Fully Distributed Proxy Signature Schemes

In a proxy signature scheme, a potential signer delegates his signing capability to a proxy entity, who signs a message on behalf of the original signer. All the proposals of proxy signature schemes made until now have been based on Schnorr\u27s signature scheme. Threshold versions of these schemes have also been proposed, in which the power of the proxy signer is distributed among a group of players, in such a way that any subset with a minimum number (threshold) of players can sign a message on behalf of the original signer. We consider a model that is fully distributed, because we want to distribute not only the power of the proxy signer, but also the original signer ability to delegate his signing capability. Furthermore, we consider general structures, instead of only the threshold ones, for both the tolerated subsets of dishonest players and the subsets of honest players authorized to execute a valid instance of the protocol, and in both the original and the proxy signer entities. We find sufficient combinatorial conditions that these structures must satisfy in order to design a fully distributed, secure and robust proxy signature scheme for this general scenario. We propose such a scheme for this setting. It is also based on Schnorr\u27s signature scheme

Security Analysis of Some Proxy Signature

A proxy signature scheme allows an entity to delegate his/her signing capability to another entity in such a way that the latter can sign messages on behalf of the former. Such schemes have been suggested for use in a number of applications, particularly in distributed computing where delegation of rights is quite common. Followed by the rst schemes introduced by Mambo, Usuda and Okamoto in 1996, a number of new schemes and improvements have been proposed. In this paper, we present a security analysis of four such schemes newly proposed in [15, 16]. By successfully identifying several interesting forgery attacks, we show that all the four schemes are insecure. Consequently, the fully distributed proxy scheme in [11] is also insecure since it is based on the (insecure) LKK scheme [14, 15]. In addition, we point out the reasons why the security proofs provided in [15] are invalid

Proxy Signature Scheme with Effective Revocation Using Bilinear Pairings

We present a proxy signature scheme using bilinear pairings that provides effective proxy revocation. The scheme uses a binding-blinding technique to avoid secure channel requirements in the key issuance stage. With this technique, the signer receives a partial private key from a trusted authority and unblinds it to get his private key, in turn, overcomes the key escrow problem which is a constraint in most of the pairing-based proxy signature schemes. The scheme fulfills the necessary security requirements of proxy signature and resists other possible threats

On Using Encryption Techniques to Enhance Sticky Policies Enforcement

How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE

A Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare

Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee’s private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme