Security Analysis of Two Signcryption Schemes

Abstract. Signcryption is a new cryptographic primitive that performs signing and encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we present a security analysis of two such schemes: the Huang-Chang convertible signcryption scheme [12], and the Kwak-Moon group signcryption scheme [13]. Our results show that both schemes are insecure. Specifically, the Huang-Chang scheme fails to provide confidentiality, while the Kwak-Moon scheme does not satisfy the properties of unforgeability, coalition-resistance, and traceability

Mepolizumab therapy improves the most bothersome symptoms in patients with hypereosinophilic syndrome.

Background: Hypereosinophilic syndrome (HES) is characterized by persistent elevated blood and/or tissue eosinophil levels and eosinophil-mediated organ damage. Presentation is highly heterogenous; patients may experience symptoms affecting multiple organ systems.Objectives: To assess the effects of mepolizumab, which targets interleukin-5, on HES-related symptom burden, based on HES daily symptoms (HES-DS) questionnaire data collected during the Phase III (ClinicalTrials.gov ID: NCT02836496) study of mepolizumab in patients with HES.Methods: Each of the six HES-related symptoms were rated (0-10) daily by patients, recalling worst symptom experience in the prior 24 hours; change from baseline at Week 32 was also calculated for mepolizumab versus placebo.Results: Mepolizumab versus placebo reduced HES-related symptom burden severity in patients with HES at Week 32. Improvements in the median change from baseline scores were seen across all symptom groups except skin for patients treated with mepolizumab; greatest improvement from baseline was observed for breathing symptoms.Conclusion: These data highlight the considerable symptom burden associated with HES and further support the clinical benefits of mepolizumab treatment for these patients.info:eu-repo/semantics/publishe

Safety and Efficacy of Mepolizumab in Hypereosinophilic Syndrome: An Open-Label Extension Study.

Background: A double-blind, placebo-controlled, phase III study (200622) showed that mepolizumab reduces disease flares for patients with uncontrolled FIP1-like-1-platelet-derived growth factor receptor α-negative hypereosinophilic syndrome (HES) and two or more flares in the previous year.Objective: To further characterize the safety, clinical benefit, and pharmacodynamics of mepolizumab.Methods: Eligible patients from both treatment arms of the double-blind study could enter an open-label extension study (205203; NCT03306043) to receive 4-weekly mepolizumab (300 mg subcutaneously) plus background therapy for 20 weeks. Primary end points were safety-based; other end points included flare rates and changes from baseline in mean daily oral corticosteroid (OCS) dose and blood eosinophil count.Results: Of 104 patients who completed the double-blind study, 98% (previous placebo, n = 52; previous mepolizumab, n = 50) enrolled in the open-label extension. Overall, 66 of patients reported adverse events (AEs) (65%), 15 reported treatment-related AEs (15%), and nine reported serious AEs (9%). No events were fatal. The annualized flare rate (95% confidence interval) in the previous placebo and previous mepolizumab groups was 0.37 (0.16-0.86) and 0.14 (0.04-0.49) events/y, respectively. Of 72 patients receiving OCS during weeks 0 to 4, 20 (28%; previous placebo, n = 14; previous mepolizumab, n = 6) achieved 50% or greater reductions in mean daily dose during weeks 16 to 20. At week 20, blood eosinophil count was reduced by 89% in patients previously receiving placebo and remained reduced for those previously receiving mepolizumab.Conclusions: Extended mepolizumab treatment was associated with a positive benefit-risk profile. Continued control of disease flares and blood eosinophil counts, plus reductions in OCS use, were observed with mepolizumab in patients with FIP1-like-1-platelet-derived growth factor receptor α-negative HES.info:eu-repo/semantics/publishe

Warrant-Hiding Delegation-by-Certificate Proxy Signature Schemes ⋆

Abstract. Proxy signatures allow an entity (the delegator) to delegate his signing capabilities to other entities (called proxies), who can then produce signatures on behalf of the delegator. Typically, a delegator may not want to give a proxy the power to sign any message on his behalf, but only messages from a well defined message space. Therefore, the so called delegation by warrant approach has been introduced. Here, a warrant is included into the delegator’s signature (the so called certificate) to describe the message space from which a proxy is allowed to choose messages to produce valid signatures for. Interestingly, in all previously known constructions of proxy signatures following this approach, the warrant is made explicit and, thus, is an input to the verification algorithm of a proxy signature. This means, that a verifier learns the entire message space for which the proxy has been given the signing power. However, it may be desirable to hide the remaining messages in the allowed message space from a verifier. This scenario has never been investigated in context of proxy signatures, but seems to be interesting for practical applications. In this paper, we resolve this issue by introducing so called warrant-hiding proxy signatures. We provide a formal security definition of such schemes by augmenting the well established security model for proxy signatures by Boldyreva et al. Furthermore, we discuss strategies how to realize this warrant-hiding property and we also provide two concrete instantiations of such a scheme. They enjoy different advantages, but are both entirely practical. Moreover, we prove them secure with respect to the augmented security model

Universal designated verifier signatures without random oracles or non-black box assumptions

Universal designated verifier signatures (UDVS) were introduced in 2003 by Steinfeld et al. to allow signature holders to monitor the verification of a given signature in the sense that any plain signature can be publicly turned into a signature which is only verifiable by some specific designated verifier. Privacy issues, like non-dissemination of digital certificates, are the main motivations to study such primitives. In this paper, we propose two fairly efficient UDVS schemes which are secure (in terms of unforgeability and anonymity) in the standard model (i.e. without random oracles). Their security relies on algorithmic assumptions which are much more classical than assumptions involved in the two only known UDVS schemes in standard model to date. The latter schemes, put forth by Zhang et al. in 2005 and Vergnaud in 2006, rely on the Strong Diffie-Hellman assumption and the strange-looking knowledge of exponent assumption (KEA). Our schemes are obtained from Waters’s signature and they do not need the KEA assumption. They are also the first random oracle-free constructions with the anonymity property

Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

Part 1: Full PapersInternational audienceDigital signatures are by far the most prominent mechanisms to detect violations of integrity. When signing rights are delegated, the integrity protection is gradually weaker as the delegatee’s actions are not considered integrity violations. Taken to an extreme, delegating the right to undetectably change everything to everyone will achieve a property called contingency. Contingency was introduced as the “dual of integrity” in 2009 by Rost and Pfitzmann in German [26] and later translated into English in 2011 [4]. Contingency describes the exact opposite of integrity: the provable absence of integrity. Following this line of privacy research, this paper gives the first rigorous definition of contingency and presents a cryptographic protocol build upon a transparent sanitizable signature scheme. Hence, contingency is a verifiable statement that the signer explicitly desired that the integrity status of data is not verifiable. We analyze legal implications and applications of contingent information

Computing on Authenticated Data for Adjustable Predicates

Abstract. The notion of P-homomorphic signatures, introduced by Ahn et al. (TCC 2012), generalizes various approaches for public computations on authenticated data. For a given predicate P anyone can derive a signature for a message m ′ from the signatures of a set of messages M, as long as P(M, m ′ ) = 1. This definition hence comprises notions and constructions for concrete predicates P such as homomorphic signatures and redactable signatures. In our work we address the question of how to combine Pi-homomorphic schemes for different predicates P1, P2,... to create a richer and more flexible class of supported predicates. One approach is to statically combine schemes for predicates into new schemes for logical formulas over the predicates, such as a scheme for AND (P1 ∧P2). The other approach for more flexibility is to derive schemes which allow the signer to dynamically decide which predicate to use when signing a message, instead of supporting only a single, fixed predicate. We present two main results. One is to show that one can indeed devise solutions for the static combination for AND, and for dynamically adjustable solutions for choosing the predicate on the fly. Moreover, our constructions are practical and add only a negligible overhead. The other main result is an impossibility result for static combinations. Namely, we prove that, in contrast to the case of AND, many other formulas like the logical OR (P1 ∨ P2) and the NOT (¬P) do not admit generic combinations through so-called canonical constructions. This implies that one cannot rely on general constructions in these cases, but must use other methods instead, like finding new predicate-specific solutions from scratch.

Privacy-Preserving Auditing for Attribute-Based Credentials

Privacy-enhancing attribute-based credentials (PABCs) allow users to authenticate to verifiers in a data-minimizing way, in the sense that users are unlinkable between authentications and only disclose those attributes from their credentials that are relevant to the verifier. We propose a practical scheme to apply the same data minimization principle when the verifiers’ authentication logs are subjected to external audits. Namely, we propose an extended PABC scheme where the verifier can further remove attributes from presentation tokens before handing them to an auditor, while preserving the verifiability of the audited tokens. We present a generic construction based on a signature, a signature of knowledge and a trapdoor commitment scheme, prove it secure in the universal composability framework, and give efficient instantiations based on the strong RSA and Decision Composite Residuosity (DCR) assumptions in the random-oracle model