The zheng-seberry public key cryptosystem and signcryption

In 1993 Zheng-Seberry presented a public key cryptosystem that was considered efficient and secure in the sense of indistinguishability of encryptions (IND) against an adaptively chosen ciphertext adversary (CCA2). This thesis shows the Zheng-Seberry scheme is not secure as a CCA2 adversary can break the scheme in the sense of IND. In 1998 Cramer-Shoup presented a scheme that was secure against an IND-CCA2 adversary and whose proof relied only on standard assumptions. This thesis modifies this proof and applies it to a modified version of the El-Gamal scheme. This resulted in a provably secure scheme relying on the Random Oracle (RO) model, which is more efficient than the original Cramer-Shoup scheme. Although the RO model assumption is needed for security of this new El-Gamal variant, it only relies on it in a minimal way

Contributions to secret sharing and other distributed cryptosystems

The present thesis deals with primitives related to the eld of distributed cryptography. First, we study signcryption schemes, which provide at the same time the functionalities of encryption and signature, where the unsigncryption operation is distributed. We consider this primitive from a theoretical point of view and set a security framework for it. Then, we present two signcryption schemes with threshold unsigncryption, with di erent properties. Furthermore, we use their authenticity property to apply them in the development of a di erent primitive: digital signatures with distributed veri cation. The second block of the thesis deals with the primitive of multi-secret sharing schemes. After stating some e ciency limitations of multi-secret sharing schemes in an information-theoretic scenario, we present several multi-secret sharing schemes with provable computational security. Finally, we use the results in multi-secret sharing schemes to generalize the traditional framework of distributed cryptography (with a single policy of authorized subsets) into a multipolicy setting, and we present both a multi-policy distributed decryption scheme and a multi-policy distributed signature scheme. Additionally, we give a short outlook on how to apply the presented multi-secret sharing schemes in the design of other multi-policy cryptosystems, like the signcryption schemes considered in this thesis. For all the schemes proposed throughout the thesis, we follow the same formal structure. After de ning the protocols of the primitive and the corresponding security model, we propose the new scheme and formally prove its security, by showing a reduction to some computationally hard mathematical problem.Avui en dia les persones estan implicades cada dia més en diferents activitats digitals tant en la seva vida professional com en el seu temps lliure. Molts articles de paper, com diners i tiquets, estan sent reemplaçats més i més per objectes digitals. La criptografia juga un paper crucial en aquesta transformació, perquè proporciona seguretat en la comunicació entre els diferents participants que utilitzen un canal digital. Depenent de la situació específica, alguns requisits de seguretat en la comunicació poden incloure privacitat (o confidencialitat), autenticitat, integritat o no-repudi. En algunes situacions, repartir l'operació secreta entre un grup de participants fa el procés més segur i fiable que quan la informació secreta està centralitzada en un únic participant; la criptografia distribuïda és l’àrea de la criptografia que estudia aquestes situacions. Aquesta tesi tracta de primitives relacionades amb el camp de la criptografia distribuïda. Primer, estudiem esquemes “signcryption”, que ofereixen a la vegada les funcionalitats de xifrat i signatura, on l'operació de “unsigncryption” està distribuïda. Considerem aquesta primitiva des d’un punt de vista teòric i establim un marc de seguretat per ella. Llavors, presentem dos esquemes “signcryption” amb operació de “unsigncryption” determinada per una estructura llindar, cada un amb diferents propietats. A més, utilitzem la seva propietat d’autenticitat per desenvolupar una nova primitiva: signatures digitals amb verificació distribuïda. El segon bloc de la tesi tracta la primitiva dels esquemes de compartició de multi-secrets. Després de demostrar algunes limitacions en l’eficiència dels esquemes de compartició de multi-secrets en un escenari de teoria de la informació, presentem diversos esquemes de compartició de multi-secrets amb seguretat computacional demostrable. Finalment, utilitzem els resultats obtinguts en els esquemes de compartició de multi-secrets per generalitzar el paradigma tradicional de la criptografia distribuïda (amb una única política de subconjunts autoritzats) a un marc multi-política, i presentem un esquema de desxifrat distribuït amb multi-política i un esquema de signatura distribuïda amb multi-política. A més, donem indicacions de com es poden aplicar els nostres esquemes de compartició de multi-secrets en el disseny d’altres criptosistemes amb multi-política, com per exemple els esquemes “signcryption” considerats en aquesta tesi. Per tots els esquemes proposats al llarg d’aquesta tesi, seguim la mateixa estructura formal. Després de definir els protocols de la primitiva primitius i el model de seguretat corresponent, proposem el nou esquema i demostrem formalment la seva seguretat, mitjançant una reducció a algun problema matemàtic computacionalment difícil

Improvements and Generalisations of Signcryption Schemes

In this work, we study the cryptographic primitive: signcryption, which combines the functionalities of digital signatures and public-key encryption. We first propose two generic transforms from meta-ElGamal signature schemes to signcryption schemes. These constructions can be thought of as generalisations of the signcryption schemes by Zheng and Gamage et al. Our results show that a large class of signcryption schemes arc outsider IND-CCA2 secure and insider UF-CMA secure. As a by-product, we also show that the meta-EIGamal signature schemes, for which no previous formal security proofs have been shown, arc UF-CMA secure. \Ve then propose a modification of one of the transforms in order to achieve insider IXD-CCA2 security in addition to insider UF-CMA security. This modification COStS just one extra exponential operation. In particular, we can apply this modification to the Zheng signcryption scheme to make it fully insider secure. Finally, we propose a generic transform from a two-key signcryption scheme to a one-key signcryption scheme while preserving both confidentiality and unforgeability. Our result shows that if we have an insider I)JD•CCA2 and CFC1A secure two-key signcryption scheme, then it can be turned into an insider IND-CCA2 and CF•CMA secure one• key signcryption scheme. We also show that an insider IND•CCA2 and UF-CMA secure one• key signcryption scheme induces a secure combined public• key scheme; that is, a combination of a signature scheme and a public• key encryption scheme that can securely share the same key pair. Combining previous results suggests that we can obtain a large class of insider secure one-key signcryption schemes from meta-ElGamal signature schemes, and that each of them can induce a secure combined public-key scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

A Multi-Receiver ID-Based Generalized Signcryption Scheme

Generalized signcryption(GSC) can adaptively work as an encryption scheme, a signature scheme or a signcryption scheme with only one algorithm. In this paper, the formal definition and security notions of multi-receiver identity-based generalized signcryption (MID-GSC) are defined. A concrete scheme is also proposed and proved to be confidential under the Bilinear Diffie-Hellman (BDH) assumption and existential unforgeable under the Computational Diffie-Hellman(CDH) assumption in the random oracle model, which only needs one pairing computation to generalized signcrypt a single message for n receivers using the randomness re-use technique. Compared with other multi-receiver ID-based signcryption schemes, the new scheme is also of high efficiency

On the Joint Security of Encryption and Signature, Revisited

Abstract. We revisit the topic of joint security for combined public key schemes, wherein a single keypair is used for both encryption and signature primitives in a secure manner. While breaking the principle of key separation, such schemes have attractive properties and are sometimes used in practice. We give a general construction for a combined public key scheme having joint security that uses IBE as a component and that works in the standard model. We provide a more efficient direct construction, also in the standard model. We then consider the problem of how to build signcryption schemes from jointly secure combined public key schemes. We provide a construction that uses any such scheme to produce a triple of schemes – signature, encryption, and signcryption – that are jointly secure in an appropriate and strong security model.

Secure Equality Test Technique Using Identity-Based Signcryption for Telemedicine Systems

For telemedicine, wireless body area network (WBAN) offers enormous benefits where a patient can be remotely monitored without compromising the mobility of remote treatments. With the advent of high capacity and reliable wireless networks, WBANs are used in several remote monitoring systems, limiting the COVID-19 spread. The sensitivity of telemedicine applications mandates confidentiality and privacy requirements. In this article, we propose a secure WBAN-19 telemedicine system to overcome the pervasiveness of contagious deceases utilizing a novel aggregate identity-based signcryption scheme with an equality test feature. We demonstrate a security analysis regarding indistinguishable adaptive chosen-ciphertext attack (IND-CCA2), one-way security against adaptive chosen-ciphertext attack (OW-CCA2), and unforgeability against adaptive chosen-message attack (EUF-CMA) under the random oracle model. The security analysis of the scheme is followed by complexity evaluations where the computation cost and communication overhead are measured. The evaluation demonstrates that the proposed model is efficient and applicable in telemedicine systems with high-performance capacities

Identity-Concealed Authenticated Encryption and Key Exchange

Identity concealment and zero-round trip time (0-RTT) connection are two of current research focuses in the design and analysis of secure transport protocols, like TLS1.3 and Google\u27s QUIC, in the client-server setting. In this work, we introduce a new primitive for identity-concealed authenticated encryption in the public-key setting, referred to as {higncryption, which can be viewed as a novel monolithic integration of public-key encryption, digital signature, and identity concealment. We present the security definitional framework for higncryption, and a conceptually simple (yet carefully designed) protocol construction. As a new primitive, higncryption can have many applications. In this work, we focus on its applications to 0-RTT authentication, showing higncryption is well suitable to and compatible with QUIC and OPTLS, and on its applications to identity-concealed authenticated key exchange (CAKE) and unilateral CAKE (UCAKE). In particular, we make a systematic study on applying and incorporating higncryption to TLS. Of independent interest is a new concise security definitional framework for CAKE and UCAKE proposed in this work, which unifies the traditional BR and (post-ID) frameworks, enjoys composability, and ensures very strong security guarantee. Along the way, we make a systematically comparative study with related protocols and mechanisms including Zheng\u27s signcryption, one-pass HMQV, QUIC, TLS1.3 and OPTLS, most of which are widely standardized or in use

Efficient Certificateless Online/Offline Signature

Abstract Public key cryptography usually is computationally more expensive than symmetric key systems. Due to this low power or resource constrained devices cannot make use of public key cryptosystems easily. There is a need for high security in these devices since many of these devices perform complex tasks which includes interaction with third party cloud infrastructures. These cloud infrastructures are not trusted entities. Hence there is need for light weight public key cryptography which are secure against these cloud administrators. The trusted entity in certificateless schemes cannot compromise the security of the users. Online/offline have two parts, first the computationally heavy part(offline) of the cryptosystem and then the main "online" algorithm for use on resource constrained devices. The heavy computations are done in the offline phase on a more powerful device. Hence, Certificateless online/offline schemes are perfect for low power devices interacting with clouds. In this paper, we present a certificateless online/offline signature scheme. This scheme is the most efficient certificateless signature scheme in existence and also has the added advantage of being online/offline. The scheme is proven secure in the random oracle model

Types of lightweight cryptographies in current developments for resource constrained machine type communication devices: challenges and opportunities

Machine-type communication devices have become a vital part of the autonomous industrial internet of things and industry 4.0. These autonomous resource-constrained devices share sensitive data, and are primarily acquired for automation and to operate consistently in remote environments under severe conditions. The requirements to secure the sensitive data shared between these devices consist of a resilient encryption technique with affordable operational costs. Consequently, devices, data, and networks are made secure by adopting a lightweight cryptosystem that should achieve robust security with sufficient computational and communication costs and counter modern security threats. This paper offers in-depth studies on different types and techniques of hardware and software-based lightweight cryptographies for machine-type communication devices in machine-to-machine communication networks

Identity based cryptography from pairings.

Yuen Tsz Hon.Thesis (M.Phil.)--Chinese University of Hong Kong, 2006.Includes bibliographical references (leaves 109-122).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiList of Notations --- p.viiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Identity Based Cryptography --- p.3Chapter 1.2 --- Hierarchical Identity Based Cryptosystem --- p.4Chapter 1.3 --- Our contributions --- p.5Chapter 1.4 --- Publications --- p.5Chapter 1.4.1 --- Publications Produced from This Thesis --- p.5Chapter 1.4.2 --- Publications During Author's Study in the Degree --- p.6Chapter 1.5 --- Thesis Organization --- p.6Chapter 2 --- Background --- p.8Chapter 2.1 --- Complexity Theory --- p.8Chapter 2.1.1 --- Order Notation --- p.8Chapter 2.1.2 --- Algorithms and Protocols --- p.9Chapter 2.1.3 --- Relations and Languages --- p.11Chapter 2.2 --- Algebra and Number Theory --- p.12Chapter 2.2.1 --- Groups --- p.12Chapter 2.2.2 --- Elliptic Curve --- p.13Chapter 2.2.3 --- Pairings --- p.14Chapter 2.3 --- Intractability Assumptions --- p.15Chapter 2.4 --- Cryptographic Primitives --- p.18Chapter 2.4.1 --- Public Key Encryption --- p.18Chapter 2.4.2 --- Digital Signature --- p.19Chapter 2.4.3 --- Zero Knowledge --- p.21Chapter 2.5 --- Hash Functions --- p.23Chapter 2.6 --- Random Oracle Model --- p.24Chapter 3 --- Literature Review --- p.26Chapter 3.1 --- Identity Based Signatures --- p.26Chapter 3.2 --- Identity Based Encryption --- p.27Chapter 3.3 --- Identity Based Signcryption --- p.27Chapter 3.4 --- Identity Based Blind Signatures --- p.28Chapter 3.5 --- Identity Based Group Signatures --- p.28Chapter 3.6 --- Hierarchical Identity Based Cryptography --- p.29Chapter 4 --- Blind Identity Based Signcryption --- p.30Chapter 4.1 --- Schnorr's ROS problem --- p.31Chapter 4.2 --- BIBSC and Enhanced IBSC Security Model --- p.32Chapter 4.2.1 --- Enhanced IBSC Security Model --- p.33Chapter 4.2.2 --- BIBSC Security Model --- p.36Chapter 4.3 --- Efficient and Secure BIBSC and IBSC Schemes --- p.38Chapter 4.3.1 --- Efficient and Secure IBSC Scheme --- p.38Chapter 4.3.2 --- The First BIBSC Scheme --- p.43Chapter 4.4 --- Generic Group and Pairing Model --- p.47Chapter 4.5 --- Comparisons --- p.52Chapter 4.5.1 --- Comment for IND-B --- p.52Chapter 4.5.2 --- Comment for IND-C --- p.54Chapter 4.5.3 --- Comment for EU --- p.55Chapter 4.6 --- Additional Functionality of Our Scheme --- p.56Chapter 4.6.1 --- TA Compatibility --- p.56Chapter 4.6.2 --- Forward Secrecy --- p.57Chapter 4.7 --- Chapter Conclusion --- p.57Chapter 5 --- Identity Based Group Signatures --- p.59Chapter 5.1 --- New Intractability Assumption --- p.61Chapter 5.2 --- Security Model --- p.62Chapter 5.2.1 --- Syntax --- p.63Chapter 5.2.2 --- Security Notions --- p.64Chapter 5.3 --- Constructions --- p.68Chapter 5.3.1 --- Generic Construction --- p.68Chapter 5.3.2 --- An Instantiation: IBGS-SDH --- p.69Chapter 5.4 --- Security Theorems --- p.73Chapter 5.5 --- Discussions --- p.81Chapter 5.5.1 --- Other Instantiations --- p.81Chapter 5.5.2 --- Short Ring Signatures --- p.82Chapter 5.6 --- Chapter Conclusion --- p.82Chapter 6 --- Hierarchical IBS without Random Oracles --- p.83Chapter 6.1 --- New Intractability Assumption --- p.87Chapter 6.2 --- Security Model: HIBS and HIBSC --- p.89Chapter 6.2.1 --- HIBS Security Model --- p.89Chapter 6.2.2 --- Hierarchical Identity Based Signcryption (HIBSC) --- p.92Chapter 6.3 --- Efficient Instantiation of HIBS --- p.95Chapter 6.3.1 --- Security Analysis --- p.96Chapter 6.3.2 --- Ordinary Signature from HIBS --- p.101Chapter 6.4 --- Plausibility Arguments for the Intractability of the OrcYW Assumption --- p.102Chapter 6.5 --- Efficient HIBSC without Random Oracles --- p.103Chapter 6.5.1 --- Generic Composition from HIBE and HIBS --- p.104Chapter 6.5.2 --- Concrete Instantiation --- p.105Chapter 6.6 --- Chapter Conclusion --- p.107Chapter 7 --- Conclusion --- p.108Bibliography --- p.10