Yunlei Zhao

DOI: https://doi.org/10.1145/2976749.2978350

2016-01-01

Abstract:Identity concealment and zero-round trip time (0-RTT) connection are two of current research focuses in the design and analysis of secure transport protocols, like TLS1.3 and Google's QUIC, in the client-server setting. In this work, we introduce a new primitive for identity-concealed authenticated encryption in the public-key setting, referred to as higncryption, which can be viewed as a novel monolithic integration of public-key encryption, digital signature, and identity concealment. We then present the security definitional framework for higncryption, and a conceptually simple (yet carefully designed) protocol construction. As a new primitive, higncryption can have many applications. In this work, we focus on its applications to 0-RTT authentication, showing higncryption is well suitable to and compatible with QUIC and OPTLS, and on its applications to identity-concealed authenticated key exchange (CAKE) and unilateral CAKE (UCAKE). Of independent interest is a new concise security definitional framework for CAKE and UCAKE proposed in this work, which unifies the traditional BR and (post-ID) frameworks, enjoys composability, and ensures very strong security guarantee. Along the way, we make a systematically comparative study with related protocols and mechanisms including Zheng's signcryption, one-pass HMQV, QUIC, TLS1.3 and OPTLS, most of which are widely standardized or in use.

Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Fagen Li,Tsuyoshi Takagi

DOI: https://doi.org/10.1016/j.mcm.2011.06.043

2013-01-01

Mathematical and Computer Modelling

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. In 2009, Yu et al. [12] proposed an identity-based signcryption (IBSC) scheme in the standard model. In 2010, Zhang [17] pointed out that Yu et al.'s scheme does not have the indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) and proposed an improved IBSC scheme. He proved that the improved scheme has the IND-CCA2 property and existential unforgeability against adaptive chosen messages attacks (EUF-CMA). However, in this paper, an attack is proposed to show that Zhang's scheme does not have the IND-CCA2 property (not even chosen plaintext attacks (IND-CPA)). We present a fully secure IBSC scheme in the standard model. We prove that our scheme has the IND-CCA2 property under the decisional bilinear Diffie-Hellman assumption and has the EUF-CMA property under the computational Diffie-Hellman assumption. (C) 2011 Elsevier Ltd. All rights reserved.

Fagen Li,Fahad Bin Muhaya,Mingwu Zhang,Tsuyoshi Takagi

DOI: https://doi.org/10.1002/cpe.1823

2011-01-01

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. Recently, three identity-based signcryption schemes in the standard model were proposed. However, the three schemes are broken soon. How to construct a secure identity-based signcryption scheme in the standard model is still an open problem. In this paper, we solve this problem and propose an efficient identity-based signcryption scheme in the standard model. We prove that our scheme has the indistinguishability against adaptive chosen ciphertext attacks under the modified decisional bilinear Diffie-Hellman assumption and the existential unforgeability against adaptive chosen messages attacks under the computational Diffie-Hellman assumption.

Fagen Li,Masaaki Shirase,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/ares.2009.44

2009-01-01

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we address a question whether it is possible to construct a hybrid signcryption scheme in identity-based setting. This question seems to have never been addressed in the literature. We answer the question positively in this paper. In particular, we extend the concept of signcryption key encapsulation mechanism to the identity-based setting. We show that an identity-based signcryption scheme can be constructed by combining an identity-based signcryption key encapsulation mechanism with a data encapsulation mechanism. We also give an example of identity-based signcryption key encapsulation mechanism.

Fagen Li,Muhammad Khurram Khan

DOI: https://doi.org/10.4103/0256-4602.81236

2011-01-01

IETE Technical Review

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has found many applications, such as electronic transaction protocol, mobile agent protocol, key management, and routing protocol. In this article, the state-of-the-art of identity-based signcryption (IBSC) is surveyed. We examine the security model of IBSC. We survey the existing IBSC schemes and compare their security properties and efficiency. IBSC with special properties and identity-based hybrid signcryption are investigated. Some possible future work is also pointed out.

Yong Yu,Fagen Li,Chunxiang Xu,Ying Sun

DOI: https://doi.org/10.1007/s11859-008-0607-1

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter’s privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from bilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffie-Hellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.

Fagen Li,Hu Xiong,YongJian Liao

DOI: https://doi.org/10.1109/ICCCAS.2009.5250509

2009-01-01

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we propose the first generic construction of identity-based signcryption (GCIS) by using identity-based key encapsulation mechanism (ID-KEM), data encapsulation mechanism (DEM), and identity-based signature schemes (ID-SIG). We prove that our construction satisfies confidentiality and unforgeability. We describe an instantiation of our construction that is secure in the standard model. Our instantiation also solves an open problem proposed by Yuen and Wei.

LI Fa-Gen,HU Yu-Pu,LI Gang

2006-01-01

Chinese Journal of Computers

Abstract:Signcryption is a cryptographic primitive that combines both the functions of digital signature and public key encryption in a logical single step,at lower computational costs and communication overheads than the traditional signaturethen-encryption approach.In this paper,the authors present a new identitybased signcryption scheme using the bilinear pairings and prove its security in the random oracle model.The proposed scheme is proved to be secure assuming the bilinear Diffle-Hellman problem is hard.As compared with the most efficient Chen & Malone-Lee scheme to date,the proposed scheme decreases one pairing operation and only requires two pairing operations.

Fagen Li,Hui Zhang,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/jsyst.2012.2221897

IF: 4.802

2013-01-01

IEEE Systems Journal

Abstract:Privacy and authentication are the two main security goals in secure communications. To solve the secure communications problem between two heterogeneous systems, we propose two efficient signcryption schemes that can simultaneously achieve confidentiality, integrity, authentication, and nonrepudiation in a logical single step. The first scheme allows a sender in a public key infrastructure (PKI) to send a message to a receiver in an identity-based cryptosystem (IBC) and the second scheme allows a sender in the IBC system to send a message to a receiver in the PKI system. We prove that the first scheme has indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) under the q-bilinear Diffie-Hellman inversion problem (q-BDHIP) and existential unforgeability against adaptive chosen messages attacks (EUF-CMA) under the Diffie-Hellman inversion problem in the random oracle model. We also prove that the second scheme has the IND-CCA2 property under the BDHIP and EUF-CMA property under the q-strong Diffie- Hellman problem (q-SDHP) in the random oracle model.

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.

Jianhong Chen,Kefei Chen,Yongtao Wang,Xiangxue Li,Yu Long,Zhongmei Wan

DOI: https://doi.org/10.15388/informatica.2012.347

2012-01-01

Informatica

Abstract:Key-insulated cryptography is an important technique to protect private keys in identity-based (IB) cryptosytems. Despite the flurry of recent results on IB key-insulated encryption (IBKIE) and signature (IBKIS), a problem regarding the security and efficiency of practicing IBKIE and IBKIS as a joint IB key-insulated signature/encryption scheme with a common set of parameters and keys remains open. To deal with the above question, we propose an identity-based key-insulated signcryption (IBKISC) scheme. Compared with the Sign-then-Encrypt (StE) and Encrypt-then-Sign (EtS) using IBKIE and IBKIS in the standard model, our proposed IBKISC scheme is the fastest with the shortest ciphertext size.

Yanli Ren,Dawu Gu

DOI: https://doi.org/10.1109/isdpe.2007.76

2007-01-01

Abstract:Identity based crypto system is a public key cryptosystem where the public key can be represented as an arbitrary string. However, an identity based signature scheme that is fully secure in the standard model with a tight reduction has not been proposed until now. In this paper, we propose an identity based signature scheme that is fully secure in the standard model and has several advantages-computational efficiency, short public parameters, and a tight security reduction. In many situations we want to enjoy confidentiality and authenticity simultaneously. A traditional approach to achieve this objective is to "sign-then-encrypt" this message, or we can employ special cryptographic scheme like signcryption. To the best of our knowledge, reference [15] proposes the only identity based signcryption scheme in the standard model. But its security proof is based on a weaker model-"sample-ID" model and the reduction is not tight. Combining an identity based encryption scheme, we also propose the first identity based signcryption scheme that is fully secure in the standard model with a tight reduction. Moreover, our signcryption scheme has public verifiability.

Xiaojun Zhang,Chunxiang Xu,Jingting Xue

DOI: https://doi.org/10.1504/ijesdf.2018.10009828

2018-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Signcryption is a public-key cryptographic primitive which combines the functions of public-key encryption and digital signature into a single logical step at low computational and communication costs. While multi-receiver signcryption is suited for a situation where a sender wants to send a signcrypted message to multiple receivers in a confidential and authenticated way. Due to this attractive property, recently, multi-receiver signcryption plays an important role in some practical applications such as virtual conference as well as authenticated mail transferring. In this paper, we present an efficient multi-receiver identity-based signcryption (MIBSC) scheme from lattice assumption which is believed to resist quantum computer attacks. The proposed scheme is provably secure in the random oracle model, which has the indistinguishability against chosen ciphertext attacks under the hardness of learning with errors (LWE), and existentially unforgeability against chosen message attacks under the small integer solution assumption (SIS). Moreover, we also compare our MIBSC scheme with existing schemes from performance efficiency and security, the result shows that our proposed scheme is more efficient and more secure. In particular, our scheme can be properly applied in the post-quantum communication environments.

sun hua,guo li,wang aimin

2011-01-01

Abstract:Signcryption is a cryptographic primitive which provides authentication and confidentiality simultaneously with a computational cost lower than signing and encryption respectively. The ring signcryption has anonymity in addition to authentication and confidentiality, which allows any user to choose any set of users that includes himself and signcrypt messages without revealing who in the set has actually produced it. This paper presents an efficient identity-based ring signcryption scheme in the standard model, which proves its indistinguishability against adaptive chosen ciphertext attacks and existential unforgeability against adaptive chosen message and identity attacks in terms of the hardness of CDH problem and DBDH problem.

Fagen Li,Yupu Hu,Chuanrong Zhang

DOI: https://doi.org/10.1007/978-3-540-72738-5_24

2007-01-01

Abstract:As various applications of wireless ad hoc networks have been proposed, security has become one of the big research challenges and is receiving increasing attention. Recently, Several security schemes for wireless ad hoc networks have been proposed using identity-based signcryption schemes. However, almost all identity-based signcryption schemes that have been proposed until now are based on a single private key generator, which is not suitable for multi-domain ad hoc networks. In this paper, we propose a new identity-based signcryption scheme based on multiple private key generators, which is more suitable for multi-domain ad hoc networks. We prove its semantical security under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model.

guobin zhu,hu xiong,ruijin wang,zhiguang qin

DOI: https://doi.org/10.1007/978-81-322-1759-6_12

2014-01-01

Abstract:As one of the fundamental cryptographic primitives, signcryption can achieve unforgeability and confidentiality simultaneously at the cost significantly lower than the signature-then-encryption approach in terms of computational costs and communication overheads. In view of the damage caused by the secret key leakage, Chen et al. proposed an efficient identity-based key-insulated signcryption (ID-KI-SC) scheme secure in the standard model recently. However, in this paper, we show that their scheme does not achieve the indistinguishability against adaptively chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptively chosen message attacks (EUF-CMA). Furthermore, we propose an improved scheme that remedies the weakness of Chen et al.' s scheme.

WANG Hui-ge,WANG Cai-fen,CAO Hao,LIU Shao-hui

DOI: https://doi.org/10.3724/sp.j.1087.2011.02986

2011-01-01

Abstract:A new identity-based proxy re-signcryption scheme was put forward on the basis of the signcryption with proxy re-encryption proposed by Chandrasekar S(CHANDRASEKAR S,AMBIKA K,RANGAN P C.Signcryption with proxy re-encryption.http://eprint.iacr.org/2008/276).The new scheme achieves a transparent conversion from one identity-based signcryption to another identity-based signcryption by using a semi-trusted proxy.And it realizes the complete conversion of signcryption,that is,it concurrently achieves the conversion of both confidentiality and verification.In the same time,it realizes the full public verifiability of the signcryption without the direct participation of the plaintext.Based on the Computation Bilinear Diffie-Hellman(CBDH) problem,it is proved to be IND-CCA2 secure in the Random Oracle Model(ROM).Through the analysis of its efficiency and function,the scheme resolves the problems of both failing to realize the conversion of the verification and the verifiability of signcryption needing the participation of plaintext in the scheme advanced by Chandrasekar S.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Hu Xiong,Zhiguang Qin,Fagen Li

DOI: https://doi.org/10.3233/FI-2011-395

2011-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overhead than signing and encrypting separately. Recently, Yu et al. proposed an identity based signcryption scheme with a claimed proof of security. We show that their scheme is not secure even against a chosen-plaintext attack. (This work is supported by National Natural Science Foundation of China under Grant No. 61003230 and China Postdoctoral Science Foundation under Grant No. 20100480130.)