Yiming Li,Shengli Liu

DOI: https://doi.org/10.3233/jcs-220121

2024-01-01

Journal of Computer Security

Abstract:Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1109/icassp43922.2022.9746617

2022-01-01

Abstract:Online/offline identity-based signature (OO-IBS) is an adequate cryptographic tool to provide the message authentication and integrity in mobile devices, since it lightens the computational burden after the signer receives the message and eliminates the overhead of certificate management. It has several valuable applications, such as wireless sensor networks and automatic dependent surveillance-broadcast systems. Identity-based chameleon hash (IB-CH), as an alternative building block to construct OO-IBS, has been explored in several literatures. Nevertheless, almost all of the prior IB-CH schemes are in the random oracle model, which may lead to security risks in practicality. The only IB-CH scheme in the standard model proposed by Xie et al. (ICC'21) suffers from the large size of public parameters and inefficient setup process. In this paper, we propose an efficient IB-CH scheme in the standard model, significantly reducing the computational costs of all the algorithms and the size of public parameters compared with Xie's scheme. The security and experimental analyses demonstrate the security and good performance of our scheme. Furthermore, we applied our scheme to optimize the existing generic OO-IBS construction. Our optimized construction reduces computational overhead by 50.0% in the online phase compared with the original construction.

Junchi Xing,Mingliang Yang,Haifeng Zhou,Chunming Wu,Wei Ruan

DOI: https://doi.org/10.1109/IPCCC47392.2019.8958776

2019-01-01

Abstract:Network reconnaissance aims at gathering as much information as possible before an attack is launched. Meanwhile, static host address configuration facilitates network reconnaissance. Currently, more sophisticated network reconnaissance has been emerged with the adaptive and cooperative features. To address this, in this paper, we present Hiding and Trapping (HaT), which is a deceptive approach to disrupt adversarial network reconnaissance with the help of the software-defined networking (SDN) paradigm. HaT is able to hide valuable hosts from attackers and to trap them into decoy nodes through strategic and holistic host address mutation according to characteristic of adversaries. We implement a prototype of HaT, and evaluate its performance by experiments. The experimental results show that HaT is capable to effectively disrupt adversarial network reconnaissance with better deceptive performance than the existing address randomization approach.

Yu Chen,Zongyang Zhang,Dongdai Lin,Zhenfu Cao

DOI: https://doi.org/10.1093/comjnl/bxt090

2013-01-01

The Computer Journal

Abstract:In this paper, we introduce a general paradigm called identity-based extractable hash proof system (IB-EHPS), which is an extension of extractable hash proof system (EHPS) proposed by Wee (CRYPTO ’10). We show how to construct identity-based key encapsulation mechanism (IB-KEM) from IB-EHPS in a simple and modular fashion. Our construction provides a generic method of building and interpreting CCA-secure IB-KEMs based on computational assumptions. As instantiations, we realize IB-EHPS from the bilinear Diffie-Hellman assumption and the modified bilinear Diffie-Hellman assumption, respectively. Besides, we carefully investigate the relation between EHPS and IB-EHPS, and indicate possible refinement and generalization of EHPS.

Shengmin Xu,Jianting Ning,Jinhua Ma,Guowen Xu,Jiaming Yuan,Robert H. Deng

DOI: https://doi.org/10.1007/978-3-030-88418-5_16

2021-01-01

Abstract:Policy-based chameleon hash (PCH) is a cryptographic building block which finds increasing practical applications. Given a message and an access policy, for any chameleon hash generated by a PCH scheme, a chameleon trapdoor holder whose rewriting privileges satisfy the access policy can amend the underlying message without affecting the hash value. In practice, it is necessary to revoke the rewriting privileges of a trapdoor holder due to various reasons, such as change of positions, compromise of credentials, or malicious behaviours. In this paper, we introduce the notion of revocable PCH (RPCH) and formally define its security. We instantiate a concrete RPCH construction by putting forward a practical revocable attribute-based encryption (RABE) scheme which is adaptively secure under a standard assumption on prime-order pairing groups. As application examples, we show how to effectively integrate RPCH into mutable blockchain and sanitizable signature for revoking the rewriting privileges of any chameleon trapdoor holders. We implement our RPCH scheme and evaluate its performance to demonstrate its efficiency.

Song Luo,Zhong Chen

DOI: https://doi.org/10.1504/ijguc.2014.060182

2014-01-01

International Journal of Grid and Utility Computing

Abstract:Hierarchical Identity-Based Encryption (HIBE) is a generalisation of Identity- Based Encryption (IBE) which mirrors an organisational hierarchy. However, when the user decrypts a ciphertext encrypted to a hierarchical identity, he/she should know the exact hierarchical identity in order to run the delegate algorithm to get the secret key corresponding to the target hierarchical identity if the hierarchical identity linked with his/her key is a prefix of the target hierarchical identity. In this paper, we consider a new concept called HIBE without key delegation in decryption. In such HIBE systems, the user can decrypt the ciphertext directly without running the delegate algorithm even if his hierarchical identity is only a prefix of the target hierarchical identity. We present two HIBE systems, which are proven secure in the standard model under the decision BDH and l-BDHE assumptions, respectively. Both systems have the same decryption efficiency in pairing, compared with BB1-HIBE system and BBG-HIBE system, respectively.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/ijsia.2016.10.6.21

2016-01-01

International Journal of Security and Its Applications

Abstract:In traditional hierarchical identity based cryptosystems (HIBC), non-leaf entities as level PKGs are usually capable of deriving private keys for their descendants with use of their private keys, non-leaf entities can therefore act (decrypt or sign) on the behalf of their arbitrary descendants. This is called key escrow problem of HIBC. In order to resolve key escrow problem, a new technique - Identifier Discrimination is proposed in this paper for composing private keys for entities in hierarchy. With the technique, an identity selective secure HIBE scheme is constructed under Decisional Bilinear Diffie-Helleman (DBDH) assumption in standard security model, in which any identity is incapable of deriving private keys for any of its descendants with use of its private key, and the privilege of generating private keys for each individual descendant is delegated by the root PKG through authorization, that we call Authorization Delegation. Moreover, a new hierarchical identity based signature (HIBS) scheme is constructed from our HIBE construction, by applying Naor transformation of an identity-based signature (IBS) out of an IBE. Because of the inability of deriving its descendants' private keys with use its private key, an entity therefore cannot sign messages on behalf of any of its descendants, thus guaranteeing that authenticity and non-repudiation properties are achieved in our HIBS system.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/ijsia.2016.10.8.20

2016-01-01

International Journal of Security and Its Applications

Abstract:As Hierarchical Identity Based Encryption (HIBE) system usually maps the true institutional structure of an organization or entity relationship between objects in real world, It is important that computation & communication complexity of private key, ciphertext, cryptographic computations and so on related to an entity in the hierarchy is independent to the hierarchy depth of the entity. Moreover, key escrow problem that any non-leaf entity in a hierarchical identity based cryptosystem can derive private keys for its descendants with use of its private key should be resolved, in order to prevent any entity from behaving on behalf of its descendants. In this paper, a new technique is introduced for composing a private key for each individual entity in HIBE system by differentiating between non-local identifiers and local identifiers of the identity of the entity. That we call Identifier Discrimination. With the technique, A selective identity secure HIBE system is constructed under Decisional Bilinear Diffie-Hellman (DBDH) assumption without using random oracles, where the private key and the ciphertext consist of constant number of group elements, and decryption requires only three bilinear map computations, regardless of the identity hierarchy depth. Moreover, in contrast to previous HIBE constructions, where private key for an entity can be derived by its ancestors with direct use of their private keys, key escrow problem inherent in identity based cryptosystems is resolved in our HIBE construction. Privilege of deriving private keys for an entity can be delegated to any of its ancestors through authorization by distributing specifically crafted values to the ancestor in our HIBE system, that we call Authorized Delegation.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/astl.2016.134.22

2016-01-01

Abstract:In this paper, a new technique - Identifier Discrimination is proposed for composing private keys in hierarchical identity based systems, With the technique, we construct a selective identity secure HIBE system under Decisional Bilinear Diffie-Hellman (DBDH) assumption in standard security model, where the ciphertext and the private key consist of constant number of group elements, and decryption requires only three bilinear map computations, regardless of the identity hierarchy depth. Moreover, different from previous HIBE constructions, key escrow problem inherent in identity based cryptosystems is resolved in our HIBE construction. An entity in hierarchy can be authorized by the root PKG to be capable of deriving private keys for its descendants. That we call Authorized Delegation.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.1007/978-3-031-57725-3_10

2024-01-01

Abstract:Chameleon hash (CH) is a trapdoor hash function. Generally it is hard to find collisions, but with the help of a trapdoor, finding collisions becomes easy. CH plays an important role in converting a conventional blockchain to a redactable one. However, most of existing CH schemes are too weak to support redactable blockchains. The currently known CH schemes serving for redactable blockchains have the best security of so-called “full collision resistance ( f-CR )”, but they are built either in the random oracle model or rely on heavy tools like the simulation-sound extractable non-interactive zero-knowledge (SSE-NIZK) proof system. Moreover, up to now there is no CH scheme with post-quantum f-CR security in the standard model. Therefore, no CH can support redactable blockchains in a post-quantum way without relying on random oracles. In this paper, we introduce a variant of CH, namely tagged chameleon hash (tCH). Tagged chameleon hash takes a tag into hash evaluations and collision finding algorithms. We define two security notions for tCH, restricted collision resistance ( r-CR ) and full collision resistance ( f-CR ), and prove the equivalence between r-CR and f-CR when tCH works in the one-time tag mode. We propose a tCH scheme from lattices without using any NIZK proof, and prove that its restricted collision resistance is reduced to the Short Integer Solution (SIS) assumption in the standard model. We also show how to apply tCH to a blockchain in one-time tag mode so that the blockchain can be compiled to a redactable one. Our tCH scheme provides the first post-quantum solution for redactable blockchains, without resorting to random oracles or NIZK proofs. Besides, we also construct a more efficient tCH scheme with r-CR tightly reduced to SIS in the random oracle model, which may be of independent interest.

Xiangyu Liu,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-55304-3_36

2022-01-01

Abstract:We define the security notion of strong collision resistance for chameleon hash functions in the multi-user setting (S-MU-CR security). We also present three specific constructions $$\mathsf {CHF}_{dl}$$ , $$\mathsf {CHF}_{rsa}$$ and $$\mathsf {CHF}_{fac}$$ of chameleon hash functions, and prove their tight S-MU-CR security based on the discrete logarithm, RSA and factoring assumptions, respectively. In applications, we show that tightly S-MU-CR secure chameleon hash functions can lift a signature scheme from (weak) unforgeability to strong unforgeability with a tight security reduction in the multi-user setting.

Zhikang Xie,Qingni Shen,Cong Li,Jisheng Dong,Yuejian Fang

DOI: https://doi.org/10.1109/icc42927.2021.9500446

2021-01-01

Abstract:The rapid development of the mobile Internet makes it necessary to adopt efficient cryptographic primitives for the portable devices with limited computing resources. Online/offline identity-based signatures are suitable because of short response time of signature generation and being free from the cumbersome operations caused by public key infrastructures. In this paper, we propose the first identity-based chameleon hash which can be proved secure without the random oracle and show how to use it to translate any identity-based signature to an online/offline one.

P Thanalakshmi,R Anitha,N Anbazhagan,Woong Cho,Gyanendra Prasad Joshi,Eunmok Yang

DOI: https://doi.org/10.3390/s21248417

2021-12-16

Abstract:As a standard digital signature may be verified by anybody, it is unsuitable for personal or economically sensitive applications. The chameleon signature system was presented by Krawczyk and Rabin as a solution to this problem. It is based on a hash then sign model. The chameleon hash function enables the trapdoor information holder to compute a message digest collision. The holder of a chameleon signature is the recipient of a chameleon signature. He could compute collision on the hash value using the trapdoor information. This keeps the recipient from disclosing his conviction to a third party and ensures the privacy of the signature. The majority of the extant chameleon signature methods are built on the computationally infeasible number theory problems, like integer factorization and discrete log. Unfortunately, the construction of quantum computers would be rendered insecure to those schemes. This creates a solid requirement for construct chameleon signatures for the quantum world. Hence, this paper proposes a novel quantum secure chameleon signature scheme based on hash functions. As a hash-based cryptosystem is an essential candidate of a post-quantum cryptosystem, the proposed hash-based chameleon signature scheme would be a promising alternative to the number of theoretic-based methods. Furthermore, the proposed method is key exposure-free and satisfies the security requirements such as semantic security, non-transferability, and unforgeability.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1504/ijesdf.2013.054403

2013-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Lattice-based hierarchical identity-based signature HIBS schemes are receiving significant attention due to provable security reductions and potential security for quantum computers. However, most of the existing HIBS schemes based on lattices are less efficient for practical applications. To make lattice-based HIBS schemes become more practical, this paper presents an efficient HIBS scheme from lattices. Both the secret key size and the signature length of our proposal are much shorter than those of other lattice-based HIBS proposals. Our scheme is proven to be strongly unforgeable against adaptive identity attacks in the random oracle model. The security of the construction relies on the standard short integer solution SIS assumption.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.1007/s10207-018-0402-8

2018-01-01

International Journal of Information Security

Abstract:It has been almost one and a half decades since the introduction of the concept of hierarchical identity-based encryption (HIBE) systems, and many pairing-based HIBE systems have been proposed; however, how to achieve independent private key delegation in HIBE systems is still open. Independent private key delegation in HIBE systems requires that the following three conditions are satisfied: (1) private keys are not valid delegation credentials for deriving descendants’ private keys, (2) any entity intending to derive a private key for any one of its descendants should own a valid delegation credential distributed by the root private key generator (PKG), and (3) a credential is only valid for deriving private keys for a given descendant. We present a new technique for composing private keys for entities in HIBE systems that we call identifier discrimination, aiming at resolving the problem of independent private key delegation. With the technique, we construct a selective identity secure HIBE system under the decisional bilinear Diffie–Hellman (DBDH) assumption in the standard model with the following properties. (1) Every entity in the HIBE system is prevented from deriving private keys for its descendants with the only use of its private key and the public parameters. (2) The root PKG can delegate the privilege (if needed) of generating private keys for each individual entity to any of its ancestors through authorization that we call authorized delegation, by distributing a specifically crafted secret (delegation credential) to the ancestor. (3) The encryption privacy of each ciphertext for its intended recipient is achieved, that is, ciphertexts encrypted on identity of any entity cannot be decrypted by any of its ancestors that we call dedicated encryption privacy.

Junzuo Lai,Robert H. Deng,Shengli Liu

DOI: https://doi.org/10.1007/978-3-642-19379-8_14

2011-01-01

Abstract:In STOC'08, Peikert and Waters introduced a new powerful primitive called lossy trapdoor functions (LTDFs) and a richer abstraction called all-but-one trapdoor functions (ABO-TDFs). They also presented a black-box construction of CCA-secure PKE from an LTDF and an ABO-TDF. An important component of their construction is the use of a strongly unforgeable one-time signature scheme for CCA-security.In this paper, we introduce the notion of chameleon ABO-TDFs, which is a special kind of ABO-TDFs. We give a generic as well as a concrete construction of chameleon ABO-TDFs. Based on an LTDF and a chameleon ABO-TDF, we presented a black-box construction, free of one-time signature, of variant of the CCA secure PKE proposed by Peikert and Waters.

Yunlei Zhao

DOI: https://doi.org/10.1016/j.tcs.2021.11.014

IF: 1.002

2021-01-01

Theoretical Computer Science

Abstract:After two decades of research on signcryption, recently a new cryptographic primitive, named higncryption, was proposed at ACM CCS'16. Higncryption can be viewed as privacy-enhanced signcryption, which integrates public key encryption, digital signature and identity concealment (which is not achieved in signcryption) into a monolithic primitive. Here, identity concealment means that the transcript of protocol runs should not leak participants' identity information. In this work, we propose the first identity-based higncryption (IBHigncryption, for short). We present the formal security model for IBHigncryption, under which security proof of the proposed scheme is conducted. The most impressive feature of IBHigncryption, besides other desirable properties it offers, is its simplicity and efficiency, which might be somewhat surprising in retrospect. Our IBHigncryption has a much simpler setup stage with smaller public parameters and particularly no need of computing master public key. It is essentially as efficient as (if not more than) the fundamental CCA-secure Boneh-Franklin identity-based encryption scheme [14] , and has significant efficiency advantage over the IEEE 1363.3 standard of identity-based signcryption [8] .

Dong JIAO,Mingchu LI,Cheng GUO,Yan YU,Jinping OU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1307-0136

2014-01-01

Abstract:A hierarchical threshold scheme is used to solve the secret sharing with a hierarchical access structure where participants are partitioned into different levels. In a hierarchical access structure, the participants group is divided into dif-ferent levels based on the privilege, and a certain number of participants from each level are required to recover the secret. In the past hierarchical threshold schemes, participants are partitioned based on a single attribute. But in practice, each par-ticipant always has several attributes, and the group of participants always should be partitioned based on different attri-butes to satisfy the security requirements. Even though hierarchical threshold schemes have been studied extensively in the past years, few of the existing solutions can solve the above problem. A reusable multi-attributes hierarchical threshold scheme based on Tassa’s scheme which uses Birkhoff interpolation, and Mignotte’s scheme which uses Chinese Remainder Theorem, is proposed to solve this problem in this paper.

Yu Chen,Zongyang Zhang,Dongdai Lin,Zhenfu Cao

DOI: https://doi.org/10.1002/sec.827

2016-01-01

Abstract:In this work, we generalize the paradigm of the hash proof system HPS proposed by Cramer and Shoup EUROCRYPT 2002. In the center of our generalization, we lift a subset membership problem to a distribution-distinguishing problem. Our generalized HPS clarifies and encompasses all the known public-key encryption PKE schemes that essentially implement the idea of an HPS. Moreover, besides the existing smoothness property, we introduce an additional property named anonymity for HPS. As a natural application, we consider anonymity for PKE in the presence of key leakage and provide a generic construction of leakage-resilient anonymous PKE from an anonymous HPS. We then extend our generalization to the identity-based setting. Concretely, we generalize the paradigm of the identity-based HPS IB-HPS proposed by Bonehet al. FOCS 2007 and Alwenet al. EUROCRYPT 2010 and introduce anonymity for it. As an interesting application of the anonymous IB-HPS, we consider security for PKE with keyword search PEKS in the presence of token leakage and provide a generic construction of leakage-resilient secure PEKS from leakage-resilient anonymous identity-based encryption, which in turn is based on anonymous IB-HPS. Copyright © 2013 John Wiley & Sons, Ltd.

Rui Shi,Huamin Feng,Yang Yang,Feng Yuan,Yingjiu Li,Hwee Hwa Pang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3280914

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Threshold attribute-based credentials are suitable for decentralized systems such as blockchains as such systems generally assume that authenticity, confidentiality, and availability can still be guaranteed in the presence of a threshold number of dishonest or faulty nodes. Coconut (NDSS'19) was the first selective disclosure attribute-based credentials scheme supporting threshold issuance. However, it does not support threshold tracing of user identities and threshold revocation of user credentials, which is desired for internal governance such as identity management, data auditing, and accountability. The communication and computation complexities of Coconut for verifying credentials are linear in the number of each user's attributes and thus costly. Addressing these issues, we propose a novel efficient threshold attribute-based anonymous credential scheme. While retaining all the features of Coconut, our scheme supports threshold tracing of user identities and threshold revocation of user credentials, and it significantly reduces the computational and communication complexities of credential verification. In addition, we prove that our scheme enjoys strong security features, including anonymity, blindness, traceability, and non-frameability.

computer science, information systems, software engineering