Certificateless Signature Scheme Based on Rabin Algorithm and Discrete Logarithm

Certificateless signature can effectively immue the key escrow problem in the identity-based signature scheme. But the security of the most certificateless signatures usually depends on only one mathematical hard problem, which makes the signature vulnerable when the underlying hard problem has been broken. In order to strengthen the security, in this paper, a certificateless signature whose security depends on two mathematical hard problems, discrete logarithm and factoring problems, is proposed. Then, the proposed certificateless signature can be proved secure in the random oracle, and only both of the two mathematical hard problems are solved, can the proposed signature be broken. As a consequence, the proposed certificateless signature is more secure than the previous signatures. On the other hand, with the pre-computation of the exponential modular computation, it will save more time in the signature signing phase. And compared with the other schemes of this kind, the proposed scheme is more efficient

On the security of pairing-free certificateless digital signature schemes using ECC

AbstractI cryptanalyze the pairing-free digital signature scheme of Islam et al. which is proven secure against “adaptive chosen message attacks”. I introduce this type of forgery to analyze their scheme. Furthermore, I comment on general security issues that should be considered when making improvements on their scheme. My security analysis is also applicable to other digital signatures designed in a similar manner

On the Security of a Certificateless Strong Designated Verifier Signature Scheme

Recently, Chen et al. proposed the first non-delegatable certificateless strong designated verifier signature scheme and claimed that their scheme achieves all security requirements. However, in this paper, we disprove their claim and present a concrete attack which shows that their proposed scheme is forgeable. More precisely, we show that there exist adversaries who are able to forge any signer\u27s signature for any designated verifier on any message of his choice

Analysis and improvement of a certificateless proxy blind signature

通过对葛荣亮等人提出的无证书代理盲签名方案进行分析,从中发现该方案会引起公钥替换攻击和恶意但是被动的kgC攻击。为了解决此方案的安全性缺陷,提出了一种改进方案。分析表明,改进的新方案满足无证书代理盲签名方案的所有安全性要求,并且拥有与原方案相同的计算效率。Through the cryptanalysis of a certificateless proxy blind signature scheme proposed by Ge Rong-liang,it find that this scheme can cause the public replacement attack and malicious-but-passive KGC attack.To avoid these attacks,this paper proposed a new improved scheme.Analysis result shows that the new improved shceme satisfies the requirements of proxy blind signature scheme and has the same computational efficiency compared with the original scheme.国家自然科学基金资助项目(11261060); 福建省自然科学基金资助项目(2012J01022); 新疆研究生科研创新资助项目(XJGRI2013130

Cryptanalysis of an online/offline certificateless signature scheme for Internet of Health Things

Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM

Insecurity of a Certificate-free Ad Hoc Anonymous Authentication

Abstract The ring signature scheme is a simplified group signature scheme for no manager while preserving unconditionally anonymous of the signer. Certificateless cryptography is introduced for eliminating the use of certificates in Public Key Infrastructure and solving the key-escrow problem in ID-based cryptogratography. Recently, Qin et al. proposed the first RSA-based certificateless ring signature scheme which was proved unforgeable in random oracle model. In this paper, we demonstrated that this scheme was not secure against the Type I adversary

Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks

Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. They claimed that their scheme was provably secure against existential forgery on adaptively chosen message attack in the random oracle model. In this paper, we show that their scheme is insecure against a malicious-but-passive KGC under existing security model. Further, we propose an improved certificateless aggregate signature

Certificateless Proxy Signature from RSA

Although some good results were achieved in speeding up the computation of pairing function in recent years, it is still interesting to design efficient cryptosystems with less bilinear pairing operation. A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer within a given context. We propose a certificateless proxy signature (CLPS) scheme from RSA and prove its security under the strongest security model where the Type I/II adversary is a super Type I/II adversary

Cryptanalysis of a certificateless aggregate signature scheme

Recently, Nie et al. proposed a certificateless aggregate signature scheme. In the standard security model considered in certificateless cryptography, we are dealing with two types of adversaries. In this paper, we show that Nie et al.\u27s scheme is insecure against the adversary of the first type. In other words, although they claimed that their proposed scheme is existentially unforgeable against adaptive chosen message attack considering the adversaries in certificateless settings, we prove that such a forgery can be done

Efficient identity based signcryption scheme and solution of key-escrow problem

In cryptography for sending any information from sender to receiver, we have to ensure about the three types of security policies i.e. integrity, confidentiality and authentication. For confidentiality purpose, encryption-decryption technique is used and for authentication purpose digital signature is used, so to ensure this three properties, first sender encrypt the message and then sign the message. Same process done at the receiver end that means first message is decrypted then verified, so it's two step process that increases the communication as well as computation cost. But in many real life applications where more speed and less cost is required like e-commerce applications, we can't use signature then encryption technique, so signcryption is the cryptographic primitives that provides signature as well as encryption at the same time on a single step. First signcryption scheme is proposed by Yullian Zheng in 1997, Since then many signcryption scheme is proposed based on elliptic discrete logarithm problem (ECDLP) , Bilinear pairing, Identity Based and certificateless environment. Many of the Signcryption scheme used Random Oracle Model for their security proofs and few are based on standard model