Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Qi XIE,XiuYuan YU,WenHao LIU,DeRen CHEN,GuiLin WANG,JiYi WU

DOI: https://doi.org/10.1360/112011-915

2012-01-01

Scientia Sinica Informationis

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing. In 2011, Juang et al. proposed a first authentication scheme based on proxy signature. The advantage of the scheme is that the user only needs to register on his home service cloud (HSC), and can pass through the authentication of the public cloud with the help of his HSC. However, their scheme has three weaknesses: 1) the users HSC needs to update the users public key in each session to protect the users privacy; 2) HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously; and 3) a secret key should be shared between HSC and visiting cloud. To overcome these weaknesses, a provably secure convertible proxy signcryption for privacy preserving is proposed. Based on this scheme, a novel one-round authentication protocol is proposed, which the user only needs to register on his HSC, and can pass through the authentication of the visiting cloud without the help of his HSC. On the other hand, the proposed protocol can provide some nice properties, such as user privacy protection, non-repudiation, without updating the users public key, and secret key does not have to be shared between HSC and visiting cloud. In addition, the proposed scheme is provably secure in the random oracle model, and is more efficient than Juang et al.s scheme.

Zhenyong Zhang,Peng Cheng,Junfeng Wu,Jiming Chen

DOI: https://doi.org/10.1109/tcst.2020.3019501

IF: 4.8

2020-01-01

IEEE Transactions on Control Systems Technology

Abstract:Recently, the security of state estimation has attracted significant research attention due to the need for trustworthy situation awareness in emerging cyber-physical systems. In this article, we design an encryption-based state estimation (ESE) using partially homomorphically encrypted data. The encryption will enhance the confidentiality not only of data transmitted in the communication network but also critical system information required by the estimator. We adopt a hybrid encryption scheme by jointly using the multiplicatively and additively homomorphic encryption methods. Armed with encryption, ESE is able to conceal comprehensive information (i.e., model parameters, measurements, and estimates) aggregated at the estimator while retaining the correctness of the normal state estimation. Therefore, even if an attacker has gained unauthorized access to the estimator and associated communication channels, he/she will not be able to obtain sufficient knowledge of the system state to guide the attack. Furthermore, due to the encryption-induced quantization error, we give a sufficient stability condition for ESE. Finally, we implement ESE with real-world hardware to illustrate its effectiveness and efficiency.

Zhiyuan Liu,Xiaofei Wang,Guohua Cui,Jun Li

DOI: https://doi.org/10.13245/j.hust.2008.01.018

2008-01-01

Abstract:Technology of RSA (Ron Rivest, AdiShamir and Leonard Adleman) signcrypt was discussed. On the basis of universal padding from Coron's method, a new hybrid signcryption scheme using RSA was proposed. Assuming the intractability of RSA problem, the scheme was provably secure under the random oracle model. The simulation indicated that this scheme could signcrypt the message of any length and provide the non-repudiation in a simple manner, and its communication overload was only one RSA modular length. The scheme exceeds the traditional signature to encryption scheme in the bandwidth of message recovery.

Ting-Chieh Ho,Yuh-Min Tseng,Sen-Shan Huang

DOI: https://doi.org/10.15388/24-infor546

2024-03-08

Informatica

Abstract:Signcryption integrates both signature and encryption schemes into single scheme to ensure both content unforgeability (authentication) and message confidentiality while reducing computational complexity. Typically, both signers (senders) and decrypters (receivers) in a signcryption scheme belong to the same public-key systems. When signers and decrypters in a signcryption scheme belong to heterogeneous public-key systems, this scheme is called a hybrid signcryption scheme which provides more elastic usage than typical signcryption schemes. In recent years, a new kind of attack, named side-channel attack, allows adversaries to learn a portion of the secret keys used in cryptographic algorithms. To resist such an attack, leakage-resilient cryptography has been widely discussed and studied while a large number of leakage-resilient schemes have been proposed. Also, numerous hybrid signcryption schemes under heterogeneous public-key systems were proposed, but none of them possesses leakage-resilient property. In this paper, we propose the first hybrid signcryption scheme with leakage resilience, called leakage-resilient hybrid signcryption scheme, in heterogeneous public-key systems (LR-HSC-HPKS). Security proofs are demonstrated to show that the proposed scheme provides both authentication and confidentiality against two types of adversaries in heterogeneous public-key systems.

computer science, information systems,mathematics, applied

Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.4103/0256-4602.62781

2010-01-01

Abstract:A convertible authenticated encryption scheme allows a designated recipient to retrieve an authenticated ciphertext and convert the authenticated ciphertext into an ordinary signature. Recently, Lee, Hwang, and Tzeng proposed a new convertible authenticated encryption scheme based on the ElGamal cryptosystem. In this paper, we show that the Lee-Hwang-Tzeng scheme is not secure against chosen plaintext attacks. In addition, we give a solution to repair it.

Shuang Hu,Renjun Zhang,Fuqun Wang,Kefei Chen,Bin Lian,Gongliang Chen

DOI: https://doi.org/10.1016/j.jisa.2022.103371

IF: 4.96

2022-01-01

Journal of Information Security and Applications

Abstract:Sanitizable signcryption adds sanitization functionality to signcryption, such that a delegated sanitizer can modify a signcryptext and still derive a valid signcryptext without cooperation of the original sender. Sanitizable signcryption is useful for data sharing with authentication and access control. Existing sanitizable signcryption scheme cannot achieve public verifiability, which can prevent malicious senders or sanitizers from cheating the receivers. In order to realize public verifiability, we propose a new composition method called "Encrypt-then-Commit-then-Sign (EtCtS)". In particular, our method carefully embeds a key-exposure free chameleon hash function (also known as trapdoor commitment) between encryption and signing operations. Accordingly, we convert the sanitization operation into finding collisions in the key-exposure free chameleon hash function using the trapdoor key, and after sanitization the plaintext is still confidential to the sanitizer. Based on the EtCtS method, we construct the first sanitizable signcryption scheme that is public verifiable. We give a rigorous security proof of our scheme in the random oracle model. We also provide an implementation of our scheme for performance analysis.

Jean Belo Klamti,M. Anwar Hasan

DOI: https://doi.org/10.48550/arXiv.2112.07130

2023-03-21

Abstract:A key encapsulation mechanism (KEM) that takes as input an arbitrary string, i.e., a tag, is known as tag-KEM, while a scheme that combines signature and encryption is called signcryption. In this paper, we present a code-based signcryption tag-KEM scheme. We utilize a code-based signature and an IND-CCA2 (adaptive chosen ciphertext attack) secure version of McEliece's encryption scheme. The proposed scheme uses an equivalent subcode as a public code for the receiver, making the NPcompleteness of the subcode equivalence problem to be one of our main security assumptions. We then base the signcryption tag-KEM to design a code-based hybrid signcryption scheme. A hybrid scheme deploys asymmetric- as well as symmetric-key encryption. We give security analyses of both our schemes in the standard model and prove that they are secure against IND-CCA2 (indistinguishability under adaptive chosen ciphertext attack) and SUF-CMA (strong existential unforgeability under chosen message attack).

Cryptography and Security,Information Theory,Number Theory

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.

XIA Qi,XU Chun-xiang

2009-01-01

Abstract:The security of Yang et al. verifiably encrypted signature schemes is analyzed.Although the scheme is proved security in the standard model,it is vulnerable to key substitution attack in a multi-user setting,where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users.A concrete instance of fair exchange of digital signature protocol is given to show that this kind attack can breach the fairness when they are used in fair exchange in a multi-user setting.

Insaf Ullah,Noor Ul Amin,Junaid Khan,Muhammad Rehan,Muhammad Naeem,Hizbullah Khattak,Shah Jahan Khattak,Haseen Ali

DOI: https://doi.org/10.3390/math7080686

IF: 2.4

2019-01-01

Mathematics

Abstract:Rivest, Shamir, & Adleman (RSA), bilinear pairing, and elliptic curve are well-known techniques/algorithms for security protocols. These techniques suffer from higher computation and communication costs due to increased sizes of parameters, public keys, and certificates. Hyper-elliptic curve has lower parameter size, public key size, and certificate size. The aim of the proposed work is to reduce the computational cost and communication cost. Furthermore, we validate the security properties of our proposed scheme by using the well-known simulation tool called automated validation of Internet security protocols and applications. Our approach ensures security properties such as resistance against replay attack, confidentiality, authenticity, unforgeability, integrity, non-repudiation, public verifiability, and forward secrecy.

Mingping Qi,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1002/sat.1279

2019-01-01

Abstract:AbstractSummaryRecently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.This paper demonstrates that Liu et al's scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, and then presents a new scheme. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience. View Figure

Muath Obaidat,Joseph Brown,Suhaib Obeidat,Majdi Rawashdeh

DOI: https://doi.org/10.3390/s20154212

2020-07-29

Abstract:A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client-server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client-server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

Qiwei Lu,Wenchao Huang,Xudong Gong,Xingfu Wang,Yan Xiong,Fuyou Miao

DOI: https://doi.org/10.48550/arXiv.1307.2977

2013-07-11

Abstract:With the rapid development of MANET, secure and practical authentication is becoming increasingly important. The existing works perform the research from two aspects, i.e., (a)secure key division and distributed storage, (b)secure distributed authentication. But there still exist several unsolved problems. Specifically, it may suffer from cheating problems and fault authentication attack, which can result in authentication failure and DoS attack towards authentication service. Besides, most existing schemes are not with satisfactory efficiency due to exponential arithmetic based on Shamir's scheme. In this paper, we explore the property of verifiable secret sharing(VSS) schemes with Chinese Remainder Theorem (CRT), then propose a secret key distributed storage scheme based on CRT-VSS and trusted computing for MANET. Specifically, we utilize trusted computing technology to solve two existing cheating problems in secret sharing area before. After that, we do the analysis of homomorphism property with CRT-VSS and design the corresponding shares-product sharing scheme with better concision. On such basis, a secure distributed Elliptic Curve-Digital Signature Standard signature (ECC-DSS) authentication scheme based on CRT-VSS scheme and trusted computing is proposed. Furthermore, as an important property of authentication scheme, we discuss the refreshing property of CRT-VSS and do thorough comparisons with Shamir's scheme. Finally, we provide formal guarantees towards our schemes proposed in this paper.

Cryptography and Security

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.3772/j.issn.1006-6748.2011.02.013

2011-01-01

Abstract:As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al.'s scheme, Gorantla, et al.'s scheme and Ming, et al.'s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting. © by HIGH TECHNOLOGY LETTERS PRESS.

Shi-Feng Sun,Dawu Gu,Udaya Parampalli,Yu,Baodong Qin

DOI: https://doi.org/10.1016/j.jcss.2017.03.004

IF: 1.043

2017-01-01

Journal of Computer and System Sciences

Abstract:In this work, we investigate how to protect public key encryption from both key-leakage attacks and tampering attacks. First, we formalize the notions of chosen ciphertext (CCA) security against key-leakage and tampering attacks. To this goal, we then introduce the concept of key-homomorphic hash proof systems and present a generic construction of public key encryption based on this new primitive. Our construction, compared with previous works, realizes leakage-resilience and tampering-resilience simultaneously but completely independently, so it can tolerate a larger amount of bounded-memory leakage and be instantiated with more flexibility. Moreover, it allows for an unbounded number of affine-tampering queries, even after the challenge phase. With slight adaptations, our construction also achieves CCA security against subexponentially hard auxiliary-input leakage attacks and a polynomial of affine-tampering attacks. Thus, to the best of our knowledge, we get the first public key encryption scheme secure against both auxiliary-input leakage attacks and tampering attacks.

Hu Xiong,Qiang Wang,Jianfei Sun

DOI: https://doi.org/10.1016/j.ipl.2017.07.008

IF: 0.851

2017-01-01

Information Processing Letters

Abstract:Attribute-based encryption (ABE) with outsourced decryption not only allows fine-grained and versatile sharing of encrypted data, but also largely mitigates the decryption overhead and the ciphertext size in the standard ABE schemes. Very recently, Xu et al. (2016) [3] proposed a hybrid ciphertext-policy ABE with verifiable outsourced decryption in which the authors claimed that the correctness of the outsourced decryption can be verified by the user. Unfortunately, after carefully revisiting the scheme, we found that Xu et al.'s scheme is not secure against forgery attack, hence, a security vulnerability appears. Our proposed attack demonstrates that anyone can forge or tamper a valid ciphertext with a different message to replace the original ciphertext the user intends to decrypt.

Yusuke Naito,Kazuki Yoneyama,Lei Wang,Kazuo Ohta

DOI: https://doi.org/10.1007/978-3-642-24316-5_20

2011-01-01

Abstract:In this paper, we clarify the security of practical cryptosystems with hash functions based on key derivation functions (KDFs). We use the indifferentiability framework in order to discuss the security because the indifferentiability from Random Oracle (and its variants) guarantees that cryptosystems remain secure even if Random Oracles (ROs) are instantiated with hash functions. Though previous works on the indifferentiability of Merkle-Damgard (MD) hash functions focus on stand-alone hash functions, there is no work which focuses on MD hash functions with KDFs. Many cryptosystems need longer output lengths of hash functions than stand-alone hash functions and KDFs are used to generate longer digests as specified in PKCS #1 v2.1 and IEEE P1363. Specifically, we obtain the following results. We denote the MD hash function using Stam's type-II compression function by MD-SCFII and MD-SCFII with KDFs by KDF-MD-SCFII.- Cryptosystems secure in the pub-RO model (FDH, PSS, Fiat-Shamir, and so on): Dodis et al. proposed the indifferentiability from pub-RO to prove the security of these cryptosystems using MD-SCFII while did not consider the KDF structures. So we propose a different framework, indifferentiability from privleak-RO. Using this framework and their result, we show that these cryptosystems using KDF-MD-SCFIIs are secure.- Encryption schemes secure in the RO model (OAEP, RSA-KEM, PSEC-KEM, ECIES-KEM and so on): The encryption schemes are secure in the "fixed inputl length" RO model because the input lengths of ROs from the encryption schemes are fixed. We show that this fact guarantees the security of the encryption schemes using KDF-MD-SCFII.

Bo Yang,Yong Yu,Fagen Li,Ying Sun

DOI: https://doi.org/10.1007/978-3-540-73547-2_14

2007-01-01

Abstract:Signcryption is a cryptographic primitive that performs signature and encryption simultaneously. In this paper, we propose an identity based threshold unsigncryption scheme, which is the organic combination of the signcryption scheme, the (t, n) threshold scheme and zero knowledge proof for the equality of two discrete logarithms based on the bilinear map. In this scheme a signcrypted message can be decrypted only when at least t members join an unsigncryption protocol. We also prove its security in a formal model under recently studied computational assumptions and in the random oracle model. Specifically, we prove its semantic security under the hardness of q-Bilinear Diffie-Hellman Inversion problem and its unforgeability under the q-Strong Diffie-Hellamn assumption.

Yuanyuan Zhang,Zhibo Zhai

DOI: https://doi.org/10.1371/journal.pone.0250205

IF: 3.7

2021-01-01

PLoS ONE

Abstract:Satellite communication has played an important part in many different industries because of its advantages of wide coverage, strong disaster tolerance and high flexibility. The security of satellite communication systems has always been the concern of many scholars. Without authentication, user should not obtain his/her required services. Beyond that, the anonymity also needs to be protected during communications. In this study, we design an efficient and provably secure key agreement scheme for satellite communication systems. In each session, we replace user's true identity by a temporary identity, which will be updated for each session, to guarantee the anonymity. Because the only use of lightweight algorithms, our proposed scheme has high performance. Furthermore, the security of the proposed scheme is proved in the real-or-random model and the performance analysis shows that the proposed scheme is more efficient than some other schemes for satellite communication systems.