Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1109/icassp43922.2022.9746617

2022-01-01

Abstract:Online/offline identity-based signature (OO-IBS) is an adequate cryptographic tool to provide the message authentication and integrity in mobile devices, since it lightens the computational burden after the signer receives the message and eliminates the overhead of certificate management. It has several valuable applications, such as wireless sensor networks and automatic dependent surveillance-broadcast systems. Identity-based chameleon hash (IB-CH), as an alternative building block to construct OO-IBS, has been explored in several literatures. Nevertheless, almost all of the prior IB-CH schemes are in the random oracle model, which may lead to security risks in practicality. The only IB-CH scheme in the standard model proposed by Xie et al. (ICC'21) suffers from the large size of public parameters and inefficient setup process. In this paper, we propose an efficient IB-CH scheme in the standard model, significantly reducing the computational costs of all the algorithms and the size of public parameters compared with Xie's scheme. The security and experimental analyses demonstrate the security and good performance of our scheme. Furthermore, we applied our scheme to optimize the existing generic OO-IBS construction. Our optimized construction reduces computational overhead by 50.0% in the online phase compared with the original construction.

Feng Bao,Robert H. Deng,Xuhua Ding,Junzuo Lai,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-21554-4_12

2011-01-01

Abstract:At ACNS 2008, Canard et al. introduced the notion of trapdoor sanitizable signature (TSS) based on identity-based chameleon hash (IBCH). Trapdoor sanitizable signatures allow the signer of a message to delegate, at any time, the power of sanitization to possibly several entities who can modify predetermined parts of the message and generate a new signature on the sanitized message without interacting with the original signer. In this paper, we introduce the notion of hierarchical identity-based chameleon hash (HIBCH), which is a hierarchical extension of IBCH. We show that HIBCH can be used to construct other cryptographic primitives, including hierarchical trapdoor sanitizable signature (HTSS) and key-exposure free IBCH. HTSS allows an entity who has the sanitization power for a given signed message, to further delegate its power to its descendants in a controlled manner. Finally, we propose a concrete construction of HIBCH and show that it is t-threshold collusion-resistant.

Jiang Zhang,Yu Chen,Zhenfeng Zhang

DOI: https://doi.org/10.1007/s00145-023-09488-w

2023-12-01

Journal of Cryptology

Abstract:Driven by the open problem raised by Hofheinz and Kiltz (J Cryptol 25(3):484–527, 2012), we study the formalization of lattice-based programmable hash function (PHF) and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the inhomogeneous small integer solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the number Q of the adversary's queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q , which is large for typical parameters. To overcome the above limitations, we also give a refined way of using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of Böhl et al. (Eurocrypt'13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto'14) and by Alperin-Sheriff (PKC'15) and allow us to achieve much tighter security from weaker hardness assumptions.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Yan He,Baodong Qin,Wen Gao,Dong Zheng,Qianqian Zhao

DOI: https://doi.org/10.1155/2022/7494452

IF: 1.968

2022-11-17

Security and Communication Networks

Abstract:Forward-secure revocation is a powerful cryptographic technique to alleviate key exposure attacks on identity-based cryptosystems. In recent years, quantum computers have made some breakthroughs, so in the foreseeable future, existing cryptographic systems will be subject to quantum attacks. However, known forward-secure revocable identity-based signature (FS-RIBS) schemes were designed over bilinear pairing groups and may suffer from quantum computing attacks. To address this issue, this paper proposes a generic method to construct FS-RIBS schemes, taking (hierarchical) IBS schemes as a basic component. By instantiating it with some post-quantum (hierarchical) IBS schemes, e.g., lattice-based (hierarchical) IBS, we immediately obtain six FS-RIBS schemes under the hardness of the small integer solution problem, which is secure against quantum computing attacks.

computer science, information systems,telecommunications

Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1016/j.tcs.2008.07.001

IF: 1.002

2008-01-01

Theoretical Computer Science

Abstract:Constructing an identification scheme is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify himself to a public verifier who knows only the claimed identity of the prover and some public information. In this paper, we propose a new framework for both the design and analysis of IBI schemes. Our approach works in an engineering way. We first identify an IBI scheme as the composition of two building blocks, and then show that, with different security properties of these building blocks, the corresponding IBI schemes can achieve security against impersonation under different levels of attacks, namely, passive attack (id-imp-pa), active attack (id-imp-aa) or concurrent attack (id-imp-ca). In particular, we show that an id-imp-pa secure IBI scheme can be built if there exists a trapdoor weak-one-more relation and an honest verifier zero-knowledge proof with special soundness, while an id-imp-aa and id-imp-ca secure IBI scheme can be built if there exists a trapdoor strong-one-more relation and a Witness Dualism proof with Special Soundness (WD-SS). This new framework can capture IBI construction techniques that are not captured by other known frameworks. It also helps to construct new and efficient schemes. We demonstrate this by proposing two new IBI schemes, one achieving id-imp-pa, and the other one achieving both id-imp-aa and id-imp-ca, and neither of them can be captured by existing frameworks.

Xinjian Chen,Qiong Huang,Hongbo Li,Zhijian Liao,Willy Susilo

DOI: https://doi.org/10.1016/j.tcs.2022.08.022

IF: 1.002

2022-01-01

Theoretical Computer Science

Abstract:Multi-signature is an important technology to compress multiple signatures on the common message into a compact one, thereby reducing the consumption of storage space and transmission bandwidth. Such a cryptographic primitive is widely used in financial applications such as blockchain which requires multiple keys to authorize a transaction. With the advent of quantum computers, traditional multi-signature schemes may no longer be secure as their underlying security assumptions (e.g. RSA or discrete logarithm problems) may not hold anymore. In this paper, we propose a novel identity-based multi-signature (IBMS) scheme over NTRU lattices, which is secure against the attacks of quantum computers. To the best of our knowledge, it is the first lattice-based IBMS scheme. We show that our scheme is provably secure in the random oracle model based on the ring version of the short integer solution assumption (Ring-SIS). Compared with the closely related works in the literature, our scheme enables the signer to select its system identity (such as email address, physical IP address, and etc.) as the public key, which effectively alleviates the certificate management problem in the PKI setting, and takes the advantage of discrete Gaussian distribution instead of uniform distribution to generate secret signing keys and multi-signatures. Besides, our scheme does not require all the system users to setup a trusted common string, which further simplifies the deployment of our scheme in practice.

P Thanalakshmi,R Anitha,N Anbazhagan,Woong Cho,Gyanendra Prasad Joshi,Eunmok Yang

DOI: https://doi.org/10.3390/s21248417

2021-12-16

Abstract:As a standard digital signature may be verified by anybody, it is unsuitable for personal or economically sensitive applications. The chameleon signature system was presented by Krawczyk and Rabin as a solution to this problem. It is based on a hash then sign model. The chameleon hash function enables the trapdoor information holder to compute a message digest collision. The holder of a chameleon signature is the recipient of a chameleon signature. He could compute collision on the hash value using the trapdoor information. This keeps the recipient from disclosing his conviction to a third party and ensures the privacy of the signature. The majority of the extant chameleon signature methods are built on the computationally infeasible number theory problems, like integer factorization and discrete log. Unfortunately, the construction of quantum computers would be rendered insecure to those schemes. This creates a solid requirement for construct chameleon signatures for the quantum world. Hence, this paper proposes a novel quantum secure chameleon signature scheme based on hash functions. As a hash-based cryptosystem is an essential candidate of a post-quantum cryptosystem, the proposed hash-based chameleon signature scheme would be a promising alternative to the number of theoretic-based methods. Furthermore, the proposed method is key exposure-free and satisfies the security requirements such as semantic security, non-transferability, and unforgeability.

Zhikang Xie,Qingni Shen,Cong Li,Jisheng Dong,Yuejian Fang

DOI: https://doi.org/10.1109/icc42927.2021.9500446

2021-01-01

Abstract:The rapid development of the mobile Internet makes it necessary to adopt efficient cryptographic primitives for the portable devices with limited computing resources. Online/offline identity-based signatures are suitable because of short response time of signature generation and being free from the cumbersome operations caused by public key infrastructures. In this paper, we propose the first identity-based chameleon hash which can be proved secure without the random oracle and show how to use it to translate any identity-based signature to an online/offline one.

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1007/978-3-540-72738-5_20

2007-01-01

Abstract:Constructing identification schemes is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify itself to a public verifier who knows only the claimed identity of the prover and some common information. In this paper, we propose a simple and efficient framework for constructing IBI schemes. Unlike some related framework which constructs IBI schemes from some standard identification schemes, our framework is based on some more fundamental assumptions on intractable problems. Depending on the features of the underlying intractable problems presumed in our framework, we can derive IBI schemes secure against passive, active and concurrent adversaries. We show that the framework can capture a large class of schemes currently proposed, and also has the potential to cover many newly constructed schemes. As an example, based on the Katz-Wang standard signature scheme, we propose a new IBI scheme that is secure against active adversaries in a concurrent manner. It can be seen that our framework also help simplify the security proofs for new IBI schemes. Finally, and of independent interest, we define a new notion for proof systems called Witness Dualism. This notion is weaker than that of witness indistinguishable and we show that it is enough for constructing an IBI scheme secure against the most powerful type of adversaries defined.

An Braeken,Ji-Jian Chin,Syh-Yuan Tan

DOI: https://doi.org/10.1016/j.jisa.2021.103027

IF: 4.96

2021-12-01

Journal of Information Security and Applications

Abstract:Identity-based identification (IBI) schemes allow a prover to provide entity identification, based on its unique identity. This paper provides the first non-trivial IBI scheme with implicit certification by using the Elliptic Curve Qu Vanstone (ECQV) implicit certification scheme. In contrast to the conventional identity-based schemes, the implicit certificate based approach is resistant against key escrow since the trusted authority only a part of the secret key, which is used as input by the user to construct its own user secret key. We show our scheme is able to achieve Trust Level 3 according to Girault’s definitions, while requiring less resources when compared to certificateless identification. A corresponding formal security model is defined, showing the resistance of our proposed scheme against impersonation attacks. Compared to other Schnorr-based IBI schemes, our proposed IBI scheme with implicit certification outperforms in storage, computation and communication efficiency and thus offers a viable solution to be applied in an internet of things (IoT) context.

computer science, information systems

Yanqing Yao,Zhoujun Li,Hua Guo

DOI: https://doi.org/10.1016/j.ins.2019.12.076

IF: 8.1

2020-04-01

Information Sciences

Abstract:Identity-based sequential aggregate signature (IBSAS for short) schemes, introduced by Boldyreva et al. [CCS 2007], allow a large quantity of signers to generate one signature sequentially, in which these messages as well as their order can be attested by employing their identities. In such a scheme, storage space and bandwidth overhead can be reduced. To our best knowledge, though many concrete IBSAS schemes have been constructed in literature, none of them is constructed under a standard computational hardness assumption and unforgeable under the standard model. The problem of how to construct such schemes is still open. Latterly, Gentry et al. [PKC 2018] proposed a unified construction of SAS (i.e., abbreviated form of sequential aggregate signature) schemes by employing trapdoor permutation and ideal ciphers. Motivated by the above problem and hints, here we study how to construct IBSAS schemes in a new unified perspective. By employing 2-level HIBE (i.e., abbreviated form of hierarchical identity-based encryption) schemes, we present unified construction of IBSAS schemes and give a rigorous proof of their unforgeability. The unified construction is then instantiated to get a concrete IBSAS scheme, which has existential unforgeability under the standard model using a standard computational hardness assumption (i.e., the CDH assumption). An extra fruit is that it can be used to construct an existentially unforgeable IBSAS scheme using the Learning with Errors problem, which is constructed under a lattice hardness assumption for the first time. In the end, we show a detailed performance comparison among our schemes and previous ones.

computer science, information systems

Zesheng Lin,Hongbo Li,Xinjian Chen,Meiyan Xiao,Qiong Huang

DOI: https://doi.org/10.1109/tifs.2024.3459646

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To reduce data storage costs, more individuals are using cloud servers for reliable, scalable, cost-effective, and globally accessible solutions. However, storing data in plaintext on cloud servers can lead to data leakage risks. Moreover, the advancement of quantum computing poses a threat to traditional encryption algorithms. To counter quantum computing attacks and enable searches over encrypted keywords, lattice-based searchable encryption with conjunctive keyword search has been implemented. Nonetheless, existing schemes expose keyword fields and leaks additional information. To mitigate this, we propose a privacy-preserving method based on lattice hardness assumptions. It enables testing the existence of an encrypted keyword in a set of encrypted keywords without requiring the keyword fields. Additionally, we propose two improved methods: one for inclusion-based searches between two keyword sets, and another for range-based keyword searches. These form the basis for three lattice-based identity-based searchable encryption schemes that support disjunctive, conjunctive, and range keyword searches, respectively. The storage overhead of ciphertexts and trapdoors is unaffected by the number of keywords, making our scheme suitable for multi-keyword search scenarios. Our formal security analysis uses the learning with errors (LWE) assumption and our theoretical analysis and experimental simulations show comparable efficiency and low storage overhead.

Yu Chen,Manuel Charlemagne,Zhi Guan,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1755688.1755699

2010-01-01

Abstract:ABSTRACTMost traditional public key cryptosystems are constructed upon algebraically rich structures, which makes their key pairs combinable, i.e., the combination of some private keys and their corresponding public keys could form a new key pair. Exploring such combinable property, this paper proposes a novel Identity-Based Encryption (IBE) scheme based on the Diffie-Hellman Integrated Encryption Scheme (DHIES) with quadratic key combination structure from bilinear maps. The new scheme has a number of advantages over other IBE schemes. First, it uses DHIES to fulfill encryption, thus naturally obtains the security against adaptive chosen ciphertext attack from DHIES. Second, it is interoperable with existing security systems based on DHIES. Third, compared to many pairing-based IBE schemes, it only requires pairing computation during public key generation and there is no need for special hash function. We prove that our scheme is selective identity chosen ciphertext secure in the random oracle model assuming DHIES is chosen ciphertext secure. Additionally, the extract algorithm of our scheme also implies an identity-based short signature scheme.

Jiaxin Pan,Benedikt Wagner

DOI: https://doi.org/10.1007/978-3-030-81293-5_19

2021-01-01

Abstract:We construct a short and adaptively secure identity-based signature scheme tightly based on the well-known Short Integer Solution (SIS) assumption. Although identity-based signature schemes can be tightly constructed from either standard signature schemes against adaptive corruptions in the multi-user setting or a two-level hierarchical identity-based encryption scheme, neither of them is known with short signature size and tight security based on the SIS assumption. Here “short” means the signature size is independent of the message length, which is in contrast to the tree-based (tight) signatures.Our approach consists of two steps: Firstly, we give two generic transformations (one with random oracles and the other without) from non-adaptively secure identity-based signature schemes to adaptively secure ones tightly. Our idea extends the similar transformation for digital signature schemes. Secondly, we construct a non-adaptively secure identity-based signature scheme based on the SIS assumption in the random oracle model.

Renjie Jin,Longjiang Qu,Rongmao Chen,Zhichao Yang,Yi Wang

DOI: https://doi.org/10.1016/j.ins.2023.120083

IF: 8.1

2024-01-05

Information Sciences

Abstract:The Internet of Things (IoT) is gaining popularity as it can effectively connect the real world with the Internet. However, security and privacy issues are widely considered the major obstructions to its widespread adoption. Hence, various cryptographic tools (e.g., encryption and signature schemes) have been proposed to build secure and authenticated channels for data communication in IoT. In this work, we investigate the well-known encryption scheme called identity-based encryption (IBE) for IoT-oriented applications. In particular, we are mainly interested in forward-secure IBE (fs-IBE) which could still protect the data transferred in the past when the current secret key stored in the IoT device is stolen. To this end, we propose an fs-IBE scheme which, as far as we know, is the first construction of fs-IBE that can resist quantum attacks. Our scheme is based on the lattice-based hardness assumption namely Learning with Error (LWE), which is widely adopted for designing other quantum-resistant cryptographic schemes. At the core of our design is the minimal cover mechanism in the context of binary tree and we rigorously prove the security of our scheme in the forward-secure, selective ID, chosen-plaintext attack (CPA) model. Besides the post-quantum security, our scheme enjoys comparatively compact ciphertext and secret key, and thus it is suitable for bandwidth-limited IoT communication.

computer science, information systems

Hong Zhao,Yan-yan Han,Shuhan Yu,Kaili Dou

DOI: https://doi.org/10.1117/12.2685750

2023-08-15

Abstract:The certificateless cryptography solves the certificate management and key escrow problems in the Internet of Things. However, these schemes are no longer safe in the quantum environment. Lattice cryptography has become the main method to solve quantum security. At present, only a few lattice-based certificateless signature schemes have been proposed and the use of the trapdoor function limits the efficiency of the lattice cryptography, and the security of these schemes can only reach existential unforgeability. We construct a lattice-based certificateless signature scheme based on Lyubashevsky's signature scheme. The security of our scheme can reach strong unforgeability and the computational efficiency of our scheme is lower than the previous schemes.

Computer Science,Engineering

Xiao Zhang,Faguo Wu,Wang Yao,Wenhua Wang,Zhiming Zheng

DOI: https://doi.org/10.32604/cmc.2020.08008

2020-01-01

Abstract:Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Congge Xie,Jian Weng,Dehua Zhou

DOI: https://doi.org/10.1016/j.ins.2022.02.027

IF: 8.1

2022-05-01

Information Sciences

Abstract:Fully homomorphic signature schemes in identity-based settings can provide authenticity, homomorphism, and non-repudiation as do traditional digital signatures, while simplifying the public key infrastructure (PKI) requirements, in which each user in the system can use his or her identity as a public key. As identity-based systems (IBS) have a natural link between unique identity information and the user, allowing user revocation is usually more difficult in IBS than in PKI settings. Although several revocable identity-based fully homomorphic signature (RIBFHS) schemes have been proposed, these schemes are vulnerable to signing key exposure. With this study, we are the first to consider a realistic threat signing key exposure in RIBFHS systems. In addition, we introduce a new security definition of RIBFHS with signing key exposure resistance. Then, we employ Agrawal’s left–right lattices and delegation technology in fixed dimensions to construct a new RIBFHS scheme over the lattice with regularly broadcasted update keys, which not only resists signing key exposure, but also meets scalability and context hiding properties. Finally, we prove that our construction is existentially unforgeable against chosen message attacks under the standard short integer solution (SIS) assumption in the random oracle model.

computer science, information systems