On the security of a certicateless signature scheme in the standard model

Most of certificateless signature schemes without random oracles can not resist key replacement attack. To overcome this security weakness, Yu et al. recently propose a new certificateless signature scheme and claimed that their scheme is provably secure in the standard model. However, in this paper, we show their scheme is still insecure against key replacement attack where an adversary who replaces the public key of a signer can forge valid signatures on any messages for that signer without knowing the signer\u27s partial secret key. Moreover, we show Yu et al.\u27s certificateless signature scheme is vulnerable to ``malicious-but-passive\u27\u27 KGC attack where a malicious KGC can forge valid signatures by embedding extra trapdoors in the system parameter

Cryptanalysis and improvement of an efficient certificateless signature scheme

In traditional digital signature schemes, certificates signed by a trusted party are required to ensure the authenticity of the public key. In Asiacrypt 2003, the concept of certificateless signature scheme was introduced. The advantage of certificate-less public key cryptography successfully eliminates the necessity of certificates in the traditional public key cryptography and simultaneously solves the inherent key escrow problem suffered in identity-based cryptography. Recently, Yap et al. proposed an efficient certificateless signature scheme and claimed that their scheme is existentially unforgeable in the random oracle model. In this paper, we show that the certificateless signature scheme proposed by Yap et al. is insecure against public key replacement attacks. Furthermore, we propose an improved certificateless signature scheme, which is existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model and provide the security proof of the proposed scheme

Cryptanalysis on two certificates signature schemes

Certificateless cryptography has attracted a lot of attention from the research community, due to its applicability in information security. In this paper, we analyze two recently proposed certificateless signature schemes and point out their security flaws. In particular, we demonstrate universal forgeries against these schemes with known message attack

Certificateless Public Auditing Protocol with Constant

To provide the integrity of outsourced data in the cloud storage services, many public auditing schemes which allow a user to check the integrity of the outsourced data have been proposed. Since most of the schemes are constructed on Public Key Infrastructure (PKI), they suffer from several concerns like management of certificates. To resolve the problems, certificateless public auditing schemes also have been studied in recent years. In this paper, we propose a certificateless public auditing scheme which has the constant-time verification algorithm. Therefore, our scheme is more efficient than previous certificateless public auditing schemes. To prove the security of our certificateless public auditing scheme, we first define three formal security models and prove the security of our scheme under the three security models

Certificateless Signature Scheme Based on Rabin Algorithm and Discrete Logarithm

Certificateless signature can effectively immue the key escrow problem in the identity-based signature scheme. But the security of the most certificateless signatures usually depends on only one mathematical hard problem, which makes the signature vulnerable when the underlying hard problem has been broken. In order to strengthen the security, in this paper, a certificateless signature whose security depends on two mathematical hard problems, discrete logarithm and factoring problems, is proposed. Then, the proposed certificateless signature can be proved secure in the random oracle, and only both of the two mathematical hard problems are solved, can the proposed signature be broken. As a consequence, the proposed certificateless signature is more secure than the previous signatures. On the other hand, with the pre-computation of the exponential modular computation, it will save more time in the signature signing phase. And compared with the other schemes of this kind, the proposed scheme is more efficient

RSA authentication mechanisms in control grid computing environment using Gridsim toolkit

There are security concerns when our sensitive data is placed in the third party infrastructure such as in the Grid Computing environment. As such, it is difficult to be assured that our data is in the safe hands.Thus, authentication has become the most critical factor pertaining to this.There are several approaches has been discussed in the grid computing environment on the safeguard, scalable and efficient authentication that are either Virtual Organization centric or Resource centric.Most of the grid computing uses public key infrastructure (PKI) to secure the identification, but the vulnerability are still cannot be avoid. In order to satisfy the security need of grid computing environment, we design an alternative authentication mechanism using RSA algorithm to ensure the user identification, and carry out the experiment in the Gridsim toolkit simulator

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

Strong designated verifier signature (generally abbreviated to SDVS) allows signers to obtain absolute control over who can verify the signature, while only the designated verifier other than anyone else can verify the validity of a SDVS without being able to transfer the conviction. Certificateless PKC has unique advantages comparing with certificate-based cryptosystems and identity-based PKC, without suffering from key escrow. Motivated by these attractive features, we propose a novel efficient CL-SDVS scheme without bilinear pairings or map-to-point hash operations. The proposed scheme achieves all the required security properties including EUF-CMA, non-transferability, strongness and non-delegatability. We also estimate the computational and communication efficiency. The comparison shows that our scheme outperforms all the previous CL-(S)DVS schemes. Furthermore, the crucial security properties of the CL-SDVS scheme are formally proved based on the intractability of SCDH and ECDL assumptions in random oracle model