Lattice-based Multi-signature with Linear Homomorphism

Abstract: This paper extends the lattice-based linearly homomorphic signature to have multiple signers with the security proof. In our construction, we assume that there are one trusted dealer and either single signer or multiple signers for a message. The dealer pre-shares the message vector v during the set-up phase and issues a pre-shared vector v i to each signer. Then, from partial signatures σ i of v i signed by each signer, one obtains a valid signature σ of v by combining all partial signatures σ i of v i . We use well-known lattice-based algorithms like trapdoor generation algorithm and extracting basis algorithm to distribute different secret keys to each signer. Our signature holds multi-unforgeability and weakly context hiding property and is shown to be provably secure in the random oracle model under k-Small Integer Solution problem assuming the soundness of Boneh and Freeman's signature

Attribute-Based Ring Signatures

Ring signature was proposed to keep signer\u27s anonymity when it signs messages on behalf of a ``ring of possible signers. In this paper, we propose a novel notion of ring signature which is called attribute-based ring signature. In this kind of signature, it allows the signer to sign message with its attributes from attribute center. All users that possess of these attributes form a ring. The identity of signer is kept anonymous in this ring. Furthermore, anyone out of this ring could not forge the signature on behalf of the ring. Two constructions of attribute-based ring signature are also presented in this paper. The first scheme is proved to be secure in the random oracle model, with large universal attributes. We also present another scheme in order to avoid the random oracle model. It does not rely on non-standard hardness assumption or random oracle model. Both schemes in this paper are based on standard computational Diffie-Hellman assumption

Security Analysis of A Remote User Authentication Protocol by Liao and Wang

In Elsevier\u27s journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users

Security weakness in the Proof of Storage with Deduplication

Achieving both security and efficiency is the challenging issue for a data outsourcing service in the cloud computing. Proof of Storage with Deduplication (POSD) is the first solution that addresses the issue for the cloud storage. However, the validity of the POSD scheme stands on the strong assumption that all clients are honest in terms of generating their keys. We present insecurity of the scheme under new attack model that malicious clients exploit dishonestly manipulated keys. We also propose an improvement of the POSD scheme to mitigate our attack

Grouping-Proof Protocol for RFID Tags: Security Definition and Scalable Construction

In this paper, we propose a grouping-proof protocol for RFID tags based on secret sharing. Our proposed protocol addresses the scalability issue of the previous protocols by removing the need for an RFID reader to relay messages from one tag to another tag. We also present a security model for a secure grouping-proof protocol which properly addresses the so called \emph{mafia fraud atttack}. Mafia fraud attack (sometimes called distance fraud) is a simple relay attack suggested by Yvo Desmedt. Any location-based protocol including RFID protocols is vulnerable to this attack even if cryptography is used. One practical countermeasure to mafia fraud attack is to employ a distance-bounding protocol into a location-based protocol. However, in the light of work by Chandran et al., mafia fraud attack cannot be theoretically prevented. Therefore, we need to take hits fact into account in order to make sense about security notion for secure grouping-proof protocols

A2BE: Accountable Attribute-Based Encryption for Abuse Free Access Control

As a recently proposed public key primitive, attribute-based encryption (ABE) (including Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE)) is a highly promising tool for secure access control. In this paper, the issue of key abuse in ABE is formulated and addressed. Two kinds of key abuse problems are considered, i) illegal key sharing among colluding users and ii) misbehavior of the semi-trusted attribute authority including illegal key (re-)distribution. Both problems are extremely important as in an ABE-based access control system, the attribute private keys directly imply users\u27 privileges to the protected resources. To the best knowledge of ours, such key abuse problems exist in all current ABE schemes as the attribute private keys assigned to the users are never designed to be linked to any user specific information except the commonly shared user attributes. To be concrete, we focus on the prevention of key abuse in CP-ABE in this paper \footnote{Our technique can easily be extended to KP-ABE as well.}. The notion of accountable CP-ABE (CP-A$^2$BE, in short) is first proposed to prevent illegal key sharing among colluding users. The accountability for user is achieved by embedding additional user specific information in the attribute private key issued to the user. To further obtain accountability for the attribute authority as well, the notion of strong CP-A$^2$BE is proposed, allowing each attribute private key to be linked to the corresponding user\u27s secret that is unknown to the attribute authority. We show how to construct such a strong CP-A$^2$BE and prove its security based on the computational Diffie-Hellman assumption. Finally, we show how to utilize the new technique to solve some open problems existed in the previous accountable identity-based encryption schemes

Constant-round Dynamic Group Key Exchange from RLWE Assumption

In this paper, we propose a novel lattice-based group key exchange protocol with dynamic membership. Our protocol is constructed by generalizing Dutta-Barua protocol to RLWE setting, inspired by Apon et al.’s recent paper in PQCrypto 2019. We describe our (static) group key exchange protocol from Apon et al.’s paper by modifying its third round and computation step. Then, we present both authenticated and dynamic group key exchange protocol with Join and Leave algorithms. The number of rounds for authenticated group key exchange remains the same as unauthenticated one. Our protocol also supports the scalable property so that the number of rounds does not change depending on the number of group participants. By assuming the hardness of RLWE assumption and unforgeability of digital signatures, we give a full security proof for (un-)authenticated (dynamic) group key exchange protocols

Untraceable Mobile Node Authentication in WSN

Mobility of sensor node in Wireless Sensor Networks (WSN) brings security issues such as re-authentication and tracing the node movement. However, current security researches on WSN are insufficient to support such environments since their designs only considered the static environments. In this paper, we propose the efficient node authentication and key exchange protocol that reduces the overhead in node re-authentication and also provides untraceability of mobile nodes. Compared with previous protocols, our protocol has only a third of communication and computational overhead. We expect our protocol to be the efficient solution that increases the lifetime of sensor network

Identity-Based Chameleon Hash Scheme Without Key Exposure

In this paper, we propose the first identity-based chameleon hash scheme without key exposure, which gives a positive answer for the open problem introduced by Ateniese and de Medeiros in 2004