definition and security notions for ID-based parallel key-insulated encryption (IBPKIE) systems, and then propose an IBPKIE scheme based on Water's IBE scheme. To the best of our knowledge, this is the first IBPKIE scheme up to now. Our scheme enjoys two attractive features: (i) it is provably secure without random oracles; (ii) it not only allows frequent key updating, but also does not increase the risk of helper key-exposure.

Jian Weng,Kefei Chen,Shengli Liu,Xiangxue Li

2008-01-01

Journal of Software

Abstract:It is a worthwhile challenge to deal with the key-exposure problem in identity-based signatures. To deal with this problem, this paper adopts Dodis, et al.'s key-insulation mechanism to identity-based signature scenarios, and proposes an identity-based key-insulated signature scheme. The proposed scheme enjoys two attractive features:

Jian Weng,Shengli Liu,Kefei Chen,Xiangxue Li

DOI: https://doi.org/10.1007/11937807_2

2006-01-01

Abstract:Standard identity-based (ID-based) signature schemes typically rely on the assumption that secret keys are kept perfectly secure. However, with more and more cryptographic primitives are deployed on insecure devices (e.g. mobile devices), key-exposure seems inevitable. This problem is perhaps the most devastating attack on a cryptosystem since it typically means that security is entirely lost. To minimize the damage caused by key-exposure in ID-based signatures scenarios, Zhou et al. [32] applied Dodis et al.'s key-insulation mechanism [12] and proposed an ID-based key-insulated signature (IBKIS) scheme. However, their scheme is not strong key-insulated, i.e, if an adversary compromises the helper key, he can derive all the temporary secret keys and sign messages on behalf the legitimate user. In this paper, we re-formalize the definition and security notions for IBKIS schemes, and then propose a new IBKIS scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also enjoys desirable properties such as unbounded number of time periods and random-access key-updates.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.6138/jit.2011.12.4.13

2011-01-01

Abstract:The problem of key-exposure is an important issue in modern society due to the growing use of mobile devices. Weng et al. proposed an identity-based parallel key-insulated encryption (IBPKIE) scheme to solve the key-exposure problem in an identity-based cryptosystem. The scheme has long public parameters and a loose security reduction. Ren et al. presented a new IBPKIE scheme which had constant size public parameters and a tight reduction, and then extended it to a hierarchical IBPKIE (HIBPKIE) scheme. However, Wang et al. analyzed two schemes of Ren et al. and showed that they are not secure against chosen-plaintext attack. In this paper, we propose an improved IBPKIE scheme which achieves IND-ID-KI-CPA security without random oracles. Moreover, our scheme has short public parameters and a tight reduction. We then present an HIBPKIE scheme which achieves IND-sID-KI-CPA security without random oracles. In this scheme, the ciphertext size is independent of the level of the hierarchy in the HIBPKIE scheme.

Jianhong Chen,Kefei Chen,Yongtao Wang,Xiangxue Li,Yu Long,Zhongmei Wan

DOI: https://doi.org/10.15388/informatica.2012.347

2012-01-01

Informatica

Abstract:Key-insulated cryptography is an important technique to protect private keys in identity-based (IB) cryptosytems. Despite the flurry of recent results on IB key-insulated encryption (IBKIE) and signature (IBKIS), a problem regarding the security and efficiency of practicing IBKIE and IBKIS as a joint IB key-insulated signature/encryption scheme with a common set of parameters and keys remains open. To deal with the above question, we propose an identity-based key-insulated signcryption (IBKISC) scheme. Compared with the Sign-then-Encrypt (StE) and Encrypt-then-Sign (EtS) using IBKIE and IBKIS in the standard model, our proposed IBKISC scheme is the fastest with the shortest ciphertext size.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.1016/j.compeleceng.2006.11.003

IF: 4.152

2007-01-01

Computers & Electrical Engineering

Abstract:This paper proposes an identity-based threshold decryption scheme IB-ThDec and reduces its security to the Bilinear Diffie–Hellman problem. Compared with previous work, this conceals two pairing computations in the ciphertext validity verification procedure. The formal proof of security of this scheme is provided in the random oracle model. Additionally, we show that IB-ThDec can be applied to the threshold key escrow and the mediated cryptosystems.

Yanli Ren,Dawu Gu

DOI: https://doi.org/10.1016/j.jss.2009.07.046

IF: 3.5

2009-01-01

Journal of Systems and Software

Abstract:In order to mitigate the damages of key-exposure, key-insulated encryption introduces a helper key used to periodically update the decryption key. Under the usual circumstances, frequent updating increases the risk of helper key-exposure. Parallel key-insulated encryption (PKIE) supports frequent key updates without increasing the risk of helper key-exposure. In an identity-based cryptosystem, a private key generator (PKG) uses a master secret key to issue private keys to users based on their identities. In this paper, we propose a new identity-based parallel key-insulated encryption (IBPKIE) scheme which achieves IND-ID-KI-CCA2 security without random oracles. Our IBPKIE scheme has short public parameters and a tight reduction with an additive factor. Hierarchical identity-based cryptography was first proposed in 2002. It allows a root PKG to distribute workload by delegating private key generation and entity authentication tasks to lower-level PKGs. In this paper, we formalize the syntax and security model for a hierarchical identity-based parallel key-insulated encryption (HIBPKIE) scheme. We then propose an HIBPKIE scheme with constant size ciphertext, and prove that it achieves IND-ID-KI-CCA2 security without random oracles. To the best of our knowledge, this is the first HIBPKIE scheme up to now.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang,Zhenxing Qian

DOI: https://doi.org/10.1109/mines.2010.96

2010-01-01

Abstract:Anonymous identity-based encryption systems can be used to protect users’ privacy and construct Public key Encryption with Keyword Search (PEKS) schemes where the ciphertext does not leak the identity of the recipient. Currently, there is no anonymous IBE scheme that is fully secure under simple assumptions without random oracles. In this paper, we propose an anonymous IBE scheme using the approach of Dual System Encryption. The scheme is fully secure without random oracles based on decisional bilinear Diffie-Hellman (BDH) and linear assumptions, and the security reduction is tight. These two assumptions are simple and our scheme is more secure than the previous anonymous IBE schemes.

Zhongmei Wan,Xuejia Lai,Jian Weng,Jiguo Li

DOI: https://doi.org/10.1109/icist.2011.5765252

2011-01-01

Abstract:To mitigate the damages of key-exposure, Dodis, Katz, Xu, and Yung, in Eurocrypt 2002, proposed a new paradigm called key-insulated security which provides tolerance against key exposures. Recently many identity-based key insulated signatures schemes have been proposed, however the problem of key escrow is inherent in this setting. To overcome this problem, certificateless public key cryptography was introduced in 2003. In this paper, we extend ID-based key-insulated signatures to certificateless scenarios and propose a certificateless key-insulated signature scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated in the random oracle model.

Yuyang Zhou,Yuanfeng Guan,Zhiwei Zhang,Fagen Li

DOI: https://doi.org/10.1007/978-981-15-0818-9_3

2019-01-01

Abstract:The Snowden revelations show that powerful attackers can compromise user's machines to steal users' private information. At the same time, many of the encryption schemes that are proven to be secure in Random Oracle Model (ROM) may present undetectable vulnerabilities when implemented, and these vulnerabilities may reveal a users' secrets, e.g., the machine hides some backdoors without the user's awareness, and an attacker can steal the user's private information through these backdoors. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve this problem. However, there is no CRF for identity-based encryption (IBE) has been proposed. In this paper, we propose two CRF protocols for IBE. One is a one-round encryption protocol with CRF used on the receiver, and the other is a two-round encryption protocol with CRFs deployed on both sender and receiver. We prove that these two protocols can resist the exfiltration of secret information and one is only secure against a chosen plaintext attack (CPA), the other is semantically secure against an adaptive chosen ciphertext attack (IND-ID-CCA). Moreover, we use JPBC to implement our protocols. The experimental results indicate that our protocols have some advantages in communication cost. Under certain computation cost conditions, our protocols are efficient and practical.

Zhong-mei Wan,Xue-jia Lai,Jian Weng,Sheng-li Liu,Yu Long,Xuan Hong

DOI: https://doi.org/10.1631/jzus.a0820714

2011-01-01

Abstract:Leakage of the private key has become a serious problem of menacing the cryptosystem security. To reduce the underlying danger induced by private key leakage, Dodis et al. (2003) proposed the first key-insulated signature scheme. To handle issues concerning the private key leakage in certificateless signature schemes, we devise the first certificateless key-insulated signature scheme. Our scheme applies the key-insulated mechanism to certificateless cryptography, one with neither certificate nor key escrow. We incorporate Waters (2005)’s signature scheme, Paterson and Schuldt (2006)’s identity-based signature scheme, and Liu et al. (2007)’s certificateless signature scheme to obtain a certificateless key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved under the non-pairing-based generalized bilinear Diffie-Hellman (NGBDH) conjecture, without utilizing the random oracle model; second, it solves the key escrow problem in identity-based key-insulated signatures.

REN Yanli,GU Dawu,WANG Shuozhong,ZHANG Xinpeng

DOI: https://doi.org/10.3969/j.issn.0253-2778.2012.04.006

2012-01-01

Abstract:The anonymous identity-based encryption(IBE) schemes are currently only selective-ID secure without random oracles or provably secure under a complex assumption.An anonymous IBE scheme based on decisional bilinear Diffie-Hellman(BDH) assumption in a group of composite order was proposed,which is ANON-IND-ID-CPA secure without random oracles and only needs two bilinear pairing computations.This scheme is more secure and efficient than the existing ones.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Shi-Feng Sun,Dawu Gu,Zhengan Huang

DOI: https://doi.org/10.1093/comjnl/bxu110

2014-01-01

Abstract:With the purpose of taking physical attacks into account in security proofs, leakage-resilient cryptography has been initiated. Recently, many leakage-resilient cryptographic primitives have been proposed. In this paper, we put forward the first leakage-resilient wicked identity-based encryption (wicked IBE) scheme. To achieve this goal, we first present a new wicked IBE scheme in the composite order groups. The security proof of this scheme is achieved via the dual system encryption technique. In contrast with existing wicked IBE schemes, the new proposal can be proved fully secure in the standard model, even when the maximum hierarchy depth is a polynomial in the security parameter. Moreover, its security is based on some standard assumptions in the composite groups, which are independent of the hierarchy depth of the scheme. Based on this newly proposed scheme, we then put forward a fully secure leakage-resilient wicked IBE scheme in the bounded memory-leakage model. The leakage here is not only allowed on the user's secret key, but also on the master secret key. Its security is proved in the standard model by a hybrid argument in a sequence of computationally indistinguishable games. To the best of our knowledge, this is the first wicked IBE scheme in the context of leakage resilience.

Yu Long,Zheng Gong,Kefei Chen,Shengli Liu

2009-01-01

Abstract:This paper proposes an identity-based threshold key escrow scheme. The scheme is secure against identity-based threshold chosen-plaintext attack. It tolerates the passive adversary to access data of corrupted key escrow agency servers and the active adversary that can modify corrupted servers’ keys. The formal proof of security is presented in the random oracle model, assuming the Bilinear Di‐e-Hellman problem is computationally hard.

Zhen Liu,Duncan S. Wong,Jack Poon

DOI: https://doi.org/10.1145/2897845.2897849

2016-01-01

Abstract:In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang,Zhenxing Qian

DOI: https://doi.org/10.1007/978-3-642-25185-6_37

2011-01-01

Abstract:Parallel key-insulated encryption (PKIE) allows two independent long-term keys to be alternately used in short-term key update operations. At least half of short-term keys would be exposed and at least half of ciphertexts could be decrypted if one of the long-term keys is exposed. In this paper, we propose a new PKIE scheme with n long-term keys in the identity-based setting. If one of the long-term keys is exposed, only 1/n short-term keys would be exposed and 1/n ciphertexts could be decrypted, so the new PKIE scheme can greatly decrease loss due to key exposure. The scheme is adaptive-ID secure without random oracles, and it has a tight reduction. Moreover, its public key has a constant size, while sizes of ciphertexts and short-term keys depend on the number of long-term keys.

Xiujie Zhang,Chunxiang Xu,Wenzheng Zhang,Wanpeng Li

DOI: https://doi.org/10.1007/s11704-013-3051-0

IF: 2.6688

2013-01-01

Frontiers of Computer Science

Abstract:Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their constructions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leakage model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.

LONG Yu,CHEN Ke-Fei,HONG Xuan

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.09.023

2006-01-01

Chinese Journal of Computers

Abstract:This paper proposes a fully secure identity-based threshold decryption scheme IBThDec and reduces its security to the quadruple Decision Bilinear Diffie-Hellman problem. The formal security proof of this scheme is provided in the random oracle model. Additionally, the authors show that IB-ThDec can be used to certificateless public key cryptosystem and the identitybased dynamic threshold decryption system.