Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signcryption and de-signcryption.

Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

DOI: https://doi.org/10.1007/978-3-540-73408-6_6

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signeryption and de-signcryption.

Chung Li,Guomin Yang,Duncan Wong,Xiaotie Deng,Sherman Chow

DOI: https://doi.org/10.3233/jcs-2009-0374

2010-01-01

Journal of Computer Security

Abstract:In Information Processing Letters (2006), Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentiality nor anonymity. However, no discussion has been made on how a secure scheme can be made and there is no secure scheme available to date. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. We also give a variation of our scheme and extend it to a ring signcryption scheme by using the technique due to Boneh, Gentry, Lynn and Shacham.

Hu Xiong,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.6633/ijns.201307.15(4).12

2013-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overhead than signing and encrypting separately. Recently, Chung et al. proposed an anonymous ECC-based signcryption scheme. We show that their scheme is not secure even against a chosen-plaintext attack.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Wenyuan Liu,Zecui Xie,Jie Zhang,Baowen Wang,Yali Si

2011-01-01

Abstract:Recently, all of the identity-based generalized signcryption schemes were proved having no forward security, and can not guarantee the private key send-off after the leak of information. To resolve this problem, we introduce an identity-based generalized signcryption scheme with forward security by using the way of session key. At the same time, our scheme using multi-PKGs generates the private key to solve the problem of traditional key escrow. The private key is less dependent on the third part. Our scheme based on the bilinear Diffie-Hellman assumptions is secure against adaptive chosen cipher-text attacks in random oracle model. According to the multifunctional property of generalized signcryption, we propose a case that applies generalized signcryption scheme to a multifunctional E-mail system. © 2011 ISSN.

sun hua,guo li,wang aimin

2011-01-01

Abstract:Signcryption is a cryptographic primitive which provides authentication and confidentiality simultaneously with a computational cost lower than signing and encryption respectively. The ring signcryption has anonymity in addition to authentication and confidentiality, which allows any user to choose any set of users that includes himself and signcrypt messages without revealing who in the set has actually produced it. This paper presents an efficient identity-based ring signcryption scheme in the standard model, which proves its indistinguishability against adaptive chosen ciphertext attacks and existential unforgeability against adaptive chosen message and identity attacks in terms of the hardness of CDH problem and DBDH problem.

Hu Xiong,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.2316/journal.202.2012.1.202-3156

2012-01-01

International Journal of Computers and Applications

Abstract:Signcryption is a cryptographic primitive that performs digitalsignature and public key encryption simultaneously at lower computational costs and communication overheads than the signature-then-encryption approach.

Jianhua Yan,Licheng Wang,Lihua Wang,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1155/2013/702539

IF: 1.43

2013-01-01

Mathematical Problems in Engineering

Abstract:Signcryption is a cryptographic primitive that can perform digital signature and public encryption simultaneously at a significantly reduced cost. This advantage makes it highly useful in many applications. However, most existing signcryption schemes are seriously challenged by the booming of quantum computations. As an interesting stepping stone in the post-quantum cryptographic community, two lattice-based signcryption schemes were proposed recently. But both of them were merely proved to be secure in the random oracle models. Therefore, the main contribution of this paper is to propose a new lattice-based signcryption scheme that can be proved to be secure in the standard model.

Guomin Yang,Duncan S. Wong,Xiaotie Deng,Huaxiong Wang

DOI: https://doi.org/10.1007/11745853_23

2006-01-01

Abstract:Digital signature is one of the most important primitives in public key cryptography. It provides authenticity, integrity and non- repudiation to many kinds of applications. On signer privacy however, it is generally unclear or suspicious of whether a signature scheme itself can guarantee the anonymity of the signer. In this paper, we give some armative answers to it. We formally define the signer anonymity for digital signature and propose some schemes of this type. We show that a signer anonymous signature scheme can be very useful by proposing a new anonymous key exchange protocol which allows a client Alice to establish a session key with a server Bob securely while keeping her iden- tity secret from eavesdroppers. In the protocol, the anonymity of Alice is already maintained when Alice sends her signature to Bob in clear, and no additional encapsulation or mechanism is needed for the signa- ture. We also propose a method of using anonymous signature to solve the collusion problem between organizers and reviewers of an anonymous paper review system.

Ting-Chieh Ho,Yuh-Min Tseng,Sen-Shan Huang

DOI: https://doi.org/10.15388/24-infor546

2024-03-08

Informatica

Abstract:Signcryption integrates both signature and encryption schemes into single scheme to ensure both content unforgeability (authentication) and message confidentiality while reducing computational complexity. Typically, both signers (senders) and decrypters (receivers) in a signcryption scheme belong to the same public-key systems. When signers and decrypters in a signcryption scheme belong to heterogeneous public-key systems, this scheme is called a hybrid signcryption scheme which provides more elastic usage than typical signcryption schemes. In recent years, a new kind of attack, named side-channel attack, allows adversaries to learn a portion of the secret keys used in cryptographic algorithms. To resist such an attack, leakage-resilient cryptography has been widely discussed and studied while a large number of leakage-resilient schemes have been proposed. Also, numerous hybrid signcryption schemes under heterogeneous public-key systems were proposed, but none of them possesses leakage-resilient property. In this paper, we propose the first hybrid signcryption scheme with leakage resilience, called leakage-resilient hybrid signcryption scheme, in heterogeneous public-key systems (LR-HSC-HPKS). Security proofs are demonstrated to show that the proposed scheme provides both authentication and confidentiality against two types of adversaries in heterogeneous public-key systems.

computer science, information systems,mathematics, applied

Song-Kong Chong,Yi-Ping Luo,Tzonelih Hwang

DOI: https://doi.org/10.1103/PhysRevA.85.056301

2011-05-06

Abstract:Recently, Zou et al. [Phys. Rev. A 82, 042325 (2010)] pointed out that two arbitrated quantum signature (AQS) schemes are not secure, because an arbitrator cannot arbitrate the dispute between two users when a receiver repudiates the integrity of a signature. By using a public board, they try to propose two AQS schemes to solve the problem. This work shows that the same security problem may exist in their schemes and also a malicious party can reveal the other party's secret key without being detected by using the Trojan-horse attacks. Accordingly, two basic properties of a quantum signature, i.e. unforgeability and undeniability, may not be satisfied in their scheme.

Quantum Physics

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Hao Luo

DOI: https://doi.org/10.1587/transfun.e96.a.332

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:This paper proposes several improved Side-channel cube attacks (SCCAs) on PRESENT-80/128 under single bit leakage model. Assuming the leakage is in the output of round 3 as in previous work, we discover new results of SCCA on PRESENT. Then an enhanced SCCA is proposed to extract key related non-linear equations. 64-bit key for both PRESENT-80 and 128 can be obtained. To mount more effective attack, we utilize the leakage in round 4 and enhance SCCA in two ways. A partitioning scheme is proposed to handle huge polynomials, and an iterative scheme is proposed to extract more key bits. With these enhanced techniques, the master key search space can be reduced to 28 for PRESENT-80 and to 229 for PRESENT-128.

Gang Yu,Xiaoxiao Ma,Yong Shen,Wenbao Han

DOI: https://doi.org/10.1016/j.tcs.2010.06.003

2010-01-01

Abstract:According to actual needs, a generalized signcryption scheme can flexibly work as an encryption scheme, a signature scheme or a signcryption scheme. In this paper, firstly, we give a security model for identity based generalized signcryption which is more complete than the existing model. Secondly, we propose an identity based generalized signcryption scheme. Thirdly, we give the security proof of the new scheme in this complete model. Compared with existing identity based generalized signcryption, the new scheme has less implementation complexity. Moreover, the new scheme has comparable computation complexity with the existing normal signcryption schemes.

Jia-Zhu Dai,Xiao-Hu Yang,Jinxiang Dong

DOI: https://doi.org/10.1145/986537.986584

2004-01-01

Abstract:ABSTRACTProxy signatures are signature schemes that a signer (called original signer) delegates his signing capability to other people (called proxy signer), and the proxy signer creates signatures on behalf of the original signer. In application such as electronic voting and electronic commerce, the privacy may be concerned by the original signer. The original signer may hope that the proxy signers can sign on behalf of him without knowing the content of the signed message. Few efforts have been put on privacy protection of original signer in existed proxy signature schemes. In this paper, a privacy-protecting proxy signature scheme is proposed. In this scheme, the messages the original signer entrust to the proxy signer to sign on behalf of him are secret from the proxy signer during the generation of the proxy signature and from other people except the receiver designated by the original signer. Therefore, the privacy of the original signer is protected. The security of the proposed signature scheme is analyzed and its application to electronic voting is described.

Shamsher Ullah,Xiang-Yang Li,Lan Zhang

DOI: https://doi.org/10.1109/BIGCOM.2017.51

2017-01-01

Abstract:Now-a-days security is a challenging task in different types of networks, such as Mobile Networks, Wireless Sensor Networks (WSN) and Radio Frequency Identifications Systems (RFIS) etc, to overcome these challenges we use sincryption. Signcryption is a new public key cryptographic primitive that performs the functions of digital signature and encryption in single logical step. The main contribution of signcrytion scheme, it is more suitable for low constrained environment. Moreover some signcryption schemes based on RSA, Elliptic Curve (EC) and Hyper Elliptic Curve (HEC). This paper contains a critical review of signcryption schemes based on hyper elliptic curve, since it reduce communication and computational costs for low constrained devices. It also explores advantages and disadvantages of different signcryption schemes based on HEC.

Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Saru Kumari,Muhammad Khurram Khan,Rahul Kumar

DOI: https://doi.org/10.1007/s10916-013-9952-5

Abstract:To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.'s scheme and more suitable for TMIS.

Kaifeng Xiao,Xinjian Chen,Hongbo Li,Jianye Huang,Willy Susilo,Qiong Huang

DOI: https://doi.org/10.1016/j.ins.2023.120015

IF: 8.1

2023-01-01

Information Sciences

Abstract:In hospital information systems, large volumes of electronic diagnostic records (EDRs) take up most of the storage space. While cloud server providers can reduce the local storage burden on hospitals and provide data-sharing services, the potential threat of sensitive data leakage and non-traceability of diagnoses prevents hospitals from uploading patients' diagnostic records to remote cloud servers directly. Therefore, to address security and traceability issues, we propose a new construction of post-quantum secure signcryption scheme with a designated equality test based on lattices (LB-SCDET) in this paper. Our LB-SCDET scheme allows a designated tester to perform equality tests on signcrypt-ciphertexts of EDRs without leaking what the EDRs actually are. Compared to the recent LB-SCET scheme proposed by Le et al., our LB-SCDET scheme implements a designated mechanism and is secure against offline message recovery attacks (OMRA). The comparison shows that our scheme enjoys a higher level of security, albeit the ciphertext size is slightly larger. Finally, we prove the scheme to be secure under the hardness of the Learning-with-Errors problem and unidirectionality of the Short-Integer-Solution problem. To be of independent interest, we show that the LB-SCET scheme fails to achieve the claimed IND-CCA security.