Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.15388/informatica.2006.152

2006-01-01

Informatica

Abstract:This paper proposes a threshold key escrow scheme from pairing. It tolerates the passive adversary to access any internal data of corrupted key escrow agents and the active adversary that can make corrupted servers to deviate from the protocol. The scheme is secure against threshold adaptive chosen-ciphertext attack. The formal proof of security is presented in the random oracle model, assuming the decision Bilinear Diffie-Hellman problem is computationally hard.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2009.12.008

IF: 8.1

2010-01-01

Information Sciences

Abstract:As a practical extension of our previous work on certificateless threshold cryptosystem, this paper proposes the first direct certificateless threshold key encapsulation mechanism that inherits the same trust level of the original scheme and removes the length limitation of a traditional public key encryption. Security against threshold chosen-ciphertext attacks are proved in a random oracle model under a new assumption. It tolerates the Type I adversary that can replace public keys and the Type II adversary that has access to the system’s master key. The implied encapsulation scheme is very efficient when compared to the most efficient schemes in a traditional public key cryptosystem, and it is slightly more efficient in terms of key length and encapsulation speed when compared to the identity-based cryptosystems that have the same ciphertext overhead. Finally, we describe several potential modifications of our scheme.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2007.06.014

IF: 8.1

2007-01-01

Information Sciences

Abstract:This paper proposes the first certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. The scheme is secure against threshold chosen-ciphertext attack. It tolerates the Type I adversary that can replace public key and the Type II adversary that has access to the system's master key. The formal proof of security is presented in the random oracle model, assuming some underlying problems closely related to the Bilinear Diffie-Hellman Problem are computationally hard.

Ang Gao,Wei Wei,Wenbo Shi

DOI: https://doi.org/10.1109/APSCC.2010.32

2010-01-01

Abstract:In wireless ad hoc networks environment, Bellovin and Merritt first developed a password-based Encrypted Key Exchange (EKE) protocol against offline dictionary attacks using both symmetric and public-key cryptography independent of the public key infrastructure (PKI). In this paper, we first discover that there exist some weaknesses in EKE protocol that is subjected to relay attacks based on the analysis result of BAN logic that we apply in protocol. In order to remedy the flaws, we propose an improved scheme— Efficient Password-Proven Key Exchange (EPPKE) protocol that generates the session key’s timestamp against relay attack, and verifies the authenticity of public key without online trusted third parties. The proposed protocol is also proven to be secure and trustworthy by BAN logic analysis. In comparison with other schemes, our measurements show that our proposed EPPKE protocol is more safety and requires less computations cost suitable for wireless ad hoc networks.

Yuanju Gan,Licheng Wang,Jianhua Yan,Yixian Yang

DOI: https://doi.org/10.4304/jsw.8.5.1245-1253

2013-01-01

Journal of Software

Abstract:Most threshold key encapsulation mechanisms (KEM) have been studied in a weak model–static corruption model or random oracle model. In this paper, we propose a threshold KEM scheme with provable security based on the bilinear groups of composite order in the standard model. We use a direct construction from Boyen-Mei-Waters’ KEM scheme and Libert and Yung’s threshold decryption scheme to obtain a threshold KEM scheme that can withstand adaptive chosen ciphertext attacks (CCA) and adaptive corruption attacks. However, to achieve a higher security level, our construction does not increase overall additional size of ciphertext compare to other schemes.

Feiyu Lei,Wen Chen,Kefei Chen

DOI: https://doi.org/10.1007/1-84628-352-3_16

2006-01-01

Abstract:We put forward a solution to secure threshold RSA cryptosystems in the adaptive adversary model. Most protocols in the current literature for threshold cryptosystems were secure only against static adversary, especially for threshold RSA which is harder to be distributed than discrete logarithm schemes due to the unknown order of RSA exponents. In this paper, we point out that Canetti's solution to RSA is not secure. Then we propose a simple efficient adaptive secure RSA signature. And the proofs of adaptive secure simulation is given.

Yu Long,Zheng Gong,Kefei Chen,Shengli Liu

2009-01-01

Abstract:This paper proposes an identity-based threshold key escrow scheme. The scheme is secure against identity-based threshold chosen-plaintext attack. It tolerates the passive adversary to access data of corrupted key escrow agency servers and the active adversary that can modify corrupted servers’ keys. The formal proof of security is presented in the random oracle model, assuming the Bilinear Di‐e-Hellman problem is computationally hard.

Bo Yang,Zhao Yang,Nengfei Liu,Shougui Li

DOI: https://doi.org/10.1109/cis.2015.89

2013-01-01

Abstract:Certificate less public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. Proposed a certificate less signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under the random oracle model. He et al. Pointed out that Xiong et al.'s scheme is insecure against the Type II adversary. But, their forged signatures are not random, and their improved scheme has the same security defects as Xiong et al.'s scheme. In this paper, we present two malicious-but-passive KGC attack methods on Xiong et al.'s scheme and our results show that their scheme is insecure against malicious-but-passive KGC attack. We also propose an improved scheme which is secure against the super Type I adversary and super Type II adversary.

CHEN Hao,ZHU Yan-qin,LUO Xi-zhao

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.15.031

2012-01-01

Abstract:Halevi’s adaptive leakage-resilient Public Key Encryption(PKE) scheme can only resist Chosen-Plaintext-Attack(CPA) but can not resist Chosen-Cipertext-Attack(CCA).This paper uses double encryption and non-interactive zero knowledge proof systems to improve the scheme,and proposes a formal definition on adaptive leakage-resilient against CCA.Based on the definition,an adaptive-resilient PKE against CCA is constructed.Security analysis shows that improved scheme has the same secret key size,and it is more secure.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/11780656_20

2006-01-01

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we show that the security requirements of their generic building blocks are insufficient to support some security claim stated in their paper. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.

Debiao He,Baojun Huang,Jianhua Chen

DOI: https://doi.org/10.1049/iet-ifs.2012.0176

2013-01-01

IET Information Security

Abstract:The certificateless public key cryptography has attracted wide attention since it could solve the certificate management problem in the traditional public key cryptography and the key escrow problem in the identity-based public key cryptography. Recently, several certificateless short signature schemes, which could satisfy the requirement of low-bandwidth communication environments, have been proposed. However, most of them are not secure against either the Type I adversary or the Type II adversary. In this study, the authors propose a new efficient certificateless short signature scheme. The analysis shows the authors' scheme has better performance than the related schemes and is secure against both of the super Type I and the super Type II adversaries.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

LU Xianhui,LAI Xuejia,HE Dake,LI Guomin

DOI: https://doi.org/10.3321/j.issn:1671-8836.2008.05.009

2008-01-01

Abstract:To check if a public key encryption scheme is secure against adaptive chosen ciphertext attacks,a security analysis method is proposed.According to the adversary's goal and information resource,adaptive chosen ciphertext attacks are classified into four categories and then the possibility of each category of attacks is analyzed.The proposed security analysis method distinguishes itself from the early security analysis in that it deals with the possibility of each of the attack categories rather than the search of a specific attack method.It is simpler and more intuitive than security proof.How to check the security of a scheme,which is adaptive chosen ciphertext secure in the random oracle model,in the real world is an open problem of the provable security research field.The proposed method provides a good solution to this problem.

Bo Qin,Qianhong Wu,Lei Zhang,Josep Domingo-Ferrer

DOI: https://doi.org/10.1016/j.ins.2012.04.038

IF: 8.1

2012-01-01

Information Sciences

Abstract:Threshold public-key encryption (TPKE) allows a set of users to decrypt a ciphertext if a given threshold of authorized users cooperate. Existing TPKE schemes suffer from either long ciphertexts with size linear in the number of authorized users or can only achieve non-adaptive security. A non-adaptive attacker is assumed to disclose her target attacking set of users even before the system parameters are published. The notion of non-adaptive security is too weak to capture the capacity of the attackers in the real world. In this paper, we bridge these gaps by proposing an efficient TPKE scheme with constant-size ciphertexts and adaptive security. Security is proven under the decision Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. This implies that our proposal preserves security even if the attacker adaptively corrupts all the users outside the authorized set and some users in the authorized set, provided that the number of corrupted users in the authorized set is less than a threshold. We also propose an efficient tradeoff between the key size and the ciphertext size, which gives the first TPKE scheme with adaptive security and sublinear-size public key, decryption keys and ciphertext.

Shuai Han,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-30620-4_5

2023-01-01

Abstract:In this paper, we consider tight multi-user security under adaptive corruptions, where the adversary can adaptively corrupt some users and obtain their secret keys. We propose generic constructions for a bunch of primitives, and the instantiations from the matrix decisional Diffie-Hellman (MDDH) assumptions yield the following schemes: As byproducts, our SIG and SC naturally derive the first strongly secure message authentication code (MAC) and the first authenticated encryption (AE) schemes achieving almost tight multi-user security under adaptive corruptions in the standard model. We further optimize constructions of SC, MAC and AE to admit better efficiency. Furthermore, we consider key leakages besides corruptions, as a natural strengthening of tight multi-user security under adaptive corruptions. This security considers a more natural and more complete “all-or-part-or-nothing” setting, where secret keys of users are either fully exposed to adversary (“all”), or completely hidden to adversary (“nothing”), or partially leaked to adversary (“part”), and it protects the uncorrupted users even with bounded key leakages. All our schemes additionally support bounded key leakages and enjoy full compactness. This yields the first SIG, PKE, SC, MAC, AE schemes achieving almost tight multi-user security under both adaptive corruptions and leakages.

Shengbao Wang,Zhenfu Cao,Haiyong Bao

DOI: https://doi.org/10.1007/11576259_38

2005-01-01

Abstract:Authenticated key agreement protocols are essential for secure communications in open and distributed environments. In 2004, Ryu et al. proposed an efficient two-party identity-based authenticated key agreement protocol based on pairings, However, in this paper, we demonstrate that their protocol is vulnerable to a key-compromise impersonation attack. The attacking scenario is described in details. Furthermore,we point out that their protocol provides the property of deniability and at the same time it is the mechanism used to achieve deniability that allows the key-compromise impersonation attack.

Linming Gong,Shundong Li,Qing Mao,Daoshun Wang,Jiawei Dou

DOI: https://doi.org/10.1016/j.tcs.2015.10.001

IF: 1.002

2016-01-01

Theoretical Computer Science

Abstract:In this study, we consider the problem of constructing a homomorphic encryption scheme that is secure against adaptive chosen ciphertext attack (CCA2). This type of scheme has many applications in secure multi-party computation, electronic voting, and cloud storage and computation. We present an encryption scheme, based on the composite degree residuosity classes, which can block CCA2 while maintaining homomorphism. Our cryptosystem, which is based on standard modular arithmetic, is provable with indistinguishable security under CCA2. An additional contribution of this study is a new definition of preventing CCA2 (or blocking CCA2).

lianjun chen,lei zhang,bo qin,qianhong wu,huanguo zhang

DOI: https://doi.org/10.1109/ICCDA.2010.5541104

2010-01-01

Abstract:Certificateless public key cryptography was introduced to address the heavy certificate management in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Two types of adversaries are considered in certificateless public key cryptography: Type I adversary (outsider) and Type II Adversary (honest-but-curious and/or malicious-but-passive key generation center). A secure certificateless encryption (CLE) scheme must be secure against both types of adversaries. In this paper, we illustrate a recently proposed threshold CLE scheme is insecure against Type I adversaries.