On the Security of a Novel Probabilistic Signature Based on Bilinear Square Diffie-Hellman Problem and Its Extension

Probabilistic signature scheme has been widely used in modern electronic commerce since it could provide integrity, authenticity, and nonrepudiation. Recently, Wu and Lin proposed a novel probabilistic signature (PS) scheme using the bilinear square Diffie-Hellman (BSDH) problem. They also extended it to a universal designated verifier signature (UDVS) scheme. In this paper, we analyze the security of Wu et al.’s PS scheme and UDVS scheme. Through concrete attacks, we demonstrate both of their schemes are not unforgeable. The security analysis shows that their schemes are not suitable for practical applications

An Efficient Certificate-Based Designated Verifier Signature Scheme

Certificate-based public key cryptography not only solves certificate revocation problem in traditional PKI but also overcomes key escrow problem inherent in identity-based cryptosystems. This new primitive has become an attractive cryptographic paradigm. In this paper, we propose the notion and the security model of certificate-based designated verifier signatures (CBDVS). We provide the first construction of CBDVS and prove that our scheme is existentially unforgeable against adaptive chosen message attacks in the random oracle model. Our scheme only needs two pairing operations, and the signature is only one element in the bilinear group G1. To the best of our knowledge, our scheme enjoys shortest signature length with less operation cost

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

Strong designated verifier signature (generally abbreviated to SDVS) allows signers to obtain absolute control over who can verify the signature, while only the designated verifier other than anyone else can verify the validity of a SDVS without being able to transfer the conviction. Certificateless PKC has unique advantages comparing with certificate-based cryptosystems and identity-based PKC, without suffering from key escrow. Motivated by these attractive features, we propose a novel efficient CL-SDVS scheme without bilinear pairings or map-to-point hash operations. The proposed scheme achieves all the required security properties including EUF-CMA, non-transferability, strongness and non-delegatability. We also estimate the computational and communication efficiency. The comparison shows that our scheme outperforms all the previous CL-(S)DVS schemes. Furthermore, the crucial security properties of the CL-SDVS scheme are formally proved based on the intractability of SCDH and ECDL assumptions in random oracle model

APEX2S: A Two-Layer Machine Learning Model for Discovery of host-pathogen protein-protein Interactions on Cloud-based Multiomics Data

Presented by the avalanche of biological interactions data, computational biology is now facing greater challenges on big data analysis and solicits more studies to mine and integrate cloud-based multiomics data, especially when the data are related to infectious diseases. Meanwhile, machine learning techniques have recently succeeded in different computational biology tasks. In this article, we have calibrated the focus for host-pathogen protein-protein interactions study, aiming to apply the machine learning techniques for learning the interactions data and making predictions. A comprehensive and practical workflow to harness different cloud-based multiomics data is discussed. In particular, a novel two-layer machine learning model, namely APEX2S, is proposed for discovery of the protein-protein interactions data. The results show that our model can better learn and predict from the accumulated host-pathogen protein-protein interactions

Aggregatable Certificateless Designated Verifier Signature

In recent years, the Internet of Things (IoT) devices have become increasingly deployed in many industries and generated a large amount of data that needs to be processed in a timely and efficient manner. Using aggregate signatures, it provides a secure and efficient way to handle large numbers of digital signatures with the same message. Recently, the privacy issue has been concerned about the topic of data sharing on the cloud. To provide the integrity, authenticity, authority, and privacy on the data sharing in the cloud storage, the notion of an aggregatable certificateless designated verifier signature scheme (ACLDVS) was proposed. ACLDVS also is a perfect tool to enable efficient privacy-preserving authentication systems for IoT and or the vehicular ad hoc networks (VANET). Our concrete scheme was proved to be secured underling of the Computational Diffie-Hellman assumption. Compared to other related schemes, our scheme is efficient, and the signature size is considerably short

Further discussions on the security of a nominative signature scheme

A nominative signature scheme allows a nominator (or signer) and a nominee (or veri¯er) to jointly generate and publish a signature in such a way that only the nominee can verify the signature and if nec- essary, only the nominee can prove to a third party that the signature is valid. In a recent work, Huang and Wang proposed a new nominative signature scheme which, in addition to the above properties, only allows the nominee to convert a nominative signature to a publicly veri¯able one. In ACISP 2005, Susilo and Mu presented several algorithms and claimed that these algorithms can be used by the nominator to verify the validity of a published nominative signature, show to a third party that the signature is valid, and also convert the signature to a publicly veri¯able one, all without any help from the nominee. In this paper, we point out that Susilo and Mu\u27s attacks are actually incomplete and in- accurate. In particular, we show that there exists no e±cient algorithm for a nominator to check the validity of a signature if this signature is generated by the nominator and the nominee honestly and the Decisional Di±e-Hellman Problem is hard. On the other hand, we point out that the Huang-Wang scheme is indeed insecure, since there is an attack that allows the nominator to generate valid nominative signatures alone and prove the validity of such signatures to a third party

Bounded CCA2-Secure Non-Malleable Encryption

Under an adaptive chosen ciphertext attack (CCA2), the security of an encryption scheme must hold against adversaries that have access to a decryption oracle. We consider a weakening of CCA2 security, wherein security need only hold against adversaries making an a-priori bounded number of queries to the decryption oracle. Concerning this notion, which we call bounded-CCA2 security, we show the following two results. (1) Bounded-CCA2 secure non-malleable encryption schemes exist if and only if semantically-secure (IND-CPA-secure) encryption schemes exist.(As far as we know, bounded-CCA2 non-malleability is the strongest notion of security known to be satisfiable assuming only the existence of semantically-secure encryption schemes.) (2) In contrast to CCA2 security, bounded-CCA2 security alone does not imply non-malleability. In particular, if there exists an encryption scheme that is bounded-CCA2 secure, then there exists another encryption scheme which remains bounded-CCA2 secure, but is malleable under a simple chosen-plaintext attack

Universally Convertible Directed Signatures

Many variants of Chaum and van Antwerpen's undeniable signatures have been proposed to achieve specific properties desired in real-world applications of cryptography. Among them, directed signatures were introduced by Lim and Lee in 1993. Directed signatures differ from the well-known confirmer signatures in that the signer has the simultaneous abilities to confirm, deny and individually convert a signature. The universal conversion of these signatures has remained an open problem since their introduction in 1993. This paper provides a positive answer to this quest by showing a very efficient design for universally convertible directed signatures (UCDS) both in terms of computational complexity and signature size. Our construction relies on the so-called xyz-trick applicable to bilinear map groups. We define proper security notions for UCDS schemes and show that our construction is secure, in the random oracle model, under computational assumptions close to the CDH and DDH assumptions. Finally, we introduce and realize traceable universally convertible directed signatures where a master tracing key allows to link signatures to their direction

Construction of universal designated-verifier signatures and identity-based signatures from standard signatures

We give a generic construction for universal designated-verifier signature schemes from a large class, C, of signature schemes. The resulting schemes are efficient and have two important properties. Firstly, they are provably DV-unforgeable, non-transferable and also non-delegatable. Secondly, the signer and the designated verifier can independently choose their cryptographic settings. We also propose a generic construction for identity-based signature schemes from any signature scheme in C and prove that the construction is secure against adaptive chosen message and identity attacks. We discuss possible extensions of our constructions to universal multi-designated-verifier signatures, hierarchical identity-based signatures, identity-based universal designated verifier signatures, and identity-based ring signatures from any signature in C