Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Tatsuya Suzuki,Keita Emura,Toshihiro Ohigashi

DOI: https://doi.org/10.1007/s10916-019-1244-2

IF: 4.92

2019-03-28

Journal of Medical Systems

Abstract:To provide a search functionality for encrypted data, public key encryption with keyword search (PEKS) has been widely recognized. In actual usage, a PEKS scheme should be employed with a PKE scheme since PEKS itself does not support the decryption of data. Since a naive composition of a PEKS ciphertext and a PKE ciphertext does not provide CCA security, several attempts have been made to integrate PEKS and PKE in a joint CCA manner (PEKS/PKE for short). In this paper, we further extend these works by integrating secure-channel free PEKS (SCF-PEKS) and PKE, which we call SCF-PEKS/PKE, where no secure channel is required to send trapdoors. We give a formal security definition of SCF-PEKS/PKE in a joint CCA manner, and propose a generic construction of SCF-PEKS/PKE based on anonymous identity-based encryption, tag-based encryption, and one-time signature. We also strengthen the current consistency definition according to the secure-channel free property, and show that our construction is strongly consistent if the underlying IBE provides unrestricted strong collision-freeness which is defined in this paper. We also show that such an IBE scheme can be constructed by employing the Abdalla et al. transformations (TCC 2010/J. Cryptology 2018). Finally, as an application of SCF-PEKS/PKE, we strengthen the security of encrypted Electronic Medical Record (EMR) system proposed by Guo and Yau (J. Medical Sys. 2015).

health care sciences & services,medical informatics

Laila El Aimani

DOI: https://doi.org/10.48550/arXiv.1610.09503

2016-10-29

Abstract:We study the Sign_then_Encrypt, Commit_then_Encrypt_and_Sign, and Encrypt_then_Sign paradigms in the context of two cryptographic primitives, namely designated confirmer signatures and signcryption. Our study identifies weaknesses in those paradigms which impose the use of expensive encryption (as a building block) in order to meet a reasonable security level. Next, we propose some optimizations which annihilate the found weaknesses and allow consequently cheap encryption without compromising the overall security. Our optimizations further enjoy verifiability, a property profoundly needed in many real-life applications of the studied primitives.

Cryptography and Security

Jean Belo Klamti,M. Anwar Hasan

DOI: https://doi.org/10.48550/arXiv.2112.07130

2023-03-21

Abstract:A key encapsulation mechanism (KEM) that takes as input an arbitrary string, i.e., a tag, is known as tag-KEM, while a scheme that combines signature and encryption is called signcryption. In this paper, we present a code-based signcryption tag-KEM scheme. We utilize a code-based signature and an IND-CCA2 (adaptive chosen ciphertext attack) secure version of McEliece's encryption scheme. The proposed scheme uses an equivalent subcode as a public code for the receiver, making the NPcompleteness of the subcode equivalence problem to be one of our main security assumptions. We then base the signcryption tag-KEM to design a code-based hybrid signcryption scheme. A hybrid scheme deploys asymmetric- as well as symmetric-key encryption. We give security analyses of both our schemes in the standard model and prove that they are secure against IND-CCA2 (indistinguishability under adaptive chosen ciphertext attack) and SUF-CMA (strong existential unforgeability under chosen message attack).

Cryptography and Security,Information Theory,Number Theory

Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Xue Li,Renqing Zhu,Dajun Du,Cheng Jiang,Zhe Zhou

DOI: https://doi.org/10.1109/jsyst.2024.3365848

IF: 4.802

2024-01-01

IEEE Systems Journal

Abstract:The signcryption schemes play an important role in keeping the security of information interactions among the devices in cyber-physical power systems (CPPSs). However, the existing schemes based on bilinear pairing have heavy computation and communication costs, making it challenging to deploy to resource-constrained devices (RCDs). Moreover, the most existing aggregate signcryption schemes do not validate the signcryption ciphertext when the data are aggregated by the aggregation device, jeopardizing the security and stability of the CPPSs. To solve these issues, this article explores a novel certificateless aggregate signcryption scheme based on elliptic curve cryptography applied to information interaction among RCDs of CPPSs. First, a lightweight signcryption scheme is proposed to achieve secure information interaction of RCDs. Then, to efficiently discover illegal signcryption in the aggregate signcryption, a method of constructing a 2-D matrix is proposed, which improves the robustness of secure information interaction. Furthermore, the security of the proposed signcryption scheme is theoretically proven by the elliptic curve discrete logarithm problem and computational Diffie–Hellman problem assumptions, and the scheme is theoretically analyzed to meet the security requirements of RCDs. Finally, experiments are carried out to validate the efficacy and appropriateness of the proposed signcryption scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Huige Wang,Kefei Chen,Tianyu Pan,Yunlei Zhao

DOI: https://doi.org/10.1155/2020/8823788

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11556992_16

2005-01-01

Abstract:In PKC'04, a signcryption scheme with key privacy was proposed by Libert and Quisquater. Along with the scheme, some security models were defined with regard to the signcryption versions of confidentiality, existential unforgeability and ciphertext anonymity (or key privacy). The security of their scheme was also claimed under these models. In this paper, we show that their scheme cannot achieve the claimed security by demonstrating an insider attack which shows that their scheme is not semantically secure against chosen ciphertext attack (not even secure against chosen plaintext attack) or ciphertext anonymous. We further propose a revised version of their signcryption scheme and show its security under the assumption that the gap Diffie-Hellman problem is hard. Our revised scheme supports parallel processing that can help reduce the computation time of both signcryption and de-signcryption operations.

Zhihua Gan,Shiping Song,Lin Zhou,Daojun Han,Jiangyu Fu,Xiuli Chai

DOI: https://doi.org/10.1016/j.jksuci.2022.09.006

2022-01-01

Abstract:Image encryption is an effective method to protect private images by converting them into meaningless ones, but many current image encryption algorithms still have security and efficiency problems. This paper combines compressed sensing (CS) and secret image sharing (SIS) to propose a certifiable visually secure image selection encryption. Firstly, a selective encryption based on multi-task convolutional neural network (SE-MTCNN) is presented to distinguish and encrypt the sensitive and non-sensitive information of plain images. Subsequently, the SIS algorithm is used to decompose the resulting plain image into multiple shadow images to disperse the risk of cryptographic image loss and resist hacking attacks. Herein, a pseudo-convolutional sliding scrambling based on chaotic sequences driven by plaintext (PCSS-CSDP) is proposed to eliminate the correlation between adjacent image pixels. Finally, the IWT-M-embedding algorithm is used to embed shadow images into carrier images to get multiple visually meaningful cipher images. Additionally, a new authentication scheme based on bit-level cyclic shifts and dynamic combination (AS-BCSDC) is introduced, and the obtained authentication information is fused into cipher images to prevent the deception of illegal users and malicious tampering of cloud platform. Experiments demonstrate the effectiveness of our algorithm, and it may be applied for image secure communication.

Hu Xiong,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.2316/journal.202.2012.1.202-3156

2012-01-01

International Journal of Computers and Applications

Abstract:Signcryption is a cryptographic primitive that performs digitalsignature and public key encryption simultaneously at lower computational costs and communication overheads than the signature-then-encryption approach.

Jianhua Yan,Licheng Wang,Lihua Wang,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1155/2013/702539

IF: 1.43

2013-01-01

Mathematical Problems in Engineering

Abstract:Signcryption is a cryptographic primitive that can perform digital signature and public encryption simultaneously at a significantly reduced cost. This advantage makes it highly useful in many applications. However, most existing signcryption schemes are seriously challenged by the booming of quantum computations. As an interesting stepping stone in the post-quantum cryptographic community, two lattice-based signcryption schemes were proposed recently. But both of them were merely proved to be secure in the random oracle models. Therefore, the main contribution of this paper is to propose a new lattice-based signcryption scheme that can be proved to be secure in the standard model.

Jianhua Yan,Xiuhua Lu,Muzi Li,Licheng Wang,Jingxian Zhou,Wenbin Yao

DOI: https://doi.org/10.3390/e25121651

2023-12-13

Abstract:Based on the NTRU trapdoor used in NIST's Falcon, a signcryption scheme following the sign-then-encrypt paradigm is constructed. The existing partitioning technique based on Waters hash over the lattice can not complete the security reduction in the standard model for the signature part due to the "partiality" of the pre-image generated with the NTRU trapdoor. To address this, a variant of Waters hash over small integers is proposed and, the probability of the successful reduction is analyzed. The resulting signcryption achieves existential unforgeability under the adaptive chosen-message attacks. By utilizing the uniqueness of the secret and the noise in an NTRU instance, the tag used in encryption is eliminated. Furthermore, a method to construct tamper-sensitive lattice public key encryption is proposed. This approach implants the ciphertext-sensitive information into the lattice public key encryption and binds it to the encrypted information. The malleability to the public key ciphertext triggers the change of the message-signature pair so that the IND-CCA2 security of the entire ciphertext can be guaranteed by the signature for the message. Thanks to the rational design and the efficiency of the NTRU trapdoor, the computational overhead of the proposed scheme is reduced significantly compared to the existing lattice-based signcryption scheme, reaching orders of magnitude improvement in efficiency. The experiment shows that the proposed scheme is efficient.

Sumithra Alagarsamy,S P Rajagopalan

DOI: https://doi.org/10.1371/journal.pone.0186207

IF: 3.7

2017-10-17

PLoS ONE

Abstract:Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Zhishuo Zhang,Wen Huang,Lin Yang,Yongjian Liao,Shijie Zhou

DOI: https://doi.org/10.1109/jiot.2023.3268699

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Outsourced Decryption Attribute-based Encryption (OD-ABE) is emerging as a promising cryptographic tool to provide efficient fine-grained access control for data accessing and sharing in cloud-assisted Intelligent Internet of Mobile Things (IIoMT). Decryption verification is an essential property of OD-ABE to enable the mobile user to verify the precision of the decryption data. Unfortunately, the most representative verification (commitment) algorithms have various security flaws. In this paper, we first indicate that the two state-of-art key-based commitment schemes are vulnerable to “Commitment Extract(Decrypt)-then-Reuse Attack” and “Commitment Impersonation Attack” which demolish the unforgeability of the commitment. Then to cover all the existing attacks to commitment algorithms, we re-define a robuster verifiable security model for verifiable OD-ABE. Subsequently, we invent a ciphertext fingerprint (CTfp) based commitment scheme and give rigorous proof to the proposed commitment scheme including binding, hiding, unforgeability, and non-repudiation (traceability) in the random oracle. Next, we apply our CTfp-based commitment to the widely used OD-ABE schemes to provide them robuster verifiability. Finally, the theoretical comparison and simulation experiments are presented to show our new type of commitment algorithm is more secure and practical.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hu Xiong,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.6633/ijns.201307.15(4).12

2013-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overhead than signing and encrypting separately. Recently, Chung et al. proposed an anonymous ECC-based signcryption scheme. We show that their scheme is not secure even against a chosen-plaintext attack.

Zhaohui Cheng,Liqun Chen,Li Ling,Richard Comley

DOI: https://doi.org/10.1007/978-3-540-73489-5_6

2007-01-01

Abstract:In 2003, Al-Riyami and Paterson introduced a new public key encryption paradigm called Certificateless Public Key Encryption (CL-PKE), which like Identity-Based Encryption (IBE) is certificatefree, and meanwhile which unlike IBE but similar to certificate-based encryption is key-escrow-free. In this paper, based on a heuristic observation on some existing IBE schemes and PKE schemes, we propose a general approach to build a CL-PKE solution, which makes use of a simple combination of an IBE scheme, a Diffie-Hellman type key establishment algorithm and a secure hash-function. Following this approach we construct two efficient concrete CL-PKE schemes and formally analyse their security in the random oracle model.

Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

DOI: https://doi.org/10.1007/978-3-540-73408-6_6

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signeryption and de-signcryption.

Huifang Yu,Runtao Ren

DOI: https://doi.org/10.1109/jsyst.2021.3096531

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:Driven by new situation of "Internet +," Internet has achieved the integrated development with all walks of life. Among them, the fifth generation is a key technology to promote the deep integration of Internet-of-Things equipment, cloud computing, blockchain and other trades. Hence, it is necessary for IoTs to consider the cost and efficiency of authentication and confidentiality of the communication. For effectively solving the above problems, we devise certificateless elliptic curve aggregate signcryption (CL-ECASC) scheme for IoTs that can improve the authentication efficiency, realize data confidentiality, and avoid the problems of complex certificate management and key escrow. Under the hardness of discrete logarithm and computational DiffieHellman problems on elliptic curve, CL-ECASC is proved to has the IND-CCA2 security (indistinguishability under the adaptive chosen-ciphertext attacks) and UF-CMA security (existentially unforgeable under the adaptive chosen-message attacks). CL-ECASC has relatively faster computation efficiency and lower communication cost, and so it is suitable for secure transmission of the information in the previously mentioned environments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Joo Woo,Kwangsu Lee,Jong Hwan Park

DOI: https://doi.org/10.1371/journal.pone.0310708

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In 2009, Lyubashevsky proposed a lattice-based signature scheme using the Schnorr-like identification and the Fiat-Shamir heuristic and proved its security under the collision resistance of a generalized compact knapsack function. However, their security analysis requires the witness indistinguishability property, leading to significant inefficiency and an increase of sizes of public key and signature. To overcome the efficiency issue associated with the WI property, we introduce a new lattice-based assumption, called the target-modified one-wayness problem of the GCK function and show its reduction to well-known lattice-based problems. Additionally, we present a simple and efficient GCK-based signature scheme, GCKSign, whose security is based on the Module GCK-TMO problem in the random oracle model. GCKSign is a natural extension of Lyubashevsky's scheme in a module setting, but achieves considerable efficiency gains due to eliminating the witness indistinguishability property. As a result, GCKSign achieves approximately 3.4 times shorter signature size and 2.4 times shorter public key size at the same security level.