Rongxing Lu,Zhenfu Cao,Xiaolei Dong

2007-01-01

Fundamenta Informaticae

Abstract:Identity based cryptography was introduced by Shamir in 1984, which avoids the trust problems encountered in the traditional Public Key Infrastructures. After Boneh and Franklin proposed the first full functional identity based encryption scheme from the bilinear pairings in 2001, many other identity based schemes using pairings have been proposed. However, how to design a practical identity based encryption scheme that avoids using the pairings is still an open problem today. In this paper, after studying and combining the advantages of the traditional public key system and identity based system, we formally define a new Limited identity based system and present a concrete Limited identity based encryption scheme on a different complexity assumption. The resulting scheme is not only provably secure against the chosen plaintext attack in the random oracle, but also especially suitable for some practical system, such as an email system.

Tianjie Cao,Dongdai Lin,Rui Xue

DOI: https://doi.org/10.1109/AINA.2005.203

2005-01-01

Abstract:Ring authenticated encryption has the following security requirements: semantic-security, recipient-designation, verification-dependence, verification-convertibility, recipient-ambiguity, recipient-verifiability, signer-ambiguity and signer-verifiability. Ring authenticated encryption can be used to enhance user privacy. In this paper, based on Boneh and Franklinyýs ID-based encryption scheme and Zhang and Kimýs ID-based ring signature scheme, we propose an ID-based ring authenticated encryption scheme. We also show that the proposed scheme satisfies the correctness property and all security requirements.

Mei Qi-xiang,He Da-ke,Yu Zheng

2006-01-01

Abstract:In Eurocrypt 2004, Canetti, Halevi and Katz proposed a method for constructing Chosen Ciphertext secure ( ie., CCA secure) public key encryption from any Selective-ID secure ID-Based Encryption (IBE). However, this method needs one time signature and thus adds noticeable overhead to the underling scheme. In this paper, a new CCA secure public key cryptosystem is constructed from the Adaptive-ID secure IBE scheme proposed by Waters. Here, the "identity" is the hash of the first two parts of the ciphertext, and the bilinear map is used to test the ciphertext validity. The proposal is much more efficient than those obtained from the general CHK. method. The security of the new scheme is proved under the standard Decisional Bilinear Diffie-Hellman (DBDH) assumption.

ZhenChao Zhu,Yuqing Zhang,Fengjiao Wang

DOI: https://doi.org/10.1016/j.csi.2008.09.023

IF: 3.721

2008-01-01

Computer Standards & Interfaces

Abstract:ID-based ring signcryption schemes (IDRSC) are usually derived from bilinear parings, a powerful but computationally expensive primitive. The number of paring computations of all existing ID-based ring signcryption schemes from bilinear pairings grows linearly with group size, which makes the efficiency of ID-based schemes over traditional schemes questionable. This paper presents a new identity-based ring signcryption scheme, which only takes four pairing operations for any group size and the scheme is proven to be indistinguishable against adaptive chosen ciphertext ring attacks (IND-IDRSC-CCA2) and existentially unforgeable against adaptive chosen message and identity attacks (EUF-IDRSC-ACMA) under the random oracle model.

Sheng-li Liu,Bao-an Guo,Qing-sheng Zhang

DOI: https://doi.org/10.1007/s12204-009-0086-3

2009-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user’s public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).

Zhen-Chuan Chai,Zhen-Fu Cao,Yuan Zhou

DOI: https://doi.org/10.1007/s11390-007-9014-x

IF: 1.871

2007-01-01

Journal of Computer Science and Technology

Abstract:Multi-decrypter encryption is a typical application in multi-user cryptographic branches. In multi-decrypter encryption, a message is encrypted under multiple decrypters' public keys in the way that only when all the decrypters cooperate, can the message be read. However, trivial implementation of multi-decrypter encryption using standard approaches leads to heavy computation costs and long ciphertext which grows as the receiver group expands. This consumes much precious bandwidth in wireless environment, such as mobile ad hoc network. In this paper, we propose an efficient identity based multi-decrypter encryption scheme, which needs only one or zero (if precomputed) pairing computation and the ciphertext contains only three group elements no matter how many the receivers are. Moreover, we give a formal security definition for the scheme, and prove the scheme to be chosen ciphertext secure in the random oracle model, and discuss how to modify the scheme to resist chosen ciphertext attack.

Shi-Feng Sun,Dawu Gu,Shengli Liu

DOI: https://doi.org/10.1002/sec.1429

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Due to the proliferation of side-channel attacks, many efforts have been made to construct cryptographic systems that remain provably secure even if part of the secret information is leaked to the adversary. Recently, there have been many identity-based encryption (IBE) schemes proposed in this context, almost all of which, however, can only achieve chosen plaintext attack (CPA) security. As far as we know, Alwen et al.'s IBE is the unique practical scheme secure against adaptive chosen ciphertext attacks (CCA2) in the standard model. Unfortunately, this scheme suffers from an undesirable shortcoming that the leakage parameter and the message length m are subject to + m logp - (log), where and p denote the security parameter and the prime order of the underlying group, respectively. Beyond that, the leakage ratio in this scheme is very low, which can just reach 1/6. In this work, we put forward two new IBE schemes, both of which are -leakage-resilient CCA2 secure in the standard model. Specifically, the first construction is proposed based on Gentry's IBE, which is quite practical and almost as efficient as the original scheme. Moreover, its leakage parameter, logp - (log), is independent of the size of the message space. To the best of our knowledge, it is the first practical leakage-resilient fully CCA2 secure IBE scheme in the standard model, tolerating up to (logp - (log))-bit leakage of the private key and its leakage parameter being independent of the message length. As to the second construction, it is proposed based on the scheme of Alwen et al., which has the same leakage parameter as Alwen et al., but has a better efficiency performance and a higher leakage ratio. As far as we know, it is the first practical and fully CCA2 secure leakage-resilient IBE scheme with leakage ratio up to 1/4. Copyright (c) 2016 John Wiley & Sons, Ltd.

Weifeng Wu,Fagen Li

DOI: https://doi.org/10.3837/tiis.2015.05.020

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

ZhenChao Zhu,Yuqing Zhang,Fengjiao Wang

DOI: https://doi.org/10.1007/978-3-540-88733-1_15

2008-01-01

Abstract:In this paper,we analyze an identity-based threshold signcryption (IDTSC)scheme proposed in ICCCAS’2008, although Li and Yu pointed out that the scheme is the first provably secure scheme which is secure against adaptive chosen ciphertext attacks and secure in the sense of unforgeability, we show that the signcryption in the scheme is easily forged by the appointed clerk who is one of the members , the clerk can impersonate the members to forge valid signcryption to any receiver, then we give a secure version which we prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Scheme turns out to be more efficient than the previously proposed schemes.

Yuyang Zhou,Yuanfeng Guan,Zhiwei Zhang,Fagen Li

DOI: https://doi.org/10.1007/978-981-15-0818-9_3

2019-01-01

Abstract:The Snowden revelations show that powerful attackers can compromise user's machines to steal users' private information. At the same time, many of the encryption schemes that are proven to be secure in Random Oracle Model (ROM) may present undetectable vulnerabilities when implemented, and these vulnerabilities may reveal a users' secrets, e.g., the machine hides some backdoors without the user's awareness, and an attacker can steal the user's private information through these backdoors. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve this problem. However, there is no CRF for identity-based encryption (IBE) has been proposed. In this paper, we propose two CRF protocols for IBE. One is a one-round encryption protocol with CRF used on the receiver, and the other is a two-round encryption protocol with CRFs deployed on both sender and receiver. We prove that these two protocols can resist the exfiltration of secret information and one is only secure against a chosen plaintext attack (CPA), the other is semantically secure against an adaptive chosen ciphertext attack (IND-ID-CCA). Moreover, we use JPBC to implement our protocols. The experimental results indicate that our protocols have some advantages in communication cost. Under certain computation cost conditions, our protocols are efficient and practical.

Sheng GUO,Zhenfu CAO,Rongxing LU

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.18.045

2006-01-01

Abstract:A new efficient ID-based authenticated encryption scheme is proposed, in which some characteristics of bilinear map are used. As the authentication and recovery are separated in this scheme, anyone can identify the source of the ciphertext, but only the receiver can recover the plaintext. What’s more, the proposed scheme is also very efficient regarding to the computation costs and the communication overheads.

Yu Chen,Manuel Charlemagne,Zhi Guan,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1755688.1755699

2010-01-01

Abstract:ABSTRACTMost traditional public key cryptosystems are constructed upon algebraically rich structures, which makes their key pairs combinable, i.e., the combination of some private keys and their corresponding public keys could form a new key pair. Exploring such combinable property, this paper proposes a novel Identity-Based Encryption (IBE) scheme based on the Diffie-Hellman Integrated Encryption Scheme (DHIES) with quadratic key combination structure from bilinear maps. The new scheme has a number of advantages over other IBE schemes. First, it uses DHIES to fulfill encryption, thus naturally obtains the security against adaptive chosen ciphertext attack from DHIES. Second, it is interoperable with existing security systems based on DHIES. Third, compared to many pairing-based IBE schemes, it only requires pairing computation during public key generation and there is no need for special hash function. We prove that our scheme is selective identity chosen ciphertext secure in the random oracle model assuming DHIES is chosen ciphertext secure. Additionally, the extract algorithm of our scheme also implies an identity-based short signature scheme.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.1016/j.compeleceng.2006.11.003

IF: 4.152

2007-01-01

Computers & Electrical Engineering

Abstract:This paper proposes an identity-based threshold decryption scheme IB-ThDec and reduces its security to the Bilinear Diffie–Hellman problem. Compared with previous work, this conceals two pairing computations in the ciphertext validity verification procedure. The formal proof of security of this scheme is provided in the random oracle model. Additionally, we show that IB-ThDec can be applied to the threshold key escrow and the mediated cryptosystems.

马融,曹珍富

DOI: https://doi.org/10.16183/j.cnki.jsjtu.2010.03.020

2010-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:This paper presented an efficient and secure identity-based encryption scheme. Compared to the previous scheme, it has the advantage of security or efficiency. This new scheme can achieve adaptive CCA2-security under BDH assumption with tight reduction. The construction was made by use of the ″Twin Diffie-Hellman″ technique proposed by Cash et al, only requiring one pairing computation during the encryption procedure.

Shan-shan DUAN,Zhen-fu CAO,Rong-xing LU

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.12.005

2005-01-01

Abstract:Based on the good properties of bilinear pairings on elliptic curves,many good ID-based cryptographic schemes have been proposed.However,in these proposed schemes,the private key generator(PKG) should be assumed to be trusted,while in real environment,this assumption does not always hold.To overcome this weakness,the threshold technology was used to devise a secure ID-based signcryption scheme.Because the threshold technology is adopted not only in the master key management but also in the group signature,the scheme can achieve high security and resist some malicious attacks under a certain threshold.

LONG Yu,CHEN Ke-Fei,HONG Xuan

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.09.023

2006-01-01

Chinese Journal of Computers

Abstract:This paper proposes a fully secure identity-based threshold decryption scheme IBThDec and reduces its security to the quadruple Decision Bilinear Diffie-Hellman problem. The formal security proof of this scheme is provided in the random oracle model. Additionally, the authors show that IB-ThDec can be used to certificateless public key cryptosystem and the identitybased dynamic threshold decryption system.

Junzuo Lai,Robert H. Deng,Shengli Liu,Jian Weng,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-55220-5_5

2015-01-01

Abstract:Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open. In this paper, we introduce a new primitive called extractable IBE and define its IND-ID-CCA security notion. We present a generic construction of SO-CCA secure IBE from an IND-ID-CCA secure extractable IBE with "One-Sided Public Openability"(1SPO), a collision-resistant hash function and a strengthened cross-authentication code. Finally, we propose two concrete constructions of extractable 1SPO-IBE schemes, resulting in the first simulation-based SO-CCA secure IBE schemes without random oracles.

guobin zhu,hu xiong,ruijin wang,zhiguang qin

DOI: https://doi.org/10.1007/978-81-322-1759-6_12

2014-01-01

Abstract:As one of the fundamental cryptographic primitives, signcryption can achieve unforgeability and confidentiality simultaneously at the cost significantly lower than the signature-then-encryption approach in terms of computational costs and communication overheads. In view of the damage caused by the secret key leakage, Chen et al. proposed an efficient identity-based key-insulated signcryption (ID-KI-SC) scheme secure in the standard model recently. However, in this paper, we show that their scheme does not achieve the indistinguishability against adaptively chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptively chosen message attacks (EUF-CMA). Furthermore, we propose an improved scheme that remedies the weakness of Chen et al.' s scheme.

Yu Chen,Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-27901-0_7

2012-01-01

Abstract:In EUROCRYPT 2004, Boneh and Boyen presented two efficient Identity Based Encryption (IBE) schemes that are selective-identity secure in the standard model. Particularly, the first one known as BB1 -IBE, which is characterized by commutative blinding technique (BB1 -style), distinguishes itself as the most fertile ground for many applications. They also proved that BB1 -IBE is fully secure in the random oracle model but with a looser reduction. In this paper, we propose a novel IBE scheme of BB1 -style, which is fully secure in the random oracle model with a tighter reduction. Additionally, we give a chosen ciphertext secure construction of our scheme from twin technique.

Jiqiang Liu,Sheng Zhong,Lei Han,Haifan Yao

2011-01-01

Abstract:Traditionally, when we encrypt long messages using a public key cryptosystem, we need an additional symmetric key cryptosystem to encrypt the message first. Then, the corresponding symmetric key is encrypted using the public key cryptosystem. To eliminate this requirement, public key cryptosystems for encrypting long messages have been designed. However, none of the existing public key cryptosystems for long messages is identity-based. In this paper, we give the first identity-based cryptosystem for encrypting long messages. Our cryptosystem is highly efficient in that it only needs 1 bilinear map operation for encrypting a long message. Furthermore, we show that computing any part of the plaintext message encrypted using our cryptosystem is as hard as breaking Boneh and Franklin's standard identity-based cryptosystem, even if the adversary knows all other parts of the message. We also extend our work to achieve chosen ciphertext security.