Hu Xiong,Zhi Guan,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2012.07.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:An aggregate signature scheme enables an algorithm to aggregate n signatures of n distinct messages from n users into a single short signature. This primitive is useful in resource-constrained environment since they allow bandwidth and computational savings. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we present an efficient certificateless aggregate signature scheme with constant pairing computations. The security of the proposed scheme can be proved to be equivalent to the standard computational Diffie–Hellman problem in the random oracle with a tight reduction. Furthermore, our scheme does not require synchronization for aggregating randomness, which makes it more suitable for ad hoc networks.

Han Shen,Jianhua Chen,Hao Hu,Jian Shen

DOI: https://doi.org/10.1587/transfun.E99.A.660

2016-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Recently, H. Liu et al. [H. Liu, M. Liang, and H. Sun, A secure and efficient certificateless aggregate signature scheme, IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, vol.E97-A, no.4, pp.991-915, 2014] proposed a new certificateless aggregate signature (CLAS) scheme and demonstrated that it was provably secure in the random oracle model. However, in this letter, we show that their scheme cannot provide unforgeability, i.e., an adversary having neither the user's secret value nor his/her partial private key can forge a legal signature of any message.

Yan XU,Liu-sheng HUANG,Miao-miao TIAN,Hong ZHONG,Jie CUI

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.011

2016-01-01

Abstract:Aggregate signature schemes are particularly useful for authentication in resource-constrained wireless net-works for realizing batch verification.Certificateless cryptosystems can resolve the certificate management problem or key es-crow problem in aggregate signature schemes.This paper firstly analyzed a certificatelss aggregate signature(CLAS)scheme. Then,a more efficient CLAS scheme that requires less bilinear paring operations was provided.The security analysis showed that this scheme can resist the forgery attack under the random oracle model,the security was equal to resolve CDH problem.

Jiang Deng,Chunxiang Xu,Huai Wu,Guangyuan Yang

DOI: https://doi.org/10.1109/cit.2014.159

2014-01-01

Abstract:Recently, Hou et al. Proposed an improved certificate less aggregate signature (CLASS) scheme based on Xiong et al's scheme. They also demonstrated the scheme is provably secure in the random oracle model. Unfortunately, by giving concrete attacks, we point out that Hou et al.'s scheme is not secure in their security model. Then, we propose an improved certificate less signature (CLS) scheme and use it to construct an improved certificate less aggregate signature (CLAS) scheme.

Liangliang Wang,Kefei Chen,Yu Long,Huige Wang

DOI: https://doi.org/10.1002/sec.1421

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:An aggregate signature refers to a signature, by which n signatures sigma(1),...,sigma(n) corresponding to n messages m(1),...,m(n) and n users u(1),...,u(n) can be transformed into a single short signature (sigma) over bar. Besides, anyone can be convinced by the single short signature that the n messages m(1),...,m(n) were definitely signed by the n users u(1),...,u(n) correspondingly. The concept of certificateless cryptography is proposed, so as to settle the key escrow problem in ID-based cryptography and eliminate the demand for certificates in certified cryptography. A certificateless signature scheme was proposed by Chen et al. in 2014, which was extended into a certificateless aggregate signature scheme. In this paper, two attacks are firstly provided, so as to indicate that the certificateless signature scheme is insecure against a Type I adversary and a Type II adversary. And then, it is demonstrated that the certificateless aggregate signature scheme is not able to achieve the security levels they claimed due to the weaknesses of the certificateless signature scheme. Copyright (c) 2016 John Wiley & Sons, Ltd.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1002/dac.2310

2013-01-01

International Journal of Communication Systems

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography as it does not require certificates in traditional public key cryptography and, at the same time, solves the inherent key escrow problem in identity-based cryptography. Recently, an efficient certificateless signature scheme without using pairings was proposed by He, Chen and Zhang. They claimed that it is provably secure under the discrete logarithm assumption in the random oracle model. However, in this paper, we show that their scheme is insecure against a type II adversary who can access to the master secret key of the system. Copyright (c) 2012 John Wiley & Sons, Ltd.

Han Shen,Jianhua Chen,Jian Shen,Debiao He

DOI: https://doi.org/10.1002/sec.1480

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Recently, Chen et al. proposed a certificateless aggregate signature scheme with efficient verification. They claimed that their scheme could resist attacks of Type I adversary and Type II adversary. Unfortunately, we present a universal attack to demonstrate that their scheme cannot provide unforgeability. The adversary in the proposed attack can forge a legal signature on any message without any users' secret information. Copyright © 2016 John Wiley & Sons, Ltd.

Jiang Deng,Chunxiang Xu,Huai Wu,Liju Dong

DOI: https://doi.org/10.1002/cpe.3551

2016-01-01

Abstract:SummaryTo satisfy the applications in certificateless environment, many researchers have been investigating certificateless aggregate signature schemes. Several schemes that are independent with the aggregated numbers are proposed to reduce the computation overhead. In these schemes, the pairing computations that in verification procedure needs are a constant value. Recently, Hou et al. proposed an improved certificateless aggregate signature scheme. They demonstrated the scheme is provably secure in the random oracle model. However, we find that their scheme is insecure in their security model by giving a concrete attack. Then, we propose an improved certificateless signature scheme and use it to construct a new certificateless signature scheme with enhanced security and aggregation. Furthermore, we provide formal security proof of our new scheme. Compared with other four schemes, our enhanced protocol is more suitable for realistic applications. Copyright © 2015 John Wiley & Sons, Ltd.

Hu Xiong,Qianhong Wu,Zhong Chen

2012-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures on n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme. Compared with up-to-date certificateless aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model; (2) the security is proven in the strongest security model so far; (3) the signers do not need to be synchronized; and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

D. He,J. Chen,R. Zhang

DOI: https://doi.org/10.1002/dac.1330

2011-01-01

International Journal of Communication Systems

Abstract:SUMMARYCertificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identitybased cryptography. The certificateless signature scheme is studied widely as an important primitive. Following the pioneering work done by Al‐Riyami et al., many certificateless signature schemes using bilinear pairings have been proposed ever since. However, the relative computation cost of the pairing is approximately 20 times higher than that of the scalar multiplication over the elliptic curve group. To improve the performance we propose a certificateless signature scheme without bilinear pairings. With the running time being reduced greatly, our scheme is more practical than the previous related schemes for practical application. Copyright © 2011 John Wiley & Sons, Ltd.

Zhen Yan,Haipeng Qu,Xi-Jun Lin

DOI: https://doi.org/10.1093/comjnl/bxae048

2024-06-09

The Computer Journal

Abstract:Abstract Recently, Qiao et al. proposed a novel construction of certificateless aggregate signature (CLAS) scheme to ensure the integrity and authenticity of medical data in healthcare wireless medical sensor networks (HWMSNs). They first created an underlying certificateless signature (CLS) scheme, and then proposed a CLAS scheme from the underlying CLS scheme by adding an aggregation algorithm and a verification algorithm. In this paper, we point out that their CLS scheme is insecure because the Type I adversary can forge valid signatures. That is, the unforgeability is not actually captured by their CLS scheme. Finally, we map our cryptanalysis to the practical application. That is, in the practical application of HWMSNs, the attacker can launch real attack to their CLS scheme using our cryptanalysis to forge signatures. Therefore, Qiao et al.’s CLS scheme can be totally broken.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Zheng Gong,Yu Long,Xuan Hong,Kefei Chen

2008-01-01

Abstract:Aggregate signature is a digital signature with a striking property that anyone can aggregate n individual signatures on n different messages which are signed by n distinct signers, into a single compact signature to reduce computational and storage costs. In this work, two practical certificateless aggregate signature schemes are proposed from bilinear maps. The first scheme CAS-1 reduces the costs of communication and signer-side computation but trades off the storage, while CAS-2 minimizes the storage but sacrifices the communication costs. One can choose either of the schemes by consideration of the application requirement. Compare with ID-based schemes, our schemes do not entail public key certificates as well and achieve the trust Level 3, which imply the frauds of the authority are detectable. Both of the schemes are proven secure in the random oracle model by assuming the intractability of the computational Diffie-Hellman problem over the groups with bilinear maps, where the forking lemma technique is avoided.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/IJESDF.2014.064409

2014-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1109/INCoS.2011.151

2011-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures of n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificate less aggregate signature scheme. Compared with up-to-date certificate less aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model, (2) the security is proven in the strongest security model so far, (3) the signers do not need to be synchronized, and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Chenhuang Wu,Hui Huang,Kun Zhou,Chunxiang Xu

DOI: https://doi.org/10.23919/jcc.2021.01.013

2021-01-01

China Communications

Abstract:Digital signature, as an important cryptographic primitive, has been widely used in many application scenarios, such as e-commerce, authentication, cloud computing, and so on. Certificateless Public Key Cryptography (PKC) can get rid of the certificate management problem in the traditional Public Key Infrastructure (PKI) and eliminate the key-escrow problem in the identity-based PKC. Lately, a new Certificateless Signature (CLS) scheme has been proposed by Kyung-Ah Shim (IEEE SYSTEMS JOURNAL, 2018, 13(2)), which claimed to achieve provable security in the standard model. Unfortunately, we present a concrete attack to demonstrate that the scheme cannot defend against the Type I adversary. In this type of attack, the adversary can replace the public key of the signer, and then he plays the role of the signer to forge a legal certificateless signature on any message. Furthermore, we give an improved CLS scheme to resist such an attack. In terms of the efficiency and the signature length, the improved CLS is preferable to the original scheme and some recently proposed CLS schemes in the case of precomputation.

Jayaprakash Kar,Xiaoguang Liu,Fagen Li

DOI: https://doi.org/10.1016/j.jisa.2021.102905

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Protecting data integrity and achieving non-repudiation in wireless sensor networks (WSNs) is very essential during data communication from one sensor to another. However, wireless sensor network nodes are severely limited by power, communication bandwidth, and storage space, so the traditional signature algorithm cannot be adapted to the environment. In this paper, we have proposed a certificateless aggregate signature scheme (CL-ASS) for WSNs. This scheme not only can significantly reduce the bandwidth consumed by network transmission and the occupancy of node storage space but also provides high privacy. In the random oracle model, we demonstrate the security of the scheme against two types of adversaries, under the assumption of the hardness of the computational Diffie–Hellman (CDH) Problem. Finally, the performance analysis shows that our scheme has an ideal computational and communication cost.

Debiao He,Yitao Chen,Jianhua Chen,Rui Zhang,Weiwei Han

DOI: https://doi.org/10.1016/j.mcm.2011.08.004

2011-01-01

Abstract:Certificateless public key cryptography (CLPKC), which can simplify the complex certificate management in the traditional public key cryptography and resolve the key escrow problem in identity-based cryptography, has been widely studied. As an important part of CLPKC, certificateless two-party authenticated key agreement (CTAKA) protocols have also received considerable attention. Recently, many CTAKA protocols using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. To improve the performance, several CTAKA protocols without pairings have been proposed. In this paper, we will show a latest CTAKA protocol is not secure against a type 1 adversary. To improve the security and performance, we also propose a new CTAKA protocol without pairing. At last, we show the proposed protocol is secure under the random oracle model.

LIU Wen-hao,XU Chun-xiang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.11.078

2010-01-01

Abstract:A few of certificateless key agreement schemes have been proposed in recent years,all of them need pairing operations,what's more,most of them are vulnerable to the key compromise impersonation attack and resistance to leakage of ephemeral keys.The provably secure certificateless key agreement protocol was proposed by Lippold in 2009,but their protocol suffered from computation burden.In order to solve the above-mentioned problem,this paper proposed a new pairing-free certificateless two party key agreement scheme (CL-KA) and presened its security properties.The new scheme was secure as long as each party had at least one uncompromised secret.Thus,the new scheme was secure even if the key generation centre learned the ephemeral secrets of both parties.The new scheme achieves efficiency in computational cost when compared with Lippold's protocol.

Liangliang Wang,Kefei Chen,Yu Long,Xianping Mao,Huige Wang

DOI: https://doi.org/10.1109/INCoS.2015.10

2015-01-01

Abstract:Certificateless public key cryptography was proposed to solve the key escrow problem in identity-based public key cryptography. Namely, a user's full private key must be comprised of a partial private key which is provided by the key generation center and a secret value which is chosen by the user. Thus the key generation center can no longer acquire each user's full private key by itself. In 2014, Yeh et al. proposed an efficient certificateless public key signature scheme without bilinear pairings. They also showed their scheme is secure against super adversary under the hardness of breaking discrete logarithm problem in the random model. In this paper, we modify Yeh et al.'s scheme to obtain a new scheme which is more practical than theirs. And our modified scheme can achieve the same security level as Yeh et al.'s scheme under the hardness of breaking discrete logarithm problem in the random model.