In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
As an improtant cryptographic scheme, signcryption scheme has been widely used in applications since it could provide both of signature and encryption. With the development of the certificateless public key cryptograp...As an improtant cryptographic scheme, signcryption scheme has been widely used in applications since it could provide both of signature and encryption. With the development of the certificateless public key cryptography (CLPKC), many certificatelss signcryption (CLSC) schemes using bilinear pairing hve been proposed. Comparated other operations, the bilinear pairing operaion is much more compulicated. Therefore, CLSC scheme without bilinear pairing is more suitable for applications. Recently, Jing et al. proposed a CLSC scheme without bilinear pairing and claimed their scheme is secure against two types of adversaries. In this paper, we will show their scheme provide neither unforgeability property nor confidentiality property. To improve security, we also propose a new CLSC scheme without pairing and demonstrate it is provably secure in the random oracle model.展开更多
Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secu...Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.展开更多
Based on the GDH signature (short signature scheme) a probabilistic signature scheme is proposed in this paper with security proof.Then a new threshold proxy signature from bilinear pairings is proposed as well by us ...Based on the GDH signature (short signature scheme) a probabilistic signature scheme is proposed in this paper with security proof.Then a new threshold proxy signature from bilinear pairings is proposed as well by us ing the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH)group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy to solve).Our constructions are based on the recently proposed GDH signature scheme of Bonel et al.s article.Bilinear pairings could be built from Weil pairing or Tate pairing.So most our constructions would be simpler,but still with high security.The proposed threshold proxy signature is the first one which is built from bilinear pairings.At the end of this paper security and performance of the threshold proxy signature scheme is also analyzed.展开更多
Proxy signature is an active cryptographic research area, and a wide range of literatures can be found nowadays suggesting improvement and generalization of existing protocols in various directions. However, from the ...Proxy signature is an active cryptographic research area, and a wide range of literatures can be found nowadays suggesting improvement and generalization of existing protocols in various directions. However, from the efficiency view, many proposed proxy signature schemes in these literatures are not satisfying and cannot fit to the mobile communication. Therefore, there is a desire to design efficient proxy signature schemes. Based on Boneh et al's pairing-based short signature, this paper presents two proxy signature schemes. One is proxy-protected signature scheme, and the other is proxy aggregate signature scheme. Since both of them can achieve high efficiency, it is believed that they are specially suitable for mobile communication environment.展开更多
Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present ...Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.展开更多
We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the...We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme.The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme.We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.展开更多
We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems wit...We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.展开更多
Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we...Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.展开更多
Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In...Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.展开更多
Proxy signature is an important cryptographic primitive and has been suggested in numerous applications, Tne revocation oI delegated rights is an essential issue of the proxy signature schemes. In this article, a secu...Proxy signature is an important cryptographic primitive and has been suggested in numerous applications, Tne revocation oI delegated rights is an essential issue of the proxy signature schemes. In this article, a security model of proxy signature schemes with fast revocation is formalized. Under the formal security framework, a proxy signature scheme with fast revocation based on bilinear pairings is proposed. A security mediator (SEM), which is an on-line partially trusted server, is introduced to examine whether a proxy signer signs according to the warrant or he/she exists in the revocation list. Moreover, the proxy signer must cooperate with the SEM to generate a valid proxy signature, thus the proposed scheme has the property of fast revocation. The proposed scheme is provably secure based on the computational Diffie-Hellman (CDH) intractability assumption without relying on the random oracles, and satisfies all the security requirements for a secure proxy signature.展开更多
An identity-based proxy blind signature scheme from bilinear pairings isintroduced, which combines the advantages of proxy signature and blind signature. Furthermore, ourscheme can prevent the original signer from gen...An identity-based proxy blind signature scheme from bilinear pairings isintroduced, which combines the advantages of proxy signature and blind signature. Furthermore, ourscheme can prevent the original signer from generating the proxy blind signature, thus the profitsof the proxy signer are guaranteed. We introduce bilinear pairings to minimize computationaloverhead and to improve the related performance of our scheme. In addition, the proxy blindsignature presented is non-repudiable and it fulfills perfectly the security requirements of a proxyblind signature.展开更多
In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc...In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc networks is proposed.In this scheme, a sender can simultaneously signcrypt n messeges for n receivers, and a receiver can unsigncrypt the ciphertext to get his message with his own private key.An analysis of this scheme indicates that it achieves authenticity and confidentiality in the random oracle model while being of lower computation and communication overhead.Finally, for the application of our scheme in ad hoc, a threshold key updating protocol for ad hoc networks is given.展开更多
In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting and e-...In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting and e-payment. In this paper, we propose an identity-based proxy blind signature scheme which combines the advantages of proxy signature and of blind signature. Our scheme fulfills peffecdy the security requirements of a proxy blind signature. Comparing the previous scheme, our scheme needs less computational overhead and is more efficient.展开更多
In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature sche...In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.展开更多
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
基金This research was supported by the National Natural Science Foundation of China (Grant No. 61202447), Natural Science Foundation of Hebei Province of China (F2013501066), Northeastern University at Qinhuangdao Science and Technology Support Program (xnk201307).
文摘As an improtant cryptographic scheme, signcryption scheme has been widely used in applications since it could provide both of signature and encryption. With the development of the certificateless public key cryptography (CLPKC), many certificatelss signcryption (CLSC) schemes using bilinear pairing hve been proposed. Comparated other operations, the bilinear pairing operaion is much more compulicated. Therefore, CLSC scheme without bilinear pairing is more suitable for applications. Recently, Jing et al. proposed a CLSC scheme without bilinear pairing and claimed their scheme is secure against two types of adversaries. In this paper, we will show their scheme provide neither unforgeability property nor confidentiality property. To improve security, we also propose a new CLSC scheme without pairing and demonstrate it is provably secure in the random oracle model.
文摘Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap DiffieHellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.
文摘Based on the GDH signature (short signature scheme) a probabilistic signature scheme is proposed in this paper with security proof.Then a new threshold proxy signature from bilinear pairings is proposed as well by us ing the new probabilistic signature scheme and the properties of the Gap Diffie-Hellman (GDH)group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy to solve).Our constructions are based on the recently proposed GDH signature scheme of Bonel et al.s article.Bilinear pairings could be built from Weil pairing or Tate pairing.So most our constructions would be simpler,but still with high security.The proposed threshold proxy signature is the first one which is built from bilinear pairings.At the end of this paper security and performance of the threshold proxy signature scheme is also analyzed.
基金Supported by the National Natural Science Foundation of China(Grant Nos.60572155 and 60673079)the National High Technology Development Program of China(Grant No.2006AA01Z424)the National Research Fund for the Doctoral Program of Higher Education of China(Grant No.20060248008)
文摘Proxy signature is an active cryptographic research area, and a wide range of literatures can be found nowadays suggesting improvement and generalization of existing protocols in various directions. However, from the efficiency view, many proposed proxy signature schemes in these literatures are not satisfying and cannot fit to the mobile communication. Therefore, there is a desire to design efficient proxy signature schemes. Based on Boneh et al's pairing-based short signature, this paper presents two proxy signature schemes. One is proxy-protected signature scheme, and the other is proxy aggregate signature scheme. Since both of them can achieve high efficiency, it is believed that they are specially suitable for mobile communication environment.
基金Supported by the National Natural Science Foundation of China (90204012, 60573035, 60573036) and the University IT Research Center Project of Korea
文摘Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.
基金the National Natural Science Foundation of China (No. 60673075)the National High Technology Research and Development Program (863) of China (No. 2006AA01Z428)the State Key Laboratoryof Information Security,and the Youth Science and Technology Foundation of UESTC
文摘We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme.The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme.We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.
基金Supported by National Natural Science Foundation of China (No.60503006 and No.60403007) and Natural Science Foundation of Guangdong, China (No. 04205407).
文摘We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.
基金Supported by the National Natural Science Foundation of China (60473029)
文摘Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.
基金the National Natural Science Foundation of China (60573043, 60372046).
文摘Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.
基金supported by the National Natural Science Foundation of China (60673072, 60803149)the National Basic Research Program of China (2007CB311201)
文摘Proxy signature is an important cryptographic primitive and has been suggested in numerous applications, Tne revocation oI delegated rights is an essential issue of the proxy signature schemes. In this article, a security model of proxy signature schemes with fast revocation is formalized. Under the formal security framework, a proxy signature scheme with fast revocation based on bilinear pairings is proposed. A security mediator (SEM), which is an on-line partially trusted server, is introduced to examine whether a proxy signer signs according to the warrant or he/she exists in the revocation list. Moreover, the proxy signer must cooperate with the SEM to generate a valid proxy signature, thus the proposed scheme has the property of fast revocation. The proposed scheme is provably secure based on the computational Diffie-Hellman (CDH) intractability assumption without relying on the random oracles, and satisfies all the security requirements for a secure proxy signature.
文摘An identity-based proxy blind signature scheme from bilinear pairings isintroduced, which combines the advantages of proxy signature and blind signature. Furthermore, ourscheme can prevent the original signer from generating the proxy blind signature, thus the profitsof the proxy signer are guaranteed. We introduce bilinear pairings to minimize computationaloverhead and to improve the related performance of our scheme. In addition, the proxy blindsignature presented is non-repudiable and it fulfills perfectly the security requirements of a proxyblind signature.
文摘In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc networks is proposed.In this scheme, a sender can simultaneously signcrypt n messeges for n receivers, and a receiver can unsigncrypt the ciphertext to get his message with his own private key.An analysis of this scheme indicates that it achieves authenticity and confidentiality in the random oracle model while being of lower computation and communication overhead.Finally, for the application of our scheme in ad hoc, a threshold key updating protocol for ad hoc networks is given.
基金Supported by the Major Research Plan of the National Natural Science Foundation of China(90604023), the National Natural Science Foundation of China (60373059) and the National Research Foundation for the Doctoral Program of Higher Education of China(20040013007)
文摘In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting and e-payment. In this paper, we propose an identity-based proxy blind signature scheme which combines the advantages of proxy signature and of blind signature. Our scheme fulfills peffecdy the security requirements of a proxy blind signature. Comparing the previous scheme, our scheme needs less computational overhead and is more efficient.
基金Supported by the National Natural Science Foundation of China (No. 60573032, 60773092, 90604036, 60873229, 60903178, 60672072, 60832003)Zhejiang Provincial Natural Science Foundation of China (No. Y106505)
文摘In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.
