Cryptanalysis on two certificates signature schemes

Certificateless cryptography has attracted a lot of attention from the research community, due to its applicability in information security. In this paper, we analyze two recently proposed certificateless signature schemes and point out their security flaws. In particular, we demonstrate universal forgeries against these schemes with known message attack

Cryptanalysis on Two Certificateless Signature Schemes

Certificateless cryptography has attracted a lot of attention from the research community, due to its applicability in information security. In this paper, we analyze two recently proposed certificateless signature schemes and point out their security flaws. In particular, we demonstrate universal forgeries against these schemes with known message attacks

An Efficient Certificate-Based Designated Verifier Signature Scheme

Certificate-based public key cryptography not only solves certificate revocation problem in traditional PKI but also overcomes key escrow problem inherent in identity-based cryptosystems. This new primitive has become an attractive cryptographic paradigm. In this paper, we propose the notion and the security model of certificate-based designated verifier signatures (CBDVS). We provide the first construction of CBDVS and prove that our scheme is existentially unforgeable against adaptive chosen message attacks in the random oracle model. Our scheme only needs two pairing operations, and the signature is only one element in the bilinear group G1. To the best of our knowledge, our scheme enjoys shortest signature length with less operation cost

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

Strong designated verifier signature (generally abbreviated to SDVS) allows signers to obtain absolute control over who can verify the signature, while only the designated verifier other than anyone else can verify the validity of a SDVS without being able to transfer the conviction. Certificateless PKC has unique advantages comparing with certificate-based cryptosystems and identity-based PKC, without suffering from key escrow. Motivated by these attractive features, we propose a novel efficient CL-SDVS scheme without bilinear pairings or map-to-point hash operations. The proposed scheme achieves all the required security properties including EUF-CMA, non-transferability, strongness and non-delegatability. We also estimate the computational and communication efficiency. The comparison shows that our scheme outperforms all the previous CL-(S)DVS schemes. Furthermore, the crucial security properties of the CL-SDVS scheme are formally proved based on the intractability of SCDH and ECDL assumptions in random oracle model

Certificateless Signatures: Structural Extensions of Security Models and New Provably Secure Schemes

Certificateless signatures (CLSs) were introduced to solve the key escrow problem of identity-based signatures. In CLS, the full private key is determined by neither the user nor the trusted third party. However, a certificate of a public key is not required in CLS schemes; therefore, anyone can replace the public key. On the formal security, there are two types of adversaries where the Type I adversary acts as the outsider, and the Type II as the key generation center. Huang et al. took a few security issues into consideration and provided some security models. They showed three kinds of Type I adversaries with different security levels. Moreover, Tso et al. found the existence of another Type I adversary that was not discussed by Huang et al.; however, the adversaries are still too subtle to be presently defined. In this paper, we further consider public key replacement and strong unforgeability in certificateless signatures. All feasible situations are revisited along with abilities of adversaries. Additionally, structural extensions of security models are proposed with respect to the described public key replacement and strong unforgeability. Moreover, we also present some schemes, analyze their security against different adversaries, and describe our research results. Finally, one of the proposed certificateless short signature schemes is proven to achieve the strongest security level

On security of a Certificateless Aggregate Signature Scheme

Aggregate signatures are useful in special areas where the signatures on many different messages generated by many different users need to be compressed. Recently, Xiong et al. proposed a certificateless aggregate signature scheme provably secure in the random oracle model under the Computational Diffie-Hellman assumption. Unfortunately, by giving concrete attacks, we indicate that Xiong et al. aggregate signature scheme does not meet the basic requirement of unforgeability

多人数署名の証明可能安全性に関する研究

筑波大学 (University of Tsukuba)201

PFCBAS: pairing free and provable certificate-based aggregate signature scheme for the e-healthcare monitoring system

Recently, one of the most popular technologies of the modern era, the Internet of Things, allows the deployment and usage of various real-time test beds in various smart applications. One such application is the e-healthcare, in which patients' healthcare related data are transmitted to the nearest base station and then to a local or remote server as per the requirements. The data related to patients' health are sensitive and need special protection, therefore, the integrity and authentication of the sources of data generation are paramount concerns. However, several authentication or signature schemes that have been introduced in the past for this purpose are ID-based or having certificate-less settings. In these settings, a central authority, known as a trusted authority (TA), creates and distributes the secret key of every user. Thus, knowing the secrete key by the TA is called key escrow problem. But, these proposed schemes suffer from key distribution problems, which limit their applications in various applications. To mitigate these issues, this paper presents a certificate-based pairing free aggregate signature scheme (CBPFAS). The proposed scheme uses the merits of public key cryptography (PKC) and identity-based PKC (IDBPKC). The scheme is proven to be unforgeable, assuming the hardness of elliptic curve discrete log problem (ECDLP). The performance analysis shows that the proposed CBPFAS scheme executes in 0.78(n+1) ms in comparison to 9.63+1.17n ms in [1], 9.63+0.78n ms in [2], 9.63+3.39n ms in [3], and 9.63+1.17n ms in [4]. From these results, it is concluded that the proposed pairing free certificate-based aggregate signature scheme performs better than its counterparts