LONG Yu,CHEN Ke-Fei,HONG Xuan

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.09.023

2006-01-01

Chinese Journal of Computers

Abstract:This paper proposes a fully secure identity-based threshold decryption scheme IBThDec and reduces its security to the quadruple Decision Bilinear Diffie-Hellman problem. The formal security proof of this scheme is provided in the random oracle model. Additionally, the authors show that IB-ThDec can be used to certificateless public key cryptosystem and the identitybased dynamic threshold decryption system.

Yu Long,Kefei Chen

2006-01-01

Abstract:The first dynamic threshold decryption scheme from pairing is presented. It is secure in groups equipped with a bilinear map, and caters to some important requirements in real application; including the needs to renew the master key, or to add/remove or update a decryption sever, without leaking any information on the master key and changing other decryption servers’ secret keys.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.15388/informatica.2006.152

2006-01-01

Informatica

Abstract:This paper proposes a threshold key escrow scheme from pairing. It tolerates the passive adversary to access any internal data of corrupted key escrow agents and the active adversary that can make corrupted servers to deviate from the protocol. The scheme is secure against threshold adaptive chosen-ciphertext attack. The formal proof of security is presented in the random oracle model, assuming the decision Bilinear Diffie-Hellman problem is computationally hard.

Yu Long,Kefei Chen,Shengli Liu

DOI: https://doi.org/10.1016/j.compeleceng.2006.11.003

IF: 4.152

2007-01-01

Computers & Electrical Engineering

Abstract:This paper proposes an identity-based threshold decryption scheme IB-ThDec and reduces its security to the Bilinear Diffie–Hellman problem. Compared with previous work, this conceals two pairing computations in the ciphertext validity verification procedure. The formal proof of security of this scheme is provided in the random oracle model. Additionally, we show that IB-ThDec can be applied to the threshold key escrow and the mediated cryptosystems.

Fei Li,Wei Gao,Yilei Wang,Xueli Wang

DOI: https://doi.org/10.4304/jcp.7.12.2987-2996

2012-01-01

Journal of Computers

Abstract:As the combination of certificateless encryption and threshold cryptography, the certificateless threshold decryption (CLTD) scheme can avoid both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. This paper presents a CLTD schemes from pairings. We use the Shamir secret sharing method to indirectly split the private keys in the group G into the shares in the finite field Zq. Our CLTD scheme succeed in involving much less pairing computation for generating or verifying decryption shares. The decryption share supports short length, fast generation and batch verification. Sharing the private key is completed by its holder himself without needing help from KGC. The security proof is provided in the random oracle model.

Yu Long,Zheng Gong,Kefei Chen,Shengli Liu

2009-01-01

Abstract:This paper proposes an identity-based threshold key escrow scheme. The scheme is secure against identity-based threshold chosen-plaintext attack. It tolerates the passive adversary to access data of corrupted key escrow agency servers and the active adversary that can modify corrupted servers’ keys. The formal proof of security is presented in the random oracle model, assuming the Bilinear Di‐e-Hellman problem is computationally hard.

Fēi Li,Wei Gao,Guilin Wang,Kefei Chen,Xueli Wang

DOI: https://doi.org/10.1504/ijipt.2014.066373

2014-01-01

International Journal of Internet Protocol Technology

Abstract:We propose a new identity-based threshold signature (IBTHS) scheme from bilinear pairings enjoying the following advantages in efficiency, security and functionality. The round-complexity of the threshold signing protocol is optimal since each party pays no other communication cost except broadcasting one single message. The computational complexity of the threshold signing procedure is considerably low since there appears no other time-consuming pairing except two pairings for verifying each signature shares. The communication channel requirement of the threshold signing procedure is the lowest since the broadcast channel among signers is enough. It is provably secure with optimal resilience in the standard model. It is the private key associated with an identity rather than a private key of the private key generator (PKG) that is shared among signature generation servers.

Fagen Li,Juntao Gao,Yupu Hu

DOI: https://doi.org/10.1007/11599548_21

2005-01-01

Abstract:An identity-based threshold unsigncryption scheme is proposed, which is the integration of the signcryption scheme, the (t,n) threshold scheme and zero knowledge proof for the equality of two discrete logarithms based on the bilinear map. In this scheme, a signcrypted message is decrypted only when more than t members join an unsigncryption protocol and the signature can be verified by any third party. A formal proof of security of this scheme is provided in the random oracle model, assuming the Decisional Bilinear Diffie-Hellman problem is computationally hard.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2007.06.014

IF: 8.1

2007-01-01

Information Sciences

Abstract:This paper proposes the first certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. The scheme is secure against threshold chosen-ciphertext attack. It tolerates the Type I adversary that can replace public key and the Type II adversary that has access to the system's master key. The formal proof of security is presented in the random oracle model, assuming some underlying problems closely related to the Bilinear Diffie-Hellman Problem are computationally hard.

Xiujie Zhang,Chunxiang Xu,Wenzheng Zhang

DOI: https://doi.org/10.1109/EIDWT.2013.76

2013-01-01

Abstract:Threshold Public Key Encryption allows a set of servers to decrypt a cipher text if a given threshold of authorized servers cooperate. Forward security allows one to mitigate the damage caused by exposure of secret keys. Forward-secure public encryptions are used to the threshold setting, this model guarantees that even if an adversary have broken into more than t distinct servers(for some i), messages encrypted during all time periods prior to i remain secret. In this paper, we present the first probably secure (non-interactive) forward-secure threshold public-key encryption scheme against chosen-cipher text attacks in the random oracle model. The encryption and update operations are very efficient when compared with the scheme presented by Libert et al. A formal definition, as well as a detailed analysis of the security performance of this scheme, is presented. The security of this scheme is based on the Computational Bilinear Diffie Hellman assumption, which leads to a unique approach to prove security in the random oracle model. Furthermore, in our model, the servers update their keys individually and asynchronously, without any communication between them.

Yu Long,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2009.12.008

IF: 8.1

2010-01-01

Information Sciences

Abstract:As a practical extension of our previous work on certificateless threshold cryptosystem, this paper proposes the first direct certificateless threshold key encapsulation mechanism that inherits the same trust level of the original scheme and removes the length limitation of a traditional public key encryption. Security against threshold chosen-ciphertext attacks are proved in a random oracle model under a new assumption. It tolerates the Type I adversary that can replace public keys and the Type II adversary that has access to the system’s master key. The implied encapsulation scheme is very efficient when compared to the most efficient schemes in a traditional public key cryptosystem, and it is slightly more efficient in terms of key length and encapsulation speed when compared to the identity-based cryptosystems that have the same ciphertext overhead. Finally, we describe several potential modifications of our scheme.

Chenchen Zhang,Yuan Luo,Guangtao Xue

DOI: https://doi.org/10.1016/j.ins.2016.05.008

IF: 8.1

2016-01-01

Information Sciences

Abstract:There have been many ways to construct a threshold cryptosystem. Most often they are constructed by combining original public encryption schemes with some methods such as Shamir's secret sharing. In this paper a new threshold cryptosystem based on RSA is presented, which is constructed by several RSA instances with chosen moduli and private keys. In fact, by computing the common private keys of some individual RSA instances and modifying the moduli, we combine those RSA instances and get a new threshold cryptosystem (hereinafter called combined RSA for simplification). First, it is proved that this system has similar security properties to the CRT-based (Chinese remainder theorem) threshold RSA while being convenient to implement, i.e., it only needs modular multiplication once to encrypt or decrypt respectively. Although the new system has the same security strength as the CRT-based RSA theoretically, it will provide fewer opportunities for adversaries in practical applications as there is only one step for encryption or decryption. Second, for complexity, as plain RSA is efficient, the combined RSA is also practical in computation. Therefore, if a plain RSA user wants to develop threshold decryption or threshold signature more conveniently and more securely, the combined RSA would be suitable. Finally, an application of the combined RSA is provided in this paper to realize distributed data access control with collusion-resistance.

Fagen Li,Xiangjun Xin,Yupu Hu

DOI: https://doi.org/10.1504/IJSN.2008.020095

2008-01-01

Abstract:A (t, n) threshold proxy signcryption scheme allows t or more proxy signcrypters from a designated group of n proxy signcrypters to signcrypt messages on behalf of an original signcrypter. In this paper, a new identity-based threshold proxy signcryption scheme from bilinear pairings is proposed. Our construction is based on Baek and Zheng's pairing-based verifiable secret sharing scheme and Libert and Quisquater's identity-based signcryption scheme. As compared to Wang and Liu's identity-based threshold proxy signcryption scheme, our scheme is more secure and efficient.

Chao Wang,Yunpeng Han,Fagen Li

DOI: https://doi.org/10.1109/EBISS.2009.5138069

2009-01-01

Abstract:In a (t, n) threshold proxy signature scheme, which is a variant of the proxy signature scheme, the proxy signature key is shared among a group of n proxy signers delegated by the original signer. Any t or more proxy signers can cooperatively sign messages on behalf of the original signer. Recently, Qian et. al. proposed a pairing-based threshold proxy signature scheme. However, we show that their scheme suffers from the forgery attack. That is, an adversary can forge a valid threshold proxy signature on any messages. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or message verifiers, which might violate the original signer's intent. In this paper, we propose an improved scheme that overcomes the above weaknesses.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ETCS.2010.437

2010-01-01

Abstract:User authentication is very important mechanism in computer network systems for preventing unauthorized network access. In recent years, the bilinear pairings have been found to be very useful in various applications in cryptography and have allowed us to construct new cryptographic primitives. In 2006, Das et al. proposed an identity-based remote user authentication scheme with smart cards using bilinear pairings. Unfortunately, their scheme is insecure against forgery attack. In this paper, we propose a (t, n) threshold distributed authentication scheme using the bilinear pairings with smart cards which needs at least t authentication servers to collaboratively authenticate the remote user. Our scheme makes some improvements from Das's scheme and is expanded to a multi-server environment in distributed networks. Based on the Computational Diffie-Hellman Problem, we show that the proposed scheme is secure against forgery attack and identity attack under the random oracle model.

Qian Haifeng,Cao Zhenfu,Xue Qingshui

DOI: https://doi.org/10.1360/03yf0514

2004-01-01

Science in China Series F Information Sciences

Abstract:Based on the GDH signature (short signature scheme) a probabilistic signature scheme is proposed in this paper with security proof. Then a new threshold proxy signature from bilinear pairings is proposed as well by using the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy to solve). Our constructions are based on the recently proposed GDH signature scheme of Bonel et al.’s article. Bilinear pairings could be built from Weil pairing or Tate pairing. So most our constructions would be simpler, but still with high security. The proposed threshold proxy signature is the first one which is built from bilinear pairings. At the end of this paper security and performance of the threshold proxy signature scheme is also analyzed.

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.

Mei Qi-xiang,He Da-ke,Yu Zheng

2006-01-01

Abstract:In Eurocrypt 2004, Canetti, Halevi and Katz proposed a method for constructing Chosen Ciphertext secure ( ie., CCA secure) public key encryption from any Selective-ID secure ID-Based Encryption (IBE). However, this method needs one time signature and thus adds noticeable overhead to the underling scheme. In this paper, a new CCA secure public key cryptosystem is constructed from the Adaptive-ID secure IBE scheme proposed by Waters. Here, the "identity" is the hash of the first two parts of the ciphertext, and the bilinear map is used to test the ciphertext validity. The proposal is much more efficient than those obtained from the general CHK. method. The security of the new scheme is proved under the standard Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Hao-Miao Yang,Chun-Xiang Xu,Hong-Tian Zhao

DOI: https://doi.org/10.1109/IMCCC.2011.227

2011-01-01

Abstract:The notion of Public Key Encryption with Keyword Search (PEKS), which enables one to search encrypted data in public key setting, was firstly suggested by Boneh et al. in 2004. So far most of presented PEKS schemes were constructed based on bilinear pairing. However, PEKS schemes based on pairing are susceptible to off-line keyword guessing attacks. In ICCSA 2006, Khader proposed a PEKS scheme not using pairing. In this paper, we show that Khader' scheme do not satisfy the consistency which is necessary for a PEKS scheme to fulfill its functionality. Then, we propose a variant of Khader scheme which is not only computationally consistent but also greatly improves efficiency.

Hu Xiong,Zhiguang Qin,Fagen Li,Jing Jin

DOI: https://doi.org/10.1109/ICCCAS.2008.4657818

2008-01-01

Abstract:Identity-based(ID-based) threshold ring signature has rapidly emerged in recent years and many schemes have been proposed until now. However, most of these ID-based threshold ring signatures are constructed from bilinear pairings, a powerful but computationally expensive primitive. Hence, ID-based threshold ring signature without pairing is of great interest in the field of cryptography. In this paper, we propose an ID-based threshold ring signature scheme without pairings. The proposed scheme is proven to be existential unforgeable against adaptive chosen message-and-identity attack under the random oracle model, assuming the hardness of factoring. ©2008 IEEE.