Development of a certificate less digital signature scheme & implementation in e-cash system

Today’s wireless communication systems having limited computational resources and communication bandwidth find certificate less public-key cryptosystems very attractive and vital to their operations in the sense that they help in reducing a significant amount of data load on the network. To eliminate the need of public key digital certificates Shamir proposed ID based cryptosystems in which the user’s identity (e.g. name or email id) is used as the public key. However this method had a major drawback of the key escrow problem as a result of which certificate less digital signature (CDS) came into light. The main idea behind CDS is that there’s a private key generator (PKG) which generates a partial private key for the user .Then using that key and some of its own private information the user computes its actual private key. PKG’s public parameters and the user’s private key together calculate the user’s public key. Harn, Ren and Lin in 2008 proposed a CDS model which consisted of four generic modules namely PKG, user key generation, signature generation and verification. In this paper, we propose an improvement of the aforesaid CDS scheme in terms of time complexity and signature length and implement the new scheme in an e-cash model proposed by Popescu and Oros. Performance analysis of both the schemes has been carried out in details

On the security of the Blockchain Bix Protocol and Certificates

The BIX protocol is a blockchain-based protocol that allows distribution of certificates linking a subject with his public key, hence providing a service similar to that of a PKI but without the need of a CA. In this paper we analyze the security of the BIX protocol in a formal way, in four steps. First, we identify formal security assumptions which are well-suited to this protocol. Second, we present some attack scenarios against the BIX protocol. Third, we provide a formal security proof that some of these attacks are not feasible under our previously established assumptions. Finally, we show how another attack may be carried on.Comment: 16 pages, 1 figur

An Elliptic Curve-based Signcryption Scheme with Forward Secrecy

An elliptic curve-based signcryption scheme is introduced in this paper that effectively combines the functionalities of digital signature and encryption, and decreases the computational costs and communication overheads in comparison with the traditional signature-then-encryption schemes. It simultaneously provides the attributes of message confidentiality, authentication, integrity, unforgeability, non-repudiation, public verifiability, and forward secrecy of message confidentiality. Since it is based on elliptic curves and can use any fast and secure symmetric algorithm for encrypting messages, it has great advantages to be used for security establishments in store-and-forward applications and when dealing with resource-constrained devices.Comment: 13 Pages, 5 Figures, 2 Table

Cryptanalysis of an Efficient Signcryption Scheme with Forward Secrecy Based on Elliptic Curve

The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Several signcryption schemes are proposed throughout the years, each of them having its own problems and limitations. In this paper, the security of a recent signcryption scheme, i.e. Hwang et al.'s scheme is analyzed, and it is proved that it involves several security flaws and shortcomings. Several devastating attacks are also introduced to the mentioned scheme whereby it fails all the desired and essential security attributes of a signcryption scheme.Comment: 5 Pages, 2 Figure

LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments

The non-repudiation as an essential requirement of many applications can be provided by the asymmetric key model. With the evolution of new applications such as mobile commerce, it is essential to provide secure and efficient solutions for the mobile environments. The traditional public key cryptography involves huge computational costs and is not so suitable for the resource-constrained platforms. The elliptic curve-based approaches as the newer solutions require certain considerations that are not taken into account in the traditional public key infrastructures. The main contribution of this paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the constrained platforms such as mobile phones. It takes advantages of elliptic curve cryptography and signcryption to decrease the computational costs and communication overheads, and adapting to the constraints. All the computational costs of required validations can be eliminated from end-entities by introduction of a validation authority to the introduced infrastructure and delegating validations to such a component. LPKI is so suitable for mobile environments and for applications such as mobile commerce where the security is the great concern.Comment: 6 Pages, 6 Figure

XML security in XML data integrity, authentication, and confidentiality

The widely application of XML has increasingly required high security. XML security confronts some challenges that are strong relating to its features. XML data integrity needs to protect element location information and contextreferential meaning as well as data content integrity under fine-grained security situations. XML data authentication must satisfy a signing process under a dependent and independent multi-signature generation scenario. When several different sections are encrypted within the XML data, it cannot query the encrypted contents without decrypting the encrypted portions. The technologies relating to XML security demand further development. This thesis aims to improve XML security relative technologies, and make them more practicable and secure. A novel revocation information validation approach for X.509 certificate is proposed based on the XML digital signature technology. This approach reduces the complexity of XKMS or PKI systems because it eliminates the requirement for additional revocation checking from XKMS or CA. The communication burden between server and client could be alleviated. The thesis presents the context-referential integrity for XML data. An integrity solution for XML data is also proposed based on the concatenated hash function. The integrity model proposed not only ensures XML data content integrity, but also protects the structure integrity and elements’ context relationship within an XML data. If this model is integrated into XML signature technology, the signature cannot be copied to another document still keeping valid. A new series-parallel XML multi-signature scheme is proposed. The presented scheme is a mixed order specified XML multi-signature scheme according to a dependent and independent signing process. Using presented XML data integrity-checking pool to provide integrity-checking for decomposed XML data, it makes signing XPath expression practicable, rather than signing XML data itself. A new labeling scheme for encrypted XML data is presented to improve the efficiency of index information maintenance which is applied to support encrypted XML data query processing. The proposed labelling scheme makes maintenance index information more efficient, and it is easy to update XML data with decreasing the number of affected nodes to the lowest. In order to protect structural information for encrypted XML data, the encrypted nodes are removed from original XML data, and structural information is hidden. A case study is carried out to demonstrate how the proposed XML security relative approaches and schemes can be applied to satisfy fine-grained XML security in calibration certificate management.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

WalnutDSA(TM): A Quantum-Resistant Digital Signature Algorithm

In 2005 I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux introduced E-Multiplication(TM), a quantum-resistant, group-theoretic, one-way function which can be used as a basis for many different cryptographic applications. This one-way function was specifically designed for constrained devices, running extremely quickly and requiring very little code. This paper introduces WalnutDSA, a new E-Multiplication-based public-key method which provides efficient verification, allowing low-power and constrained devices to quickly and inexpensively validate digital signatures (e.g., a certificate or authentication). It presents an in-depth discussion of the construction of the digital signature algorithm, analyzes the security of the scheme, provides a proof of security under EUF-CMA, and discusses the practical results from implementations on several constrained devices