Jianhong Zhang,Yuehai Wang

2019-01-01

Abstract:.As a significant cryptographical primitive, proxy re-signature(PRS) technique is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits that a proxy translates an entity’s signature into the other entity’s signature on the identical data. Recently, to discard time-consuming pairing operator and intricate certificate-maintenance, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analysing their security, i.e., anyone can fabricate a signature on arbitrary file. After the relevant attacks are shown, the reasons which result in such attacks is analyzed. Finally, we discuss the corresponding improved method. Key–Words: ID-based PRS, integer factorization problem, universal forgeability, security attack

Yang, Xiaodong,Wei, Lizhen,Li, Songyu,Wang, Caifen

DOI: https://doi.org/10.1007/s12083-024-01769-w

IF: 3.488

2024-07-26

Peer-to-Peer Networking and Applications

Abstract:To enhance the security of medical data, the government and healthcare institutions must collect and analyze vast amounts of information, enabling the prompt detection of irregular patterns and timely issuance of accurate warnings. This is crucial for preventing and containing potential threats to medical data security. However, securely sharing and converting these data poses a significant challenge, particularly in open wireless access networks within healthcare settings. Proxy re-signature (PRS) offers not only signature conversion capabilities but also anonymity, safeguarding data reliability and authenticity. Nonetheless, current proxy re-signature techniques overlook the potential for algorithm substitution attacks (ASA). Therefore, we introduce a novel proxy re-signature scheme, leveraging cryptographic reverse firewall (CRF) technology, tailored specifically for the medical domain. Furthermore, we conducted rigorous security analysis and simulation experiments to validate the practical effectiveness of our scheme. This approach addresses the need for secure data sharing among various entities, including medical institutions, management centers, and research facilities, ensuring the integrity and confidentiality of critical medical information.

computer science, information systems,telecommunications

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Ping Zhou,Tao Wang,Fan Zhang,Xinjie Zhao

DOI: https://doi.org/10.13245/j.hust.180305

2018-01-01

Abstract:Previous flush-reload cache attacks cannot be directly adopted to SM2 digital signature algorithm.In this paper,an improved method for selecting the monitored address in flush-reload cache attacks on SM2 was proposed.By taking advantage of multiple cache accesses caused by function callings, the cache lines which contain call instructions were selected to be the monitored addresses in order to increase the accuracy.The experimental results show that the proposed method makes the flush-reload attack on SM2 feasible and effective.The 256 bit scalark can be recovered with a bit errors rate as only 1.09％ by the side channel information of a single signing.The full private key can be recovered with a success rate as 59％ through 64 times exhaustive research.

Congge Xie,Jian Weng,Dehua Zhou

DOI: https://doi.org/10.1016/j.ins.2022.02.027

IF: 8.1

2022-05-01

Information Sciences

Abstract:Fully homomorphic signature schemes in identity-based settings can provide authenticity, homomorphism, and non-repudiation as do traditional digital signatures, while simplifying the public key infrastructure (PKI) requirements, in which each user in the system can use his or her identity as a public key. As identity-based systems (IBS) have a natural link between unique identity information and the user, allowing user revocation is usually more difficult in IBS than in PKI settings. Although several revocable identity-based fully homomorphic signature (RIBFHS) schemes have been proposed, these schemes are vulnerable to signing key exposure. With this study, we are the first to consider a realistic threat signing key exposure in RIBFHS systems. In addition, we introduce a new security definition of RIBFHS with signing key exposure resistance. Then, we employ Agrawal’s left–right lattices and delegation technology in fixed dimensions to construct a new RIBFHS scheme over the lattice with regularly broadcasted update keys, which not only resists signing key exposure, but also meets scalability and context hiding properties. Finally, we prove that our construction is existentially unforgeable against chosen message attacks under the standard short integer solution (SIS) assumption in the random oracle model.

computer science, information systems

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Zongyang Zhang,Yu Chen,Sherman S. M. Chow,Goichiro Hanaoka,Zhenfu Cao,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-319-26059-4_24

2015-01-01

Abstract:A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle RO model. The work of Fischlin and Fleischhacker Eurocrypt﾿'13 investigated the case of Schnorr signature and generally, Fiat-Shamir signatures and showed the reliance of RO model is inherent. We generalize their results to a large class of \"malleable\" hash-and-sign signatures, where one can efficiently \"maul\"any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys. We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a one-more cryptographic problem depending on the signature instantiation. Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers $$\\Gamma $$-signature Yao and Zhao, IEEE Transactions on Information Forensics and Security﾿'13, and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

Andrew C. Yao,Yunlei Zhao

2012-01-01

Abstract:Digital signature is one of the basic primitives in cryptography. A common paradigm of obtaining signatures, known as the Fiat-Shamir (FS) paradigm, is to collapse any Σ-protocol (which is 3-round public-coin honest-verifier zero-knowledge) into a non-interactive scheme with hash functions that are modeled to be random oracles (RO). The Digital Signature Standard (DSS) and Schnorr’s signature schemes are two salient examples following the FS-paradigm. In this work, we present a modified Fiat-Shamir paradigm, named challenge-divided Fiat-Shamir paradigm, which is applicable to a variant of Σ-protocol with divided random challenges. This new paradigm yields a new family of (online/offline efficient) digital signatures from challenge-divided Σ-protocols, including in particular a variant of Schnorr’s signature scheme called challenge-divided Schnorr signature. We then present a formal analysis of the challenge-divided Schnorr signature in the random oracle model. Finally, we give comparisons between the challenge-divided Schnorr signature and DSS and Schnorr’s signature, showing that the newly developed challenge-divided Schnorr signature can enjoy better (online/offline) efficiency (besides provable security in the random oracle model). Of independent interest is a new forking lemma, referred to as divided forking lemma, for dealing with multiple ordered rewinding points in the RO model, which is of independent interest and can be applied to analyzing other cryptographic schemes in the RO model.

Daniel Heinz,Thomas Popelmann

DOI: https://doi.org/10.1109/tc.2022.3197073

IF: 3.183

2023-03-15

IEEE Transactions on Computers

Abstract:The progress on constructing quantum computers and the ongoing standardization of post-quantum cryptography (PQC) have led to the development and refinement of promising new digital signature schemes and key encapsulation mechanisms (KEM). Especially lattice-based schemes have gained some popularity in the research community, presumably due to acceptable key, ciphertext, and signature sizes as well as good performance results and cryptographic strength. However, in some practical applications like smart cards, it is also crucial to secure cryptographic implementations against side-channel and fault attacks. In this work, we analyze the so-called redundant number representation (RNR) that can be used to counter side-channel attacks. We show how to avoid security issues with the RNR due to unexpected de-randomization and we apply it to the Kyber KEM and show that the RNR has a very low overhead. We then verify the RNR methodology by practical experiments, using the non-specific t-test methodology and the ChipWhisperer platform. Furthermore, we present a novel countermeasure against fault attacks based on the Chinese remainder theorem (CRT). On an ARM Cortex-M4, our implementation of the RNR and fault countermeasure offers better performance than masking and redundant calculation. Our methods thus have the potential to expand the toolbox of a defender implementing lattice-based cryptography with protection against two common physical attacks.

engineering, electrical & electronic,computer science, hardware & architecture

SUN Chang-yi,LI Yi-fa,SI Xue-ming

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.17.032

2012-01-01

Abstract:Almost proxy re-signature schemes are hardness of big integer factoring problem and Discrete Logarithm(DL) problem.But the quantum computer can solve this question in polynomial time,which may cause potential security risks to the schemes.This paper uses the characteristics that multivariate public key cryptography can resist quantum computer attack,to design a new proxy re-signature scheme.Theoretical analysis shows that the scheme fits internal and external security,and it is efficient.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/11780656_20

2006-01-01

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we show that the security requirements of their generic building blocks are insufficient to support some security claim stated in their paper. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.

Shouhuai Xu,Xiaohu Li,T. Paul Parker

DOI: https://doi.org/10.1145/1368310.1368358

2008-01-01

Abstract:ABSTRACTDigital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected --- an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).

Hee-Yong Kwon,Indra Bajuna,Mun-Kyu Lee

DOI: https://doi.org/10.1109/access.2024.3374645

IF: 3.9

2024-03-19

IEEE Access

Abstract:Recent advances in quantum-computing technology have threatened the security of classical cryptographic algorithms. This initiated research on Post-Quantum Cryptography (PQC), and the National Institute of Standards and Technology (NIST) PQC standardization is in progress. Coping with the current situation in which the security of existing cryptographic algorithms is already in question and that of new cryptographic algorithms is not yet certain, there has been active research on hybrid schemes combining two algorithms such that the security of the combined scheme is based on both underlying algorithms. For digital signatures, a naive solution for a hybrid scheme is to simply concatenate a classical signature and a quantum-resistant signature. In this paper, however, we propose a compact hybrid signature construction method that combines two randomized signatures such that the size of the combined signature is shorter than that of naive concatenation. Our construction allows for selective verification, which provides backward compatibility and conformance with existing regulations. We demonstrate the feasibility of the proposed method by combining ECDSA P-256 and Falcon-512, which are representative classical and post-quantum signature schemes, respectively. We prove that the combined signature is existentially unforgeable against an adaptive chosen-message attack, even if one of the underlying signature schemes is completely broken and only the other one remains secure. Through experiments on a desktop PC and Raspberry Pi 3 Model B, we verify that the proposed method effectively reduces the combined signature size with negligible computational overhead. Our experimental results demonstrate the proposed method is also applicable to PQC-PQC combinations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ping Zhang,Yamin Li,Muhua Liu,Youlin Shang,Zhumu Fu

DOI: https://doi.org/10.1155/2022/1977798

2022-04-13

Wireless Communications and Mobile Computing

Abstract:Aiming at the security problems of wireless communication network and the shortcomings of Elliptic Curve Digital Signature Algorithm (ECDSA), this paper designed a forward secure digital signature scheme and proved that the scheme has forward security and unforgeability in the random oracle model. Experimental simulations are done in this paper, and the results show that the proposed scheme has the highest efficiency compared with the ECDSA scheme and the three existing forward secure schemes. This scheme not only meets the forward security and protects the users’ privacies but also reduces the requirement of computing power of the user in the wireless communication network.

computer science, information systems,telecommunications,engineering, electrical & electronic

Huafeng Wu,Haiguang Chen,Qiang Zhou,Chuanshan Gao

DOI: https://doi.org/10.1109/snpd.2007.33

2007-01-01

Abstract:We present an efficient improvement of the strong RSA signature scheme [1], which is very similar to Fischlin sig nature [2]. Both two signatures are based on strong RSA assumption. In the original scheme, the signer has to choose a prime with prescribed length in signing phase. Except that, three generators of QRn should be chosen in the set-up phase. Our scheme removes or relaxes these restrictions. It only needs to choose two generators of QRn and an odd. Our scheme saves about 1/2 computational cost of the original scheme. Moreover, we propose a blind signature scheme and a partially blind signature scheme based on the basic scheme. To the best of our knowledge, it's the first time to propose such a blind signature scheme and a partially blind signature scheme based on strong RSA assumption.

Yan He,Baodong Qin,Wen Gao,Dong Zheng,Qianqian Zhao

DOI: https://doi.org/10.1155/2022/7494452

IF: 1.968

2022-11-17

Security and Communication Networks

Abstract:Forward-secure revocation is a powerful cryptographic technique to alleviate key exposure attacks on identity-based cryptosystems. In recent years, quantum computers have made some breakthroughs, so in the foreseeable future, existing cryptographic systems will be subject to quantum attacks. However, known forward-secure revocable identity-based signature (FS-RIBS) schemes were designed over bilinear pairing groups and may suffer from quantum computing attacks. To address this issue, this paper proposes a generic method to construct FS-RIBS schemes, taking (hierarchical) IBS schemes as a basic component. By instantiating it with some post-quantum (hierarchical) IBS schemes, e.g., lattice-based (hierarchical) IBS, we immediately obtain six FS-RIBS schemes under the hardness of the small integer solution problem, which is secure against quantum computing attacks.

computer science, information systems,telecommunications

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Liang Jin,Xiaoyan Hu,Jiangxing Wu

DOI: https://doi.org/10.1051/sands/2023004

2023-01-01

Abstract:In this paper, we propose a conjecture that endogenous security without any prior knowledge is similar to perfect secrecy without any prior knowledge. To prove the conjecture, we first establish a cryptography model of instinct function security to transform the security problem in the network domain into an encryption problem in the cryptographic domain. Then, we inherit and apply the established ideas and means of the Perfect Secrecy, and propose the concept, definition and corollaries of the perfect instinct function security (PIFS) corresponding to the Perfect Secrecy. Furthermore, we take the DHR system as a concrete implementation of PIFS and propose the DHR Perfect Security Theorem corresponding to Shannon’s Perfect Secrecy Theorem. Finally, we prove that the DHR satisfying the "One-Time Reconstruction" constraint is the sufficient and necessary condition to achieve perfect security. This means that the existence of PIFS is also proven. The analysis shows that any reconfigurable system can be encrypted by its construct and that the PIFS converts the one-way transparent superiority of the attacker into a double-blind problem for both the attacker and the defender, which leads to that the attacker is impossible to obtain useful construction information from the attacks and unable to find a better way than blind trial-and-error or brute-force attacks. Since the attackers are required to have the new powerful ability to crack the structure cryptogram, the threshold of cyber security is raised to at least the same level as cryptogram deciphering, thereafter the ubiquitous cyber threats are destined to be significantly reduced.

SUN Chang-Yi,LI Yi-Fa,ZHANG Wen-Zheng,SI Xue-Ming

DOI: https://doi.org/10.3969/j.issn.0490-6756.2012.03.016

2012-01-01

Abstract:The mainly security assumption of those existing proxy signature schemes are hardness of Big Integer Factoring problem and Discrete Logarithm problem.But the quantum computer is doing well in these areas.There are some important research values on multivariate public key cryptography which is the major families of PKCs that could resist potentially even the powerful quantum computers of the future. This paper design a new proxy signature which is based on the IP problem of multivariate cryptosystem, and as a new kind of proxy signature scheme,it not only meets the requirements of proxy signature, but has benefits of resist quantum attack,fast computing,and high efficiency.

Ming XU,Jing YING,Chun CHEN

DOI: https://doi.org/10.3321/j.issn:1008-9209.2000.06.025

2000-01-01

Abstract:Digital signature and fault tolerance are two important issues in modern computer network communication. In most case, they are addressed and implemented separately. Recently, Chang proposed an integrated approach for both fault tolerance and digital signature in RSA, which can implement fault tolerance in processes of encrypting, transmission, decrypting and authentication. In this paper, we analyze some security faults which exist in Chang cryptography scheme. Then we propose an approach, which can be used to attack Chang scheme. Finally, we propose an improved Chang cryptography scheme, which provides perfect cryptography, fault tolerance, impossibility of being interpolated, impossibility of being retransmitted, and so on. The improved scheme embodies a new way of thinking for public key cryptography by integrated approach for fault tolerance and digital signature in RSA.