Informatica (lithuanian Academy of Sciences), 2022
Due to the popularity of mobile communication, many computing devices are exposed to remote envir... more Due to the popularity of mobile communication, many computing devices are exposed to remote environments without physical protection so that these devices easily suffer from leakage attacks (e.g., side-channel attacks). Under such leakage attacks, when a computing device performs some cryptographic algorithm, an adversary may acquire partial bits of secret keys participated in this cryptographic algorithm. To resist leakage attacks, researchers offer leakage-resilient cryptography as a solution. A signcryption scheme combines signing and encrypting processes to simultaneously provide both authentication and confidentiality, which is an important cryptographic primitive. Indeed, many leakage-resilient signcryption schemes under various public key system (PKS) settings were proposed. Unfortunately, these schemes still have two shortcomings, namely, bounded leakage resilience and conditionally continuous leakage resilience. In this paper, a "fully" continuous leakage-resilient certificate-based signcryption (FCLR-CBSC) scheme is proposed. Security analysis is formally proved to show that our scheme possesses both authentication and confidentiality against two types of adversaries in the certificate-based PKS setting. Performance analysis and simulation experience show that our scheme is suited to run on both a PC and a mobile device.
Abstract. Recently, Park and Lim (1998) proposed two key distribution systems for secure VSAT sat... more Abstract. Recently, Park and Lim (1998) proposed two key distribution systems for secure VSAT satellite communications. One provides indirect authentication, and another scheme enables that two parties can directly authenticate each other. However, this article will show that the proposed schemes are insecure enough by presenting two impersonation attacks on them. Besides, an im-proved scheme will be proposed, which is secure against the impersonation attack and provides direct mutual authentication between two parties. Key words: satellite communication, key distribution, cryptanalysis. 1.
Abstract—A partially blind signature is a variant of the blind signature. The partially blind sig... more Abstract—A partially blind signature is a variant of the blind signature. The partially blind signature scheme allows a signer to sign a partially blind message that explicitly includes the pre-agreed information. In 2005, Chow et al. first proposed an ID-based partially blind signature scheme with bilinear pairings. ID-based public key systems with bilinear pairings defined on elliptic curves offer a flexible approach to achieve both simplifying the certificate management and reducing the computational cost. However, their scheme is time-consuming for requesters (or clients) with mobile devices. In 2007, Hu and Huang proposed an efficient ID-based partially blind signature scheme based on bilinear pairings. They claimed that the proposed scheme is provably secure under the random oracle model. However, this paper shows that the Hu-Huang scheme suffers from forgery attacks. Index Terms—Security, Partially blind signature, Bilinear pairings, Identity-based.
By its very nature, a non-authenticated multi-party key agreement protocol cannot provide partici... more By its very nature, a non-authenticated multi-party key agreement protocol cannot provide participant and message authentication, so it must rely on an authenticated network channel. This paper presents the inability of two famous multi-party key agreement protocols to withstand malicious participant attacks, even though their protocols are based on the authenticated network channel. This attack involves a malicious participant disrupting the multi-party key agreement among honest participants. In this case, other honest participants do not correctly agree on a common key. Obviously, the malicious participant cannot obtain the common key either, and the communication confidentiality among participants is not breached. However, in some emergency situations or applications, a multi-party key agreement protocol design that is resistant to malicious participants is useful. Therefore, in this paper, a non-authenticated multi-party key agreement protocol resistant to malicious participant...
International Journal of Innovative Computing Information and Control, 2012
Global mobility networks provide effective global roaming services for personal communication use... more Global mobility networks provide effective global roaming services for personal communication users. Through the universal roaming technology, legitimate mobile users can enjoy the ubiquitous services. Mutual authentication and key agreement between mobile users and roaming servers is the primary security issue of many commercial mobile networks. For personal privacy, it becomes an important issue to develop a mutual authentication and key agreement scheme with anonymity for roaming services in global mobility networks to protect user’s identity. Recently, many schemes concerned with this issue have been proposed. However, most of those schemes have been demonstrated that may have several security weaknesses and do not achieve user anonymity. In this paper, we propose a novel and efficient mutual authentication and key agreement scheme with user anonymity for roaming services in the global mobility network. Under the random oracle model, we show that our scheme can withstand known a...
partially blind signature is a variant of the blind signature. The partially blind signature sche... more partially blind signature is a variant of the blind signature. The partially blind signature scheme allows a signer to sign a partially blind message that explicitly includes the pre-agreed information. In 2005, Chow et al. first proposed an ID-based partially blind signature scheme with bilinear pairings. ID-based public key systems with bilinear pairings defined on elliptic curves offer a flexible approach to achieve both simplifying the certificate management and reducing the computational cost. However, their scheme is time-consuming for requesters (or clients) with mobile devices. In 2007, Hu and Huang proposed an efficient ID-based partially blind signature scheme based on bilinear pairings. They claimed that the proposed scheme is provably secure under the random oracle model. However, this paper shows that the Hu-Huang scheme suffers from forgery attacks.
In a smart city, there are different types of entities, such as nature persons, IoT devices, and ... more In a smart city, there are different types of entities, such as nature persons, IoT devices, and service providers, which have different computational limitations and storage limitations. Unfortunately, all of the existing authentication and key exchange (AKE) protocols are designed for either client–server or client–client authentication, including the ones designed for smart cities. In this paper, we present the idea of a compatible authentication and key exchange (CAKE) protocol which provides cross-species authentication. We propose the first CAKE protocol for a smart city that any two valid entities can authenticate with each other and create a secure session key without the help of any third party, while there is also no password table and no public key issuing problem. The entity can be a natural person having biometrics, an IoT device embedded with a physical unclonable function (PUF), or a service provider. Moreover, we extend the CAKE protocol to an anonymous CAKE (ACAKE) ...
International Journal of Innovative Computing Information and Control, 2012
For a digital signature scheme, loss of private keys will cause a devastating effect on e-commerc... more For a digital signature scheme, loss of private keys will cause a devastating effect on e-commerce and Internet-based transaction applications in the present network environment. Key-insulated public-key system is introduced to reduce damage caused by private key exposure. Over the last few years, identity (ID)-based key-insulated cryptography using bilinear pairings has received much attention from cryptographic researchers. In this paper, we propose a new and efficient ID-based key-insulated signature scheme with batch verifications. As compared with the recently proposed ID-based key-insulated signature schemes, our scheme has the best performance for batch verifications. For security analysis, we demonstrate that the proposed scheme is a provably secure IDbased key-insulated signature in the random oracle model and under the computational Diffie-Hellman assumption. Meanwhile, to demonstrate the additional advantage of our ID-based key-insulated signature scheme, we present a nov...
In 1999, Liaw proposed a new broadcasting cryptosystem, which requires smaller bandwidth as compa... more In 1999, Liaw proposed a new broadcasting cryptosystem, which requires smaller bandwidth as compared to the previously proposed broadcasting cryptosystems. However, this article will show that the proposed system is insecure enough by presenting a conspiracy attack on it. We will also point out some ambiguous problems in Liaw's paper. Moreover, we propose an improved broadcasting cryptosystem, which is a slight modification of the proposed system to overcome the conspiracy attack.
2017 International Conference on Applied System Innovation (ICASI), 2017
Recently, numerous leakage-resilient cryptographic schemes have been proposed to resist side-chan... more Recently, numerous leakage-resilient cryptographic schemes have been proposed to resist side-channel attacks which adopt several properties resulting from practical implementations of cryptographic protocols/schemes to leak partial information of secret (or private) keys. Certificateless public key cryptography solves both certificate management problem in conventional public key cryptography and the key escrow problem in ID-based public key cryptography. However, there is little work on studying the design of certificateless cryptographic schemes resisting to side-channel attacks. In the article, the first leakage-resilient certificateless signature (LR-CLS) scheme is proposed. In the generic bilinear group model, the proposed scheme is demonstrated to possess existential unforgeability against adaptive chosen-message attacks under the continual leakage model for both Type I and Type II adversaries.
Certificateless public-key system (CL-PKS) is a significant public-key cryptography and it solves... more Certificateless public-key system (CL-PKS) is a significant public-key cryptography and it solves both the key escrow and certificate management problems. Outsourced revocable certificateless public-key system (OR-CL-PKS) with a cloud revocation server (CRS) not only provides a revocation mechanism, but also further outsources the revocation functionality to the CRS to reduce the computational burden of the key generation center (KGC). Recently, side-channel attacks have threatened some existing conventional cryptography (including CL-PKS). Indeed, adversaries can apply side-channel attacks to derive fractional constituents of private (or secret) keys to damage the security of these cryptographic protocols (or schemes). To withstand such attacks, leakage-resilient cryptography is an attractive approach. However, little research concerns with leakage-resilient certificateless cryptography. In this paper, the first leakage-resilient outsourced revocable certificateless signature (LR-ORCLS) scheme is presented. The proposed scheme allows adversaries to continually derive fractional constituents of private (or secret) keys and possesses overall unbounded leakage property. In the generic bilinear group (GBG) model, our scheme is shown to be existential unforgeable against adversaries. Finally, the comparisons between the proposed scheme and the previous revocable certificateless signature schemes are provided to demonstrate the merits of the proposed scheme.
Wireless sensor networks (WSNs) have gained much attention due to large number of applications. T... more Wireless sensor networks (WSNs) have gained much attention due to large number of applications. The WSN systems are usually deployed in hostile environments where they encountered a wide variety of malicious attacks. In order to protect the transmitted messages between any two adjacent sensor nodes, a mutual authentication and key exchange protocol is required for wireless sensor networks. Because some nature restrictions of sensor nodes which include low power, less storage space, low computation ability and short communication range, most existing protocols attempt to establish a pairwise key between any two adjacent sensor nodes by adopting a key pre-distribution approach. However, this approach has some inherent drawbacks. With rapid growth of cryptographic techniques, recent results show that Elliptic Curve Cryptography (ECC) is suitable for resource-limited WSNs. In this paper, we propose a scalable ID-based pairwise key establishment protocol that allows a sensor node can est...
Signcryption scheme can efficiently perform encryption and signing procedures in a single step to... more Signcryption scheme can efficiently perform encryption and signing procedures in a single step to obtain message confidentiality and non-reputation properties. As compared to the traditional public key system, identity (ID)-based public key system (IDPKS) can simplify the management of required certificates. However, how to revoke these compromised or misbehaving identities in the IDPKS becomes a critical problem. Recently, Tseng and Tsai proposed a novel construction in the IDPKS with revocation mechanism called revocable ID-based public key system (R-IDPKS). In this paper, we follow their R-IDPKS to propose an important cryptographic primitive ”signcryption”. Security analysis is made to demonstrate that the proposed scheme is provably secure and provides confidentiality and unforgeability.
An authenticated group key exchange (AGKE) protocol allows participants to construct a common key... more An authenticated group key exchange (AGKE) protocol allows participants to construct a common key and provide secure group communications in cooperative and distributed applications. Recently, Choi et al. proposed an identity (ID)-based authenticated group key exchange (IDAGKE) protocol from bilinear pairings. However, their protocol suffered from an insider colluding attack because it didn't realize the security issue of withstanding insider attacks. Withstanding insider attacks mean that it can detect whether malicious participants exist in the group key exchange protocol. Nevertheless, an AGKE protocol resistant to insider attacks is still unable to find "who are malicious participants". In this paper, we propose an ID-based AGKE protocol with identifying malicious participants. In our protocol, we use a confirmed computation property to achieve identifying malicious participants. Certainly, it is also secure against insider attacks. In the random oracle model and under related mathematical hard problems, we prove that the proposed protocol a secure AGKE protocol with identifying malicious participants.
Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typica... more Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typically, in traditional cryptography, private/secret keys are assumed to be completely hidden to adversaries. However, by side-channel attacks, an adversary may extract fractional content of these private/secret keys. To resist side-channel attacks, leakage-resilient cryptography is a countermeasure. Identity-based public-key system (ID-PKS) is an attractive public-key setting. ID-PKS settings not only discard the certificate requirement, but also remove the construction of the public-key infrastructure. For solving the user revocation problem in ID-PKS settings, revocable ID-PKS (RID-PKS) setting has attracted significant attention. Numerous cryptographic schemes based on RID-PKS settings have been proposed. However, under RID-PKS settings, no leakage-resilient signature or encryption scheme is proposed. In this article, we present the first leakage-resilient revocable ID-based signature (LR-RIBS) scheme with cloud revocation authority (CRA) under the continual leakage model. Also, a new adversary model of LR-RIBS schemes with CRA is defined. Under this new adversary model, security analysis is made to demonstrate that our LR-RIBS scheme with CRA is provably secure in the generic bilinear group (GBG) model. Finally, performance analysis is made to demonstrate that our scheme is suitable for mobile devices.
In the past, the security notions of cryptography were modeled under the assumption that private ... more In the past, the security notions of cryptography were modeled under the assumption that private (or secret) keys are completely hidden to adversaries. Nowadays, these security notions could be insufficient due to a new kind of threat, called "side-channel attacks", by which an adversary obtains partial information of private (or secret) keys via employing specific properties resulting from physical implementations of cryptographic schemes. In order to resist such side-channel attacks, numerous leakage-resilient cryptographic schemes have been proposed. However, there is little work on studying leakage-resilient certificateless cryptographic schemes. In this article, we propose the first leakage-resilient certificateless signature (LR-CLS) scheme under the continual leakage model. In the generic bilinear group model, we demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks for both Type I and Type II adversaries. Finally, performance analysis is made to demonstrate that the proposed LR-CLS scheme is suitable for resource-constrained devices.
Certificateless signatures (CLS) are noticeable because they may resolve the key escrow problem i... more Certificateless signatures (CLS) are noticeable because they may resolve the key escrow problem in ID-based signatures and break away the management problem regarding certificate in conventional signatures. However, the security of the mostly previous CLS schemes relies on the difficulty of solving discrete logarithm or large integer factorization problems. These two problems would be solved by quantum computers in the future so that the signature schemes based on them will also become insecure. For post-quantum cryptography, lattice-based cryptography is significant due to its efficiency and security. However, no study on addressing the revocation problem in the existing lattice-based CLS schemes is presented. In this paper, we focus on the revocation issue and present the first revocable CLS (RCLS) scheme over lattices. Based on the short integer solution (SIS) assumption over lattices, the proposed lattice-based RCLS scheme is shown to be existential unforgeability against adaptive chosen message attacks. By performance analysis and comparisons, the proposed lattice-based RCLS scheme is better than the previously proposed lattice-based CLS scheme, in terms of private key size, signature length and the revocation mechanism.
Informatica (lithuanian Academy of Sciences), 2022
Due to the popularity of mobile communication, many computing devices are exposed to remote envir... more Due to the popularity of mobile communication, many computing devices are exposed to remote environments without physical protection so that these devices easily suffer from leakage attacks (e.g., side-channel attacks). Under such leakage attacks, when a computing device performs some cryptographic algorithm, an adversary may acquire partial bits of secret keys participated in this cryptographic algorithm. To resist leakage attacks, researchers offer leakage-resilient cryptography as a solution. A signcryption scheme combines signing and encrypting processes to simultaneously provide both authentication and confidentiality, which is an important cryptographic primitive. Indeed, many leakage-resilient signcryption schemes under various public key system (PKS) settings were proposed. Unfortunately, these schemes still have two shortcomings, namely, bounded leakage resilience and conditionally continuous leakage resilience. In this paper, a "fully" continuous leakage-resilient certificate-based signcryption (FCLR-CBSC) scheme is proposed. Security analysis is formally proved to show that our scheme possesses both authentication and confidentiality against two types of adversaries in the certificate-based PKS setting. Performance analysis and simulation experience show that our scheme is suited to run on both a PC and a mobile device.
Abstract. Recently, Park and Lim (1998) proposed two key distribution systems for secure VSAT sat... more Abstract. Recently, Park and Lim (1998) proposed two key distribution systems for secure VSAT satellite communications. One provides indirect authentication, and another scheme enables that two parties can directly authenticate each other. However, this article will show that the proposed schemes are insecure enough by presenting two impersonation attacks on them. Besides, an im-proved scheme will be proposed, which is secure against the impersonation attack and provides direct mutual authentication between two parties. Key words: satellite communication, key distribution, cryptanalysis. 1.
Abstract—A partially blind signature is a variant of the blind signature. The partially blind sig... more Abstract—A partially blind signature is a variant of the blind signature. The partially blind signature scheme allows a signer to sign a partially blind message that explicitly includes the pre-agreed information. In 2005, Chow et al. first proposed an ID-based partially blind signature scheme with bilinear pairings. ID-based public key systems with bilinear pairings defined on elliptic curves offer a flexible approach to achieve both simplifying the certificate management and reducing the computational cost. However, their scheme is time-consuming for requesters (or clients) with mobile devices. In 2007, Hu and Huang proposed an efficient ID-based partially blind signature scheme based on bilinear pairings. They claimed that the proposed scheme is provably secure under the random oracle model. However, this paper shows that the Hu-Huang scheme suffers from forgery attacks. Index Terms—Security, Partially blind signature, Bilinear pairings, Identity-based.
By its very nature, a non-authenticated multi-party key agreement protocol cannot provide partici... more By its very nature, a non-authenticated multi-party key agreement protocol cannot provide participant and message authentication, so it must rely on an authenticated network channel. This paper presents the inability of two famous multi-party key agreement protocols to withstand malicious participant attacks, even though their protocols are based on the authenticated network channel. This attack involves a malicious participant disrupting the multi-party key agreement among honest participants. In this case, other honest participants do not correctly agree on a common key. Obviously, the malicious participant cannot obtain the common key either, and the communication confidentiality among participants is not breached. However, in some emergency situations or applications, a multi-party key agreement protocol design that is resistant to malicious participants is useful. Therefore, in this paper, a non-authenticated multi-party key agreement protocol resistant to malicious participant...
International Journal of Innovative Computing Information and Control, 2012
Global mobility networks provide effective global roaming services for personal communication use... more Global mobility networks provide effective global roaming services for personal communication users. Through the universal roaming technology, legitimate mobile users can enjoy the ubiquitous services. Mutual authentication and key agreement between mobile users and roaming servers is the primary security issue of many commercial mobile networks. For personal privacy, it becomes an important issue to develop a mutual authentication and key agreement scheme with anonymity for roaming services in global mobility networks to protect user’s identity. Recently, many schemes concerned with this issue have been proposed. However, most of those schemes have been demonstrated that may have several security weaknesses and do not achieve user anonymity. In this paper, we propose a novel and efficient mutual authentication and key agreement scheme with user anonymity for roaming services in the global mobility network. Under the random oracle model, we show that our scheme can withstand known a...
partially blind signature is a variant of the blind signature. The partially blind signature sche... more partially blind signature is a variant of the blind signature. The partially blind signature scheme allows a signer to sign a partially blind message that explicitly includes the pre-agreed information. In 2005, Chow et al. first proposed an ID-based partially blind signature scheme with bilinear pairings. ID-based public key systems with bilinear pairings defined on elliptic curves offer a flexible approach to achieve both simplifying the certificate management and reducing the computational cost. However, their scheme is time-consuming for requesters (or clients) with mobile devices. In 2007, Hu and Huang proposed an efficient ID-based partially blind signature scheme based on bilinear pairings. They claimed that the proposed scheme is provably secure under the random oracle model. However, this paper shows that the Hu-Huang scheme suffers from forgery attacks.
In a smart city, there are different types of entities, such as nature persons, IoT devices, and ... more In a smart city, there are different types of entities, such as nature persons, IoT devices, and service providers, which have different computational limitations and storage limitations. Unfortunately, all of the existing authentication and key exchange (AKE) protocols are designed for either client–server or client–client authentication, including the ones designed for smart cities. In this paper, we present the idea of a compatible authentication and key exchange (CAKE) protocol which provides cross-species authentication. We propose the first CAKE protocol for a smart city that any two valid entities can authenticate with each other and create a secure session key without the help of any third party, while there is also no password table and no public key issuing problem. The entity can be a natural person having biometrics, an IoT device embedded with a physical unclonable function (PUF), or a service provider. Moreover, we extend the CAKE protocol to an anonymous CAKE (ACAKE) ...
International Journal of Innovative Computing Information and Control, 2012
For a digital signature scheme, loss of private keys will cause a devastating effect on e-commerc... more For a digital signature scheme, loss of private keys will cause a devastating effect on e-commerce and Internet-based transaction applications in the present network environment. Key-insulated public-key system is introduced to reduce damage caused by private key exposure. Over the last few years, identity (ID)-based key-insulated cryptography using bilinear pairings has received much attention from cryptographic researchers. In this paper, we propose a new and efficient ID-based key-insulated signature scheme with batch verifications. As compared with the recently proposed ID-based key-insulated signature schemes, our scheme has the best performance for batch verifications. For security analysis, we demonstrate that the proposed scheme is a provably secure IDbased key-insulated signature in the random oracle model and under the computational Diffie-Hellman assumption. Meanwhile, to demonstrate the additional advantage of our ID-based key-insulated signature scheme, we present a nov...
In 1999, Liaw proposed a new broadcasting cryptosystem, which requires smaller bandwidth as compa... more In 1999, Liaw proposed a new broadcasting cryptosystem, which requires smaller bandwidth as compared to the previously proposed broadcasting cryptosystems. However, this article will show that the proposed system is insecure enough by presenting a conspiracy attack on it. We will also point out some ambiguous problems in Liaw's paper. Moreover, we propose an improved broadcasting cryptosystem, which is a slight modification of the proposed system to overcome the conspiracy attack.
2017 International Conference on Applied System Innovation (ICASI), 2017
Recently, numerous leakage-resilient cryptographic schemes have been proposed to resist side-chan... more Recently, numerous leakage-resilient cryptographic schemes have been proposed to resist side-channel attacks which adopt several properties resulting from practical implementations of cryptographic protocols/schemes to leak partial information of secret (or private) keys. Certificateless public key cryptography solves both certificate management problem in conventional public key cryptography and the key escrow problem in ID-based public key cryptography. However, there is little work on studying the design of certificateless cryptographic schemes resisting to side-channel attacks. In the article, the first leakage-resilient certificateless signature (LR-CLS) scheme is proposed. In the generic bilinear group model, the proposed scheme is demonstrated to possess existential unforgeability against adaptive chosen-message attacks under the continual leakage model for both Type I and Type II adversaries.
Certificateless public-key system (CL-PKS) is a significant public-key cryptography and it solves... more Certificateless public-key system (CL-PKS) is a significant public-key cryptography and it solves both the key escrow and certificate management problems. Outsourced revocable certificateless public-key system (OR-CL-PKS) with a cloud revocation server (CRS) not only provides a revocation mechanism, but also further outsources the revocation functionality to the CRS to reduce the computational burden of the key generation center (KGC). Recently, side-channel attacks have threatened some existing conventional cryptography (including CL-PKS). Indeed, adversaries can apply side-channel attacks to derive fractional constituents of private (or secret) keys to damage the security of these cryptographic protocols (or schemes). To withstand such attacks, leakage-resilient cryptography is an attractive approach. However, little research concerns with leakage-resilient certificateless cryptography. In this paper, the first leakage-resilient outsourced revocable certificateless signature (LR-ORCLS) scheme is presented. The proposed scheme allows adversaries to continually derive fractional constituents of private (or secret) keys and possesses overall unbounded leakage property. In the generic bilinear group (GBG) model, our scheme is shown to be existential unforgeable against adversaries. Finally, the comparisons between the proposed scheme and the previous revocable certificateless signature schemes are provided to demonstrate the merits of the proposed scheme.
Wireless sensor networks (WSNs) have gained much attention due to large number of applications. T... more Wireless sensor networks (WSNs) have gained much attention due to large number of applications. The WSN systems are usually deployed in hostile environments where they encountered a wide variety of malicious attacks. In order to protect the transmitted messages between any two adjacent sensor nodes, a mutual authentication and key exchange protocol is required for wireless sensor networks. Because some nature restrictions of sensor nodes which include low power, less storage space, low computation ability and short communication range, most existing protocols attempt to establish a pairwise key between any two adjacent sensor nodes by adopting a key pre-distribution approach. However, this approach has some inherent drawbacks. With rapid growth of cryptographic techniques, recent results show that Elliptic Curve Cryptography (ECC) is suitable for resource-limited WSNs. In this paper, we propose a scalable ID-based pairwise key establishment protocol that allows a sensor node can est...
Signcryption scheme can efficiently perform encryption and signing procedures in a single step to... more Signcryption scheme can efficiently perform encryption and signing procedures in a single step to obtain message confidentiality and non-reputation properties. As compared to the traditional public key system, identity (ID)-based public key system (IDPKS) can simplify the management of required certificates. However, how to revoke these compromised or misbehaving identities in the IDPKS becomes a critical problem. Recently, Tseng and Tsai proposed a novel construction in the IDPKS with revocation mechanism called revocable ID-based public key system (R-IDPKS). In this paper, we follow their R-IDPKS to propose an important cryptographic primitive ”signcryption”. Security analysis is made to demonstrate that the proposed scheme is provably secure and provides confidentiality and unforgeability.
An authenticated group key exchange (AGKE) protocol allows participants to construct a common key... more An authenticated group key exchange (AGKE) protocol allows participants to construct a common key and provide secure group communications in cooperative and distributed applications. Recently, Choi et al. proposed an identity (ID)-based authenticated group key exchange (IDAGKE) protocol from bilinear pairings. However, their protocol suffered from an insider colluding attack because it didn't realize the security issue of withstanding insider attacks. Withstanding insider attacks mean that it can detect whether malicious participants exist in the group key exchange protocol. Nevertheless, an AGKE protocol resistant to insider attacks is still unable to find "who are malicious participants". In this paper, we propose an ID-based AGKE protocol with identifying malicious participants. In our protocol, we use a confirmed computation property to achieve identifying malicious participants. Certainly, it is also secure against insider attacks. In the random oracle model and under related mathematical hard problems, we prove that the proposed protocol a secure AGKE protocol with identifying malicious participants.
Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typica... more Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typically, in traditional cryptography, private/secret keys are assumed to be completely hidden to adversaries. However, by side-channel attacks, an adversary may extract fractional content of these private/secret keys. To resist side-channel attacks, leakage-resilient cryptography is a countermeasure. Identity-based public-key system (ID-PKS) is an attractive public-key setting. ID-PKS settings not only discard the certificate requirement, but also remove the construction of the public-key infrastructure. For solving the user revocation problem in ID-PKS settings, revocable ID-PKS (RID-PKS) setting has attracted significant attention. Numerous cryptographic schemes based on RID-PKS settings have been proposed. However, under RID-PKS settings, no leakage-resilient signature or encryption scheme is proposed. In this article, we present the first leakage-resilient revocable ID-based signature (LR-RIBS) scheme with cloud revocation authority (CRA) under the continual leakage model. Also, a new adversary model of LR-RIBS schemes with CRA is defined. Under this new adversary model, security analysis is made to demonstrate that our LR-RIBS scheme with CRA is provably secure in the generic bilinear group (GBG) model. Finally, performance analysis is made to demonstrate that our scheme is suitable for mobile devices.
In the past, the security notions of cryptography were modeled under the assumption that private ... more In the past, the security notions of cryptography were modeled under the assumption that private (or secret) keys are completely hidden to adversaries. Nowadays, these security notions could be insufficient due to a new kind of threat, called "side-channel attacks", by which an adversary obtains partial information of private (or secret) keys via employing specific properties resulting from physical implementations of cryptographic schemes. In order to resist such side-channel attacks, numerous leakage-resilient cryptographic schemes have been proposed. However, there is little work on studying leakage-resilient certificateless cryptographic schemes. In this article, we propose the first leakage-resilient certificateless signature (LR-CLS) scheme under the continual leakage model. In the generic bilinear group model, we demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks for both Type I and Type II adversaries. Finally, performance analysis is made to demonstrate that the proposed LR-CLS scheme is suitable for resource-constrained devices.
Certificateless signatures (CLS) are noticeable because they may resolve the key escrow problem i... more Certificateless signatures (CLS) are noticeable because they may resolve the key escrow problem in ID-based signatures and break away the management problem regarding certificate in conventional signatures. However, the security of the mostly previous CLS schemes relies on the difficulty of solving discrete logarithm or large integer factorization problems. These two problems would be solved by quantum computers in the future so that the signature schemes based on them will also become insecure. For post-quantum cryptography, lattice-based cryptography is significant due to its efficiency and security. However, no study on addressing the revocation problem in the existing lattice-based CLS schemes is presented. In this paper, we focus on the revocation issue and present the first revocable CLS (RCLS) scheme over lattices. Based on the short integer solution (SIS) assumption over lattices, the proposed lattice-based RCLS scheme is shown to be existential unforgeability against adaptive chosen message attacks. By performance analysis and comparisons, the proposed lattice-based RCLS scheme is better than the previously proposed lattice-based CLS scheme, in terms of private key size, signature length and the revocation mechanism.
Uploads
Papers by Yuh-Min Tseng