Chenhuang Wu,Hui Huang,Kun Zhou,Chunxiang Xu

DOI: https://doi.org/10.23919/jcc.2021.01.013

2021-01-01

China Communications

Abstract:Digital signature, as an important cryptographic primitive, has been widely used in many application scenarios, such as e-commerce, authentication, cloud computing, and so on. Certificateless Public Key Cryptography (PKC) can get rid of the certificate management problem in the traditional Public Key Infrastructure (PKI) and eliminate the key-escrow problem in the identity-based PKC. Lately, a new Certificateless Signature (CLS) scheme has been proposed by Kyung-Ah Shim (IEEE SYSTEMS JOURNAL, 2018, 13(2)), which claimed to achieve provable security in the standard model. Unfortunately, we present a concrete attack to demonstrate that the scheme cannot defend against the Type I adversary. In this type of attack, the adversary can replace the public key of the signer, and then he plays the role of the signer to forge a legal certificateless signature on any message. Furthermore, we give an improved CLS scheme to resist such an attack. In terms of the efficiency and the signature length, the improved CLS is preferable to the original scheme and some recently proposed CLS schemes in the case of precomputation.

陈建华,叶胜男

DOI: https://doi.org/10.11896/jsjkx.201200117

2021-01-01

Computer Science

Abstract:Certificateless public key cryptosystem combines the advantages of identity-based cryptosystem and traditional PKI public key cryptosystem,overcomes the key escrow problem of identity-based public key cryptosystem and the certificate management problem of PKI system,and has obvious advantages.By analysing the security of a strongly secure certificateless signature scheme proposed by Hassouna,et al,it shows that the scheme cannot resist the attack of falsifying messages and do not use private key generated by system master key to sign.So it is not a certificateless signature scheme.On this basis,an improved certificateless signature scheme is proposed and it proves the scheme can resist the attack of the first class of strong adversaries and the second class of adversaries.In the random oracle model and under the assumption of the Diffie-Hellman problem of the elliptic curve,the improved scheme satisfies the existential forgery.

Jie Liu,Jianhua Li

DOI: https://doi.org/10.1109/isa.2008.37

2008-01-01

Abstract:Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al.’s scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al.’s scheme and makes it more efficient in computation and communication.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1002/dac.2310

2013-01-01

International Journal of Communication Systems

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography as it does not require certificates in traditional public key cryptography and, at the same time, solves the inherent key escrow problem in identity-based cryptography. Recently, an efficient certificateless signature scheme without using pairings was proposed by He, Chen and Zhang. They claimed that it is provably secure under the discrete logarithm assumption in the random oracle model. However, in this paper, we show that their scheme is insecure against a type II adversary who can access to the master secret key of the system. Copyright (c) 2012 John Wiley & Sons, Ltd.

吴晨煌,陈智雄,王海明,沈毅军

DOI: https://doi.org/10.3724/sp.j.1087.2009.00944

2009-01-01

Journal of Computer Applications

Abstract:The certificateless proxy signature scheme proposed by Fan Rui etc.was analyzed and their scheme turned out to be insecure.Furthermore,a serious security flaw was discovered in the proxy key generation algorithm,because the private key of the original signer could be recovered by the proxy signer.Unfortunately,the same security flaw was also found out in other proxy signature schemes.Finally,a comprehensive and improved scheme was proposed,whose security was based on the Computational Diffie-Hellman Problem(CDHP).

Hu Xiong,Zhiguang Qin,Fagen Li

2008-01-01

Fundamenta Informaticae

Abstract:In ASIACCS 2007, Liu et al proposed a certificateless signature scheme which is provably secure in the standard model. However, as we will show in this paper, the proposed scheme is insecure against a malicious-but-passive KGC attack. This implies that the malicious-but-passive KGC, which generates system parameters based on the information of the target user, can forge valid signatures for that signer without being detected. Furthermore, we propose an improved scheme that remedies the weakness of Liu et al's scheme. The improved scheme can be proven secure against malicious-but-passive KGC attack in the standard model.

Hou Guibin,Liu Jiaomin,Liu Wenyuan,Si Yali

DOI: https://doi.org/10.1109/csnt.2012.114

2012-01-01

Abstract:Based on the Hess signature scheme, a new efficient ID-based verifiably encrypted signature scheme was proposed. The scheme had the less pairing operations, and adjudicator signed a guarantee to avoid refusing to extract the common signature when resolving conflicts, thereby exchange signature protocol's fairness was enhanced. Compared with the other schemes, the proposed scheme was more efficient. At last its security was proved in the random oracle model. The proposed scheme was proved to be security assuming the computing Diffie-Hellman problem was hard.

Bo Yang,Zhao Yang,Nengfei Liu,Shougui Li

DOI: https://doi.org/10.1109/cis.2015.89

2013-01-01

Abstract:Certificate less public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. Proposed a certificate less signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under the random oracle model. He et al. Pointed out that Xiong et al.'s scheme is insecure against the Type II adversary. But, their forged signatures are not random, and their improved scheme has the same security defects as Xiong et al.'s scheme. In this paper, we present two malicious-but-passive KGC attack methods on Xiong et al.'s scheme and our results show that their scheme is insecure against malicious-but-passive KGC attack. We also propose an improved scheme which is secure against the super Type I adversary and super Type II adversary.

guobin zhu,hu xiong,ruijin wang,zhiguang qin

DOI: https://doi.org/10.1007/978-81-322-1759-6_12

2014-01-01

Abstract:As one of the fundamental cryptographic primitives, signcryption can achieve unforgeability and confidentiality simultaneously at the cost significantly lower than the signature-then-encryption approach in terms of computational costs and communication overheads. In view of the damage caused by the secret key leakage, Chen et al. proposed an efficient identity-based key-insulated signcryption (ID-KI-SC) scheme secure in the standard model recently. However, in this paper, we show that their scheme does not achieve the indistinguishability against adaptively chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptively chosen message attacks (EUF-CMA). Furthermore, we propose an improved scheme that remedies the weakness of Chen et al.' s scheme.

Liangliang Wang,Kefei Chen,Yu Long,Xianping Mao,Huige Wang

DOI: https://doi.org/10.1109/INCoS.2015.10

2015-01-01

Abstract:Certificateless public key cryptography was proposed to solve the key escrow problem in identity-based public key cryptography. Namely, a user's full private key must be comprised of a partial private key which is provided by the key generation center and a secret value which is chosen by the user. Thus the key generation center can no longer acquire each user's full private key by itself. In 2014, Yeh et al. proposed an efficient certificateless public key signature scheme without bilinear pairings. They also showed their scheme is secure against super adversary under the hardness of breaking discrete logarithm problem in the random model. In this paper, we modify Yeh et al.'s scheme to obtain a new scheme which is more practical than theirs. And our modified scheme can achieve the same security level as Yeh et al.'s scheme under the hardness of breaking discrete logarithm problem in the random model.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/IJESDF.2014.064409

2014-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.

Debiao He,Baojun Huang,Jianhua Chen

DOI: https://doi.org/10.1049/iet-ifs.2012.0176

2013-01-01

IET Information Security

Abstract:The certificateless public key cryptography has attracted wide attention since it could solve the certificate management problem in the traditional public key cryptography and the key escrow problem in the identity-based public key cryptography. Recently, several certificateless short signature schemes, which could satisfy the requirement of low-bandwidth communication environments, have been proposed. However, most of them are not secure against either the Type I adversary or the Type II adversary. In this study, the authors propose a new efficient certificateless short signature scheme. The analysis shows the authors' scheme has better performance than the related schemes and is secure against both of the super Type I and the super Type II adversaries.

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.1606

2010-01-01

Key Engineering Materials

Abstract:Liu et al. proposed the first certificateless signature scheme without random oracles in 2007. However, Xiong et al. showed that Liu et al.'s scheme is insecure against a malicious-but-passive KGC attack and proposed an improved scheme. In ISA 2009, Yuan et al. also proposed a new certificateless signature scheme without random oracles. Although they claimed that the two schemes are secure in the standard model, this paper shows that both Xiong et al.'s improved scheme and Yuan et al.'s new scheme are vulnerable to key replacement attack, where an adversary, obtaining a signature on a message and replacing the public key of a signer, can forge valid signatures on the same message under the replaced public key. We also give the corresponding modifications of the two schemes to resist key replacement attack.

Han Shen,Jianhua Chen,Hao Hu,Jian Shen

DOI: https://doi.org/10.1587/transfun.E99.A.660

2016-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Recently, H. Liu et al. [H. Liu, M. Liang, and H. Sun, A secure and efficient certificateless aggregate signature scheme, IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, vol.E97-A, no.4, pp.991-915, 2014] proposed a new certificateless aggregate signature (CLAS) scheme and demonstrated that it was provably secure in the random oracle model. However, in this letter, we show that their scheme cannot provide unforgeability, i.e., an adversary having neither the user's secret value nor his/her partial private key can forge a legal signature of any message.

Zhong-mei Wan,Xue-jia Lai,Jian Weng,Sheng-li Liu,Yu Long,Xuan Hong

DOI: https://doi.org/10.1631/jzus.a0820714

2011-01-01

Abstract:Leakage of the private key has become a serious problem of menacing the cryptosystem security. To reduce the underlying danger induced by private key leakage, Dodis et al. (2003) proposed the first key-insulated signature scheme. To handle issues concerning the private key leakage in certificateless signature schemes, we devise the first certificateless key-insulated signature scheme. Our scheme applies the key-insulated mechanism to certificateless cryptography, one with neither certificate nor key escrow. We incorporate Waters (2005)’s signature scheme, Paterson and Schuldt (2006)’s identity-based signature scheme, and Liu et al. (2007)’s certificateless signature scheme to obtain a certificateless key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved under the non-pairing-based generalized bilinear Diffie-Hellman (NGBDH) conjecture, without utilizing the random oracle model; second, it solves the key escrow problem in identity-based key-insulated signatures.

Zhongmei Wan,Xuejia Lai,Jian Weng,Jiguo Li

DOI: https://doi.org/10.1109/icist.2011.5765252

2011-01-01

Abstract:To mitigate the damages of key-exposure, Dodis, Katz, Xu, and Yung, in Eurocrypt 2002, proposed a new paradigm called key-insulated security which provides tolerance against key exposures. Recently many identity-based key insulated signatures schemes have been proposed, however the problem of key escrow is inherent in this setting. To overcome this problem, certificateless public key cryptography was introduced in 2003. In this paper, we extend ID-based key-insulated signatures to certificateless scenarios and propose a certificateless key-insulated signature scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated in the random oracle model.

Miaomiao Tian,Wei Yang,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2013-976

2014-01-01

Fundamenta Informaticae

Abstract:Certificateless cryptography is a new type of public key cryptography, which removes the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Multi-proxy signature is an extension of proxy signature, which allows an original signer authorizing a group of proxy signers and only the cooperation of all proxy signers in the group can create valid proxy signatures on behalf of the original signer. Recently, Jin and Wen combined certificateless cryptography with multi-proxy signature, and proposed a model as well as a concrete scheme of certificateless multi-proxy signature. They claimed that their scheme is provably secure in their security model. Unfortunately, in this paper by giving two attacks, we will show that their certificateless multi-proxy signature scheme can be broken. The first attack indicates their security model is flawed and the second attack indicates their certificateless multi-proxy signature scheme is insecure. Possible improvements are also suggested to prevent these attacks.

Liangliang Wang,Kefei Chen,Yu Long,Huige Wang

DOI: https://doi.org/10.1002/sec.1421

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:An aggregate signature refers to a signature, by which n signatures sigma(1),...,sigma(n) corresponding to n messages m(1),...,m(n) and n users u(1),...,u(n) can be transformed into a single short signature (sigma) over bar. Besides, anyone can be convinced by the single short signature that the n messages m(1),...,m(n) were definitely signed by the n users u(1),...,u(n) correspondingly. The concept of certificateless cryptography is proposed, so as to settle the key escrow problem in ID-based cryptography and eliminate the demand for certificates in certified cryptography. A certificateless signature scheme was proposed by Chen et al. in 2014, which was extended into a certificateless aggregate signature scheme. In this paper, two attacks are firstly provided, so as to indicate that the certificateless signature scheme is insecure against a Type I adversary and a Type II adversary. And then, it is demonstrated that the certificateless aggregate signature scheme is not able to achieve the security levels they claimed due to the weaknesses of the certificateless signature scheme. Copyright (c) 2016 John Wiley & Sons, Ltd.

Han Shen,Jianhua Chen,Jian Shen,Debiao He

DOI: https://doi.org/10.1002/sec.1480

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Recently, Chen et al. proposed a certificateless aggregate signature scheme with efficient verification. They claimed that their scheme could resist attacks of Type I adversary and Type II adversary. Unfortunately, we present a universal attack to demonstrate that their scheme cannot provide unforgeability. The adversary in the proposed attack can forge a legal signature on any message without any users' secret information. Copyright © 2016 John Wiley & Sons, Ltd.

Hu Xiong,Songyang Wu,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1007/s11277-014-2106-3

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:As an important approach to resist the threat of key leakage, key insulated security allows secret keys to be periodically updated by using a physically-secure but computation-limited device. Recently, key insulated mechanism has been introduced into identity based (ID-based) signature to solve the key-leakage problem in ID-based signature scenarios. In this paper, we present two compact ID-based key-insulated signature schemes that try to minimize the total amount of message and signature. Compared with the up-to-date ID-based key-insulated signatures, our schemes enjoy the minimum net bandwidth and computation overhead. We also provide formal security proofs of our schemes under the Computational Diffie–Hellman assumption in the random oracle model. We focus on potential applications of our schemes to secret handshakes, but we believe they will find many other applications as well.