Hu Xiong,Zhiguang Qin,Fagen Li

2008-01-01

Fundamenta Informaticae

Abstract:In ASIACCS 2007, Liu et al proposed a certificateless signature scheme which is provably secure in the standard model. However, as we will show in this paper, the proposed scheme is insecure against a malicious-but-passive KGC attack. This implies that the malicious-but-passive KGC, which generates system parameters based on the information of the target user, can forge valid signatures for that signer without being detected. Furthermore, we propose an improved scheme that remedies the weakness of Liu et al's scheme. The improved scheme can be proven secure against malicious-but-passive KGC attack in the standard model.

Jerzy Pejaś,Tomasz Hyla,Wojciech Zabierowski

DOI: https://doi.org/10.3390/e25091315

2023-09-09

Abstract:This paper addresses the certificate revocation problem and proposes the first revocable pairing-based signature scheme with implicit and explicit certificates (IE-RCBS-kCAA). We should no longer discuss whether to revoke certificates but how to do it effectively, ensuring both the scalability of the revocation operation and the non-repudiation of the signature in the short or long term. Under the computational difficulty assumptions of the modified collusion attack algorithm with k traitors (k-mCAA) and discrete logarithm (DL) problems, we demonstrate that our scheme is secure against existential unforgeability under chosen message attacks (EUF-IERCBS-kCAA-CMA) in a random oracle model. The proposed solution is scaled and allows the use of many trusted status authorities that issue explicit short-term certificates confirming the validity of explicit long-term certificates. Furthermore, we demonstrate that our signature scheme has a short-term non-repudiation property for the shell validity model.

Hu Xiong,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1016/j.ins.2010.06.010

IF: 8.1

2013-01-01

Information Sciences

Abstract:Threshold signature is an extension of the standard signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key-escrow problem in the Identity-based (ID-based) cryptography. In this paper, we propose a certificateless threshold signature scheme with concrete implementation which is provably secure in the standard model. Furthermore, this scheme is proven secure against the malicious-but-passive KGC attack. To the best of author's knowledge, this is the first construction of certificateless threshold signature scheme that does not rely on random oracle or ideal ciphers.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Yanan Chen,Weixiang Xu,Hu Xiong

DOI: https://doi.org/10.1007/s12243-015-0461-z

2015-01-01

Abstract:To protect signing rights against the compromise of secret key, the key-insulated signature (KIS) has attracted a lot of attention from the industry and academia. It would be interesting to investigate the notion of KIS in the certificateless public key cryptography (CL-PKC) environment to solve the problem of certificate management and key escrow simultaneously. To capture the seeming neglected attack mounted by the malicious key generation center (KGC), a stronger security model for the CL-PKC should be considered. In this paper, we first show that the only known CL-KIS scheme is vulnerable against malicious KGC attack, and then propose the first CL-KIS scheme secure against malicious KGC attack, with security proof in the standard model.

Chenhuang Wu,Hui Huang,Kun Zhou,Chunxiang Xu

DOI: https://doi.org/10.23919/jcc.2021.01.013

2021-01-01

China Communications

Abstract:Digital signature, as an important cryptographic primitive, has been widely used in many application scenarios, such as e-commerce, authentication, cloud computing, and so on. Certificateless Public Key Cryptography (PKC) can get rid of the certificate management problem in the traditional Public Key Infrastructure (PKI) and eliminate the key-escrow problem in the identity-based PKC. Lately, a new Certificateless Signature (CLS) scheme has been proposed by Kyung-Ah Shim (IEEE SYSTEMS JOURNAL, 2018, 13(2)), which claimed to achieve provable security in the standard model. Unfortunately, we present a concrete attack to demonstrate that the scheme cannot defend against the Type I adversary. In this type of attack, the adversary can replace the public key of the signer, and then he plays the role of the signer to forge a legal certificateless signature on any message. Furthermore, we give an improved CLS scheme to resist such an attack. In terms of the efficiency and the signature length, the improved CLS is preferable to the original scheme and some recently proposed CLS schemes in the case of precomputation.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/IJESDF.2014.064409

2014-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.

Bo Yang,Zhao Yang,Nengfei Liu,Shougui Li

DOI: https://doi.org/10.1109/cis.2015.89

2013-01-01

Abstract:Certificate less public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. Proposed a certificate less signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under the random oracle model. He et al. Pointed out that Xiong et al.'s scheme is insecure against the Type II adversary. But, their forged signatures are not random, and their improved scheme has the same security defects as Xiong et al.'s scheme. In this paper, we present two malicious-but-passive KGC attack methods on Xiong et al.'s scheme and our results show that their scheme is insecure against malicious-but-passive KGC attack. We also propose an improved scheme which is secure against the super Type I adversary and super Type II adversary.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/11780656_20

2006-01-01

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we show that the security requirements of their generic building blocks are insufficient to support some security claim stated in their paper. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.1606

2010-01-01

Key Engineering Materials

Abstract:Liu et al. proposed the first certificateless signature scheme without random oracles in 2007. However, Xiong et al. showed that Liu et al.'s scheme is insecure against a malicious-but-passive KGC attack and proposed an improved scheme. In ISA 2009, Yuan et al. also proposed a new certificateless signature scheme without random oracles. Although they claimed that the two schemes are secure in the standard model, this paper shows that both Xiong et al.'s improved scheme and Yuan et al.'s new scheme are vulnerable to key replacement attack, where an adversary, obtaining a signature on a message and replacing the public key of a signer, can forge valid signatures on the same message under the replaced public key. We also give the corresponding modifications of the two schemes to resist key replacement attack.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Qiu Zhang,Yinxia Sun,Yang Lu,Guoqiang Zhang

DOI: https://doi.org/10.1016/j.jisa.2024.103892

IF: 4.96

2024-10-24

Journal of Information Security and Applications

Abstract:Cloud computing has revolutionized in the healthcare industry, particularly in the management and accessibility of Electronic health records (EHR). However, maintaining the integrity and authenticity of EHR in cloud environments remains a crucial concern. To tackle this challenge, certificateless proxy re-signature is a promising cryptographic primitive for developing a practical EHR sharing system in the cloud. User revocation is a necessary issue in such system, but revocation introduces a new challenge, namely the continued validity of signatures from revoked users. A conventional method to solve this problem is to make the unrevoked users re-sign those valid EHR by using their current signing keys, which brings a lot of burden to the users. Therefore, we should establish an efficient mechanism to ensure that only signatures of valid data from non-revoked users can pass verification. In this paper, we propose a notion called revocable certificateless proxy re-signature with signature evolution (RCLPRS-SE), which allows for dynamic management of users and the ability to update signatures efficiently in accordance with evolving data requirements. We present a concrete construction of RCLPRS-SE and provide formal security proofs in the standard model. Compared with the existing related works, our scheme has a significant advantage in terms of signature updating efficiency.

computer science, information systems

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Liangliang Wang,Kefei Chen,Yu Long,Xianping Mao,Huige Wang

DOI: https://doi.org/10.1109/INCoS.2015.10

2015-01-01

Abstract:Certificateless public key cryptography was proposed to solve the key escrow problem in identity-based public key cryptography. Namely, a user's full private key must be comprised of a partial private key which is provided by the key generation center and a secret value which is chosen by the user. Thus the key generation center can no longer acquire each user's full private key by itself. In 2014, Yeh et al. proposed an efficient certificateless public key signature scheme without bilinear pairings. They also showed their scheme is secure against super adversary under the hardness of breaking discrete logarithm problem in the random model. In this paper, we modify Yeh et al.'s scheme to obtain a new scheme which is more practical than theirs. And our modified scheme can achieve the same security level as Yeh et al.'s scheme under the hardness of breaking discrete logarithm problem in the random model.

Man Ho Au,Jing Chen,Joseph K. Liu,Yi Mu,Duncan S. Wong,Guomin Yang

DOI: https://doi.org/10.1145/1229285.1266997

2006-01-01

Abstract:ABSTRACTIdentity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

Liangliang Wang,Mi Wen,Kefei Chen,Zhongqin Bi,Yu Long

DOI: https://doi.org/10.1007/978-3-319-69471-9_19

2017-01-01

Abstract:Through the application of certificateless signature, certificate management in traditional signatures can be simplified. Furthermore, the key escrow problem in identity-based signatures can be solved as well. As history has shown, there has not been a general pairing-free certificateless signature scheme which is mainly designed with modular exponentiation and modular multiplication that can possess resistance to Type I and Type II adversaries so far. Therefore, a new hard mathematic problem is firstly defined in this paper, which is called variant of RSA problem. In the next step, a new general pairing-free certificateless signature scheme is proposed based on the newly defined variant of RSA problem and the well known discrete logarithm problem. Fortunately, the proposed scheme is also the first RSA-based certificateless signature scheme that can possess resistance to Type I and Type II adversaries. In addition, a formal security proof is provided to demonstrate that, under adaptively chosen message attacks, the proposed scheme is provably secure against Type I and Type II adversaries in the random oracle model. When compared with other known pairing-free certificateless signature schemes of the same type, the computation cost of our scheme is slightly higher, however, a higher security level can be achieved.

Lunzhi Deng Lunzhi Deng,Zhenyu Hu Lunzhi Deng,Yu Ruan Zhenyu Hu,Tao Wang Yu Ruan

DOI: https://doi.org/10.53106/160792642022032302008

2022-03-01

網際網路技術學刊

Abstract:Proxy signature frees the original signer from the heavy signature work. Many certificateless proxy signature (CLPS) schemes have been proposed in the last ten years. The security proofs of most known schemes are given in the random oracle model (ROM). There are only two CLPS schemes with provably security in the standard model (SM). However, in which the size of the system parameter increase linearly with the size of the user’s identity information. That increase the storage burden of the key generation center. In this paper, a new CLPS scheme is constructed and the security proofs are showed in SM. The size of system parameters and the master key are constant in the scheme. Requiring only three pairing operations, the new scheme is more efficient and suitable for mobile computing.  

Chengyu Ma,Nan Hu,Yingjiu Li

2006-01-01

Abstract:Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this aspect has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real empirical data from VeriSign and derive the probability function for certificate revocation requests. We then prove that a revocation system will become stable after a period of time. Based on these, we show that different certificate authorities should take different strategies for releasing certificate revocation lists for different types of certificate services. We also provide the exact steps by which certificate authorities can derive optimal releasing strategies.

M. Au,Junbin Liang,Liantao Lan,Qiong Huang,Jianye Huang

DOI: https://doi.org/10.3390/info14030160

2023-03-02

Abstract:A ring signature (RS) scheme enables a group member to sign messages on behalf of its group without revealing the definite signer identify, but this also leads to the abuse of anonymity by malicious signers, which can be prevented by traceable ring signatures (TRS). Up until that point, traceable ring signatures have been secure based on the difficult problem of number-theoretic (discrete logarithms or RSA), but since the advent of quantum computers, traditional traceable ring signatures may no longer be secure. Thus Feng proposed a lattice based TRS, which are resistant to attacks by quantum computers. However, that works did not tackle the certificate management problem. To close this gap, a quantum-resistant certificateless TRS scheme was proposed in the study. To the best of our knowledge, this is the first lattice based certificateless TRS. In detail, a specific TRS scheme was combined with the lattice-based certificateless signature technology to solve the certificate management problem while avoid key escrow problem. Additionally, a better zero-knowledge protocol is used to improve the computational efficiency of the scheme, and by reducing the soundness error of the zero-knowledge protocol, the number of runs of the zero-knowledge protocol is reduced, so that the communication overhead of the scheme is reduced. Under random oracle model, the proposed scheme satisfies tag-linkability, anonymity, exculpability and is secure based on the SIS problem and the DLWE problem. In conclusion, the proposed scheme is more practical and promising in e-voting.

Mathematics,Computer Science

Debiao He,Baojun Huang,Jianhua Chen

DOI: https://doi.org/10.1049/iet-ifs.2012.0176

2013-01-01

IET Information Security

Abstract:The certificateless public key cryptography has attracted wide attention since it could solve the certificate management problem in the traditional public key cryptography and the key escrow problem in the identity-based public key cryptography. Recently, several certificateless short signature schemes, which could satisfy the requirement of low-bandwidth communication environments, have been proposed. However, most of them are not secure against either the Type I adversary or the Type II adversary. In this study, the authors propose a new efficient certificateless short signature scheme. The analysis shows the authors' scheme has better performance than the related schemes and is secure against both of the super Type I and the super Type II adversaries.