Fast and Proven Secure Blind Identity-Based Signcryption from Pairings

We present the first blind identity-based signcryption (BIBSC). We formulate its security model and define the security notions of blindness and parallel one-more unforgeability (p1m-uf). We present an efficient construction from pairings, then prove a security theorem that reduces its p1m-uf to Schnorr¡¦s ROS Problem in the random oracle model plus the generic group and pairing model. The latter model is an extension of the generic group model to add support for pairings, which we introduce in this paper. In the process, we also introduce a new security model for (non-blind) identity-based signcryption (IBSC) which is a strengthening of Boyen¡¦s. We construct the first IBSC scheme proven secure in the strenghened model which is also the fastest (resp. shortest) IBSC in this model or Boyen¡¦s model. The shortcomings of several existing IBSC schemes in the strenghened model are shown

Identity based cryptography from pairings.

Yuen Tsz Hon.Thesis (M.Phil.)--Chinese University of Hong Kong, 2006.Includes bibliographical references (leaves 109-122).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiList of Notations --- p.viiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Identity Based Cryptography --- p.3Chapter 1.2 --- Hierarchical Identity Based Cryptosystem --- p.4Chapter 1.3 --- Our contributions --- p.5Chapter 1.4 --- Publications --- p.5Chapter 1.4.1 --- Publications Produced from This Thesis --- p.5Chapter 1.4.2 --- Publications During Author's Study in the Degree --- p.6Chapter 1.5 --- Thesis Organization --- p.6Chapter 2 --- Background --- p.8Chapter 2.1 --- Complexity Theory --- p.8Chapter 2.1.1 --- Order Notation --- p.8Chapter 2.1.2 --- Algorithms and Protocols --- p.9Chapter 2.1.3 --- Relations and Languages --- p.11Chapter 2.2 --- Algebra and Number Theory --- p.12Chapter 2.2.1 --- Groups --- p.12Chapter 2.2.2 --- Elliptic Curve --- p.13Chapter 2.2.3 --- Pairings --- p.14Chapter 2.3 --- Intractability Assumptions --- p.15Chapter 2.4 --- Cryptographic Primitives --- p.18Chapter 2.4.1 --- Public Key Encryption --- p.18Chapter 2.4.2 --- Digital Signature --- p.19Chapter 2.4.3 --- Zero Knowledge --- p.21Chapter 2.5 --- Hash Functions --- p.23Chapter 2.6 --- Random Oracle Model --- p.24Chapter 3 --- Literature Review --- p.26Chapter 3.1 --- Identity Based Signatures --- p.26Chapter 3.2 --- Identity Based Encryption --- p.27Chapter 3.3 --- Identity Based Signcryption --- p.27Chapter 3.4 --- Identity Based Blind Signatures --- p.28Chapter 3.5 --- Identity Based Group Signatures --- p.28Chapter 3.6 --- Hierarchical Identity Based Cryptography --- p.29Chapter 4 --- Blind Identity Based Signcryption --- p.30Chapter 4.1 --- Schnorr's ROS problem --- p.31Chapter 4.2 --- BIBSC and Enhanced IBSC Security Model --- p.32Chapter 4.2.1 --- Enhanced IBSC Security Model --- p.33Chapter 4.2.2 --- BIBSC Security Model --- p.36Chapter 4.3 --- Efficient and Secure BIBSC and IBSC Schemes --- p.38Chapter 4.3.1 --- Efficient and Secure IBSC Scheme --- p.38Chapter 4.3.2 --- The First BIBSC Scheme --- p.43Chapter 4.4 --- Generic Group and Pairing Model --- p.47Chapter 4.5 --- Comparisons --- p.52Chapter 4.5.1 --- Comment for IND-B --- p.52Chapter 4.5.2 --- Comment for IND-C --- p.54Chapter 4.5.3 --- Comment for EU --- p.55Chapter 4.6 --- Additional Functionality of Our Scheme --- p.56Chapter 4.6.1 --- TA Compatibility --- p.56Chapter 4.6.2 --- Forward Secrecy --- p.57Chapter 4.7 --- Chapter Conclusion --- p.57Chapter 5 --- Identity Based Group Signatures --- p.59Chapter 5.1 --- New Intractability Assumption --- p.61Chapter 5.2 --- Security Model --- p.62Chapter 5.2.1 --- Syntax --- p.63Chapter 5.2.2 --- Security Notions --- p.64Chapter 5.3 --- Constructions --- p.68Chapter 5.3.1 --- Generic Construction --- p.68Chapter 5.3.2 --- An Instantiation: IBGS-SDH --- p.69Chapter 5.4 --- Security Theorems --- p.73Chapter 5.5 --- Discussions --- p.81Chapter 5.5.1 --- Other Instantiations --- p.81Chapter 5.5.2 --- Short Ring Signatures --- p.82Chapter 5.6 --- Chapter Conclusion --- p.82Chapter 6 --- Hierarchical IBS without Random Oracles --- p.83Chapter 6.1 --- New Intractability Assumption --- p.87Chapter 6.2 --- Security Model: HIBS and HIBSC --- p.89Chapter 6.2.1 --- HIBS Security Model --- p.89Chapter 6.2.2 --- Hierarchical Identity Based Signcryption (HIBSC) --- p.92Chapter 6.3 --- Efficient Instantiation of HIBS --- p.95Chapter 6.3.1 --- Security Analysis --- p.96Chapter 6.3.2 --- Ordinary Signature from HIBS --- p.101Chapter 6.4 --- Plausibility Arguments for the Intractability of the OrcYW Assumption --- p.102Chapter 6.5 --- Efficient HIBSC without Random Oracles --- p.103Chapter 6.5.1 --- Generic Composition from HIBE and HIBS --- p.104Chapter 6.5.2 --- Concrete Instantiation --- p.105Chapter 6.6 --- Chapter Conclusion --- p.107Chapter 7 --- Conclusion --- p.108Bibliography --- p.10

Analysis and Improvement of Authenticatable Ring Signcryption Scheme

Ring signcryption is an anonymous signcryption which allows a user to anonymously signcrypt a message on behalf of a set of users including himself. In an ordinary ring signcryption scheme, even if a user of the ring generates a signcryption, he also cannot prove that the signcryption was produced by himself. In 2008, Zhang, Yang, Zhu, and Zhang solve the problem by introducing an identity-based authenticatable ring signcryption scheme (denoted as the ZYZZ scheme). In the ZYZZ scheme, the actual signcrypter can prove that the ciphertext is generated by himself, and the others cannot authenticate it. However, in this paper, we show that the ZYZZ scheme is not secure against chosen plaintext attacks. Furthermore, we propose an improved scheme that remedies the weakness of the ZYZZ scheme. The improved scheme has shorter ciphertext size than the ZYZZ scheme. We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability

An Efficient and Provably Secure ID-Based Threshold Signcryption Scheme

Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes[12],[26] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes

Constant-Size Hierarchical Identity-Based Signature/Signcryption without Random Oracles

We construct the first constant-size hierarchical identity-based signature (HIBS) without random oracles - the signature size is $O(\lambda_s)$ bits, where $\lambda_s$ is the security parameter, and it is independent of the number of levels in the hierarchy. We observe that an efficient hierarchical identity-based signcryption (HIBSC) scheme without random oracles can be compositioned from our HIBS and Boneh, Boyen, and Goh\u27s hierarchical identity-based encryption (HIBE). We further optimize it to a constant-factor efficiency improvement. This is the first constant-size HIBSC without random oracles

A Universally Verifiable Blind Signcryption Scheme with Message Recovery

The proposed scheme provides universal verifiability to the blind-signcryptext with full message recovery at the end of the intended receiver. Based on a three entity model, the signcryptor, the requester and the receiver, the scheme also provides traceability and non-repudiation along with unforgeability of the parameters

Research on security and privacy in vehicular ad hoc networks

Los sistemas de redes ad hoc vehiculares (VANET) tienen como objetivo proporcionar una plataforma para diversas aplicaciones que pueden mejorar la seguridad vial, la eficiencia del tráfico, la asistencia a la conducción, la regulación del transporte, etc. o que pueden proveer de una mejor información y entretenimiento a los usuarios de los vehículos. Actualmente se está llevando a cabo un gran esfuerzo industrial y de investigación para desarrollar un mercado que se estima alcance en un futuro varios miles de millones de euros. Mientras que los enormes beneficios que se esperan de las comunicaciones vehiculares y el gran número de vehículos son los puntos fuertes de las VANET, su principal debilidad es la vulnerabilidad a los ataques contra la seguridad y la privacidad.En esta tesis proponemos cuatro protocolos para conseguir comunicaciones seguras entre vehículos. En nuestra primera propuesta empleamos a todas las unidades en carretera (RSU) para mantener y gestionar un grupo en tiempo real dentro de su rango de comunicación. Los vehículos que entren al grupo de forma anónima pueden emitir mensajes vehículo a vehículo (V2V) que inmediatamente pueden ser verificados por los vehículos del mismo grupo (y grupos de vecinos). Sin embargo, en la primera fase del despliegue de este sistema las RSU pueden no estar bien distribuídas. Consecuentemente, se propone un conjunto de mecanismos para hacer frente a la seguridad, privacidad y los requisitos de gestión de una VANET a gran escala sin la suposición de que las RSU estén densamente distribuidas. La tercera propuesta se centra principalmente en la compresión de las evidencias criptográficas que nos permitirán demostrar, por ejemplo, quien era el culpable en caso de accidente. Por último, investigamos los requisitos de seguridad de los sistemas basados en localización (LBS) sobre VANETs y proponemos un nuevo esquema para la preservación de la privacidad de la localización en estos sistemas sobre dichas redes.Vehicular ad hoc network (VANET) systems aim at providing a platform for various applications that can improve traffic safety and efficiency, driver assistance, transportation regulation, infotainment, etc. There is substantial research and industrial effort to develop this market. It is estimated that the market for vehicular communications will reach several billion euros. While the tremendous benefits expected from vehicular communications and the huge number of vehicles are strong points of VANETs, their weakness is vulnerability to attacks against security and privacy.In this thesis, we propose four protocols for secure vehicle communications. In our first proposal, we employ each road-side unit (RSU) to maintain and manage an on-the-fly group within its communication range. Vehicles entering the group can anonymously broadcast vehicle-to-vehicle (V2V) messages, which can be instantly verified by the vehicles in the same group (and neighbor groups). However, at the early stage of VANET deployment, the RSUs may not be well distributed. We then propose a set of mechanisms to address the security, privacy, and management requirements of a large-scale VANET without the assumption of densely distributed RSUs. The third proposal is mainly focused on compressing cryptographic witnesses in VANETs. Finally, we investigate the security requirements of LBS in VANETs and propose a new privacy-preserving LBS scheme for those networks

Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata

Proxy Blind Signature using Hyperelliptic Curve Cryptography

Blind signature is the concept to ensure anonymity of e-coins. Untracebility and unlinkability are two main properties of real coins and should also be mimicked electronically. A user has to fulll above two properties of blind signature for permission to spend an e-coin. During the last few years, asymmetric cryptosystems based on curve based cryptographiy have become very popular, especially for embedded applications. Elliptic curves(EC) are a special case of hyperelliptic curves (HEC). HEC operand size is only a fraction of the EC operand size. HEC cryptography needs a group order of size at least 2160. In particular, for a curve of genus two eld Fq with p 280 is needeed. Therefore, the eld arithmetic has to be performed using 80-bit long operands. Which is much better than the RSA using 1024 bit key length. The hyperelliptic curve is best suited for the resource constraint environments. It uses lesser key and provides more secure transmisstion of data

On the (in)security of ROS

We present an algorithm solving the ROS (Random inhomogeneities in a Overdetermined Solvable system of linear equations) problem in polynomial time for l > log p dimensions. Our algorithm can be combined with Wagner’s attack, and leads to a sub-exponential solution for any dimension l with best complexity known so far. When concurrent executions are allowed, our algorithm leads to practical attacks against unforgeability of blind signature schemes such as Schnorr and Okamoto--Schnorr blind signatures, threshold signatures such as GJKR and the original version of FROST, multisignatures such as CoSI and the two-round version of MuSig, partially blind signatures such as Abe-Okamoto, and conditional blind signatures such as ZGP17. Schemes for e-cash (such as Brands\u27 signature) and anonymous credentials (such as Anonymous Credentials Light) inspired from the above are also affected