Double-authentication-preventing signatures in the standard model

A double-authentication preventing signature (DAPS) scheme is a digital signature scheme equipped with a self-enforcement mechanism. Messages consist of an address and a payload component, and a signer is penalized if she signs two messages with the same addresses but different payloads. The penalty is the disclosure of the signer’s signing key. Most of the existing DAPS schemes are proved secure in the random oracle model (ROM), while the efficient ones in the standard model only support address spaces of polynomial size. We present DAPS schemes that are efficient, secure in the standard model under standard assumptions and support large address spaces. Our main construction builds on vector commitments (VC) and double-trapdoor chameleon hash functions (DCH). We also provide a DAPS realization from Groth–Sahai (GS) proofs that builds on a generic construction by Derler et al., which they instantiate in the ROM. The GS-based construction, while less efficient than our main one, shows that a general yet efficient instantiation of DAPS in the standard model is possible. An interesting feature of our main construction is that it can be easily modified to guarantee security even in the most challenging setting where no trusted setup is provided. To the best of our knowledge, ours seems to be the first construction achieving this in the standard model.

Download Full-text

A Generic Framework for Accountable Optimistic Fair Exchange Protocol

Symmetry ◽

10.3390/sym11020285 ◽

2019 ◽

Vol 11 (2) ◽

pp. 285

Author(s):

Jia-Ch’ng Loh ◽

Swee-Huay Heng ◽

Syh-Yuan Tan

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Building Blocks ◽

Random Oracle ◽

Fair Exchange ◽

Generic Framework ◽

The Standard Model ◽

Security Properties ◽

Optimistic Fair Exchange ◽

The One

Optimistic Fair Exchange protocol was designed for two parties to exchange in a fair way where an arbitrator always remains offline and will be referred only if any dispute happens. There are various optimistic fair exchange protocols with different security properties in the literature. Most of the optimistic fair exchange protocols satisfy resolution ambiguity where a signature signed by the signer is computational indistinguishable from the one resolved by the arbitrator. Huang et al. proposed the first generic framework for accountable optimistic fair exchange protocol in the random oracle model where it possesses resolution ambiguity and is able to reveal the actual signer when needed. Ganjavi et al. later proposed the first generic framework in the standard model. In this paper, we propose a new generic framework for accountable optimistic fair exchange protocol in the standard model using ordinary signature, convertible undeniable signature, and ring signature scheme as the underlying building blocks. We also provide an instantiation using our proposed generic framework to obtain an efficient pairing-based accountable optimistic fair exchange protocol with short signature.

Download Full-text

Large Universe CCA2 CP-ABE With Equality and Validity Test in the Standard Model

The Computer Journal ◽

10.1093/comjnl/bxaa075 ◽

2020 ◽

Author(s):

Cong Li ◽

Qingni Shen ◽

Zhikang Xie ◽

Xinyu Feng ◽

Yuejian Fang ◽

...

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Random Oracle ◽

Fine Grained ◽

Validity Check ◽

Attribute Based Encryption ◽

The Standard Model ◽

Series Of Experiments ◽

Ciphertext Policy ◽

Chosen Ciphertext Security

Abstract Attribute-based encryption with equality test (ABEET) simultaneously supports fine-grained access control on the encrypted data and plaintext message equality comparison without decrypting the ciphertexts. Recently, there have been several literatures about ABEET proposed. Nevertheless, most of them explore the ABEET schemes in the random oracle model, which has been pointed out to have many defects in practicality. The only existing ABEET scheme in the standard model, proposed by Wang et al., merely achieves the indistinguishable against chosen-plaintext attack security. Considering the aforementioned problems, in this paper, we propose the first direct adaptive chosen-ciphertext security ciphertext-policy ABEET scheme in the standard model. Our method only adopts a chameleon hash function and adds one dummy attribute to the access structure. Compared with the previous works, our scheme achieves the security improvement, ciphertext validity check and large universe. Besides, we further optimize our scheme to support the outsourced decryption. Finally, we first give the detailed theoretical analysis of our constructions in computation and storage costs, then we implement our constructions and carry out a series of experiments. Both results indicate that our constructions are more efficient in Setup and Trapdoor and have the shorter public parameters than the existing ABEET ones do.

Download Full-text

Lattice Based Group Key Exchange Protocol in the Standard Model

10.5121/csit.2021.111113 ◽

2021 ◽

Author(s):

Parhat Abla

Keyword(s):

Standard Model ◽

Quantum Algorithms ◽

Random Oracle Model ◽

Random Oracle ◽

Key Exchange ◽

Session Key ◽

Group Key ◽

Group Key Exchange ◽

The Standard Model ◽

Group Members

Group key exchange schemes allow group members to agree on a session key. Although there are many works on constructing group key exchange schemes, but most of them are based on algebraic problems which can be solved by quantum algorithms in polynomial time. Even if several works considered lattice based group key exchange schemes, believed to be post-quantum secure, but only in the random oracle model. In this work, we propose a group key exchange scheme based on ring learning with errors problem. On contrast to existing schemes, our scheme is proved to be secure in the standard model. To achieve this, we define and instantiate multi-party key reconciliation mechanism. Furthermore, using known compiler with lattice based signature schemes, we can achieve authenticated group key exchange with postquantum security.

Download Full-text

Efficient Certificateless Signcryption in the Standard Model: Revisiting Luo and Wan’s Scheme from Wireless Personal Communications (2018)

The Computer Journal ◽

10.1093/comjnl/bxz041 ◽

2019 ◽

Vol 62 (8) ◽

pp. 1178-1193 ◽

Cited By ~ 2

Author(s):

Parvin Rastegari ◽

Willy Susilo ◽

Mohammad Dakhlalian

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Personal Communication ◽

Public Key Cryptography ◽

Random Oracle ◽

Research Literature ◽

Public Key ◽

Certificateless Public Key Cryptography ◽

The Standard Model ◽

Wireless Personal Communications

Abstract Certificateless public key cryptography (CL-PKC) promises a practical resolution in establishing practical schemes, since it addresses two fundamental issues, namely the necessity of requiring certificate managements in traditional public key infrastructure (PKI) and the key escrow problem in identity-based (ID-based) setting concurrently. Signcryption is an important primitive that provides the goals of both encryption and signature schemes as it is more efficient than encrypting and signing messages consecutively. Since the concept of certificateless signcryption (CL-SC) scheme was put forth by Barbosa and Farshim in 2008, many schemes have been proposed where most of them are provable in the random oracle model (ROM) and only a few number of them are provable in the standard model. Very recently, Luo and Wan (Wireless Personal Communication, 2018) proposed a very efficient CL-SC scheme in the standard model. Furthermore, they claimed that their scheme is not only more efficient than the previously proposed schemes in the standard model, but also it is the only scheme which benefits from known session-specific temporary information security (KSSTIS). Therefore, this scheme would indeed be very practical. The contributions of this paper are 2-fold. First, in contrast to the claim made by Luo and Wan, we show that unfortunately Luo and Wan made a significant error in the construction of their proposed scheme. While their main intention is indeed interesting and useful, the failure of their construction has indeed left a gap in the research literature. Hence, the second contribution of this paper is to fill this gap by proposing a CL-SC scheme with KSSTIS, which is provably secure in the standard model.

Download Full-text

Group Signatures with Message-Dependent Opening: Formal Definitions and Constructions

Security and Communication Networks ◽

10.1155/2019/4872403 ◽

2019 ◽

Vol 2019 ◽

pp. 1-36 ◽

Cited By ~ 2

Author(s):

Keita Emura ◽

Goichiro Hanaoka ◽

Yutaka Kawai ◽

Takahiro Matsuda ◽

Kazuma Ohara ◽

...

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Group Signature ◽

Signature Scheme ◽

Identity Based Encryption ◽

Group Signatures ◽

The Standard Model ◽

Formal Definitions ◽

Generic Construction ◽

Identity Based

This paper introduces a new capability for group signatures called message-dependent opening. It is intended to weaken the high trust placed on the opener; i.e., no anonymity against the opener is provided by an ordinary group signature scheme. In a group signature scheme with message-dependent opening (GS-MDO), in addition to the opener, we set up an admitter that is not able to extract any user’s identity but admits the opener to open signatures by specifying messages where signatures on the specified messages will be opened by the opener. The opener cannot extract the signer’s identity from any signature whose corresponding message is not specified by the admitter. This paper presents formal definitions of GS-MDO and proposes a generic construction of it from identity-based encryption and adaptive non-interactive zero-knowledge proofs. Moreover, we propose two specific constructions, one in the standard model and one in the random oracle model. Our scheme in the standard model is an instantiation of our generic construction but the message-dependent opening property is bounded. In contrast, our scheme in the random oracle model is not a direct instantiation of our generic construction but is optimized to increase efficiency and achieves the unbounded message-dependent opening property. Furthermore, we also demonstrate that GS-MDO implies identity-based encryption, thus implying that identity-based encryption is essential for designing GS-MDO schemes.

Download Full-text

Novel Identity-Based Hash Proof System with Compact Master Public Key from Lattices in the Standard Model

International Journal of Foundations of Computer Science ◽

10.1142/s0129054119400148 ◽

2019 ◽

Vol 30 (04) ◽

pp. 589-606

Author(s):

Qiqi Lai ◽

Bo Yang ◽

Zhe Xia ◽

Yannan Li ◽

Yuan Chen ◽

...

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Random Oracle ◽

Public Key ◽

Proof System ◽

Secret Key ◽

Random Lattice ◽

The Standard Model ◽

Identity Based ◽

Hash Proof System

As the progress of quantum computers, it is desired to propose many more efficient cryptographic constructions with post-quantum security. In the literatures, almost all cryptographic schemes and protocols can be explained and constructed modularly from certain cryptographic primitives, among which an Identity-Based Hash Proof System (IB-HPS) is one of the most basic and important primitives. Therefore, we can utilize IB-HPSs with post-quantum security to present several types of post-quantum secure schemes and protocols. Up until now, all known IB-HPSs with post-quantum security are instantiated based on latticed-based assumptions. However, all these lattice-based IB-HPSs are either in the random oracle model or not efficient enough in the standard model. Hence, it should be of great significance to construct more efficient IB-HPSs from lattices in the standard model. In this paper, we propose a new smooth IB-HPS with anonymity based on the Learning with Errors (LWE) assumption in the standard model. This new construction is mainly inspired by a classical identity-based encryption scheme based on LWE due to Agreawal et al. in Eurocrypt 2010. And our innovation is to employ the algorithm SampleGaussian introduced by Gentry et al. and the property of random lattice to simulate the identity secret key with respect to the challenge identity. Compared with other existing IB-HPSs in the standard model, our master public key is quite compact. As a result, our construction has much lower overheads on computation and storage.

Download Full-text

Attacks on One Designated Verifier Proxy Signature Scheme

Journal of Applied Mathematics ◽

10.1155/2012/508981 ◽

2012 ◽

Vol 2012 ◽

pp. 1-6 ◽

Cited By ~ 1

Author(s):

Baoyuan Kang

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Random Oracle ◽

Proxy Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Random Oracles ◽

The Standard Model ◽

New Construction ◽

Designated Verifier

In a designated verifier proxy signature scheme, there are three participants, namely, the original signer, the proxy signer, and the designated verifier. The original signer delegates his or her signing right to the proxy signer, then the proxy signer can generate valid signature on behalf of the original signer. But only the designated verifier can verify the proxy signature. Several designated verifier proxy signature schemes have been proposed. However, most of them were proven secure in the random oracle model, which has received a lot of criticism since the security proofs in the random oracle model are not sound with respect to the standard model. Recently, by employing Water's hashing technique, Yu et al. proposed a new construction of designated verifier proxy signature. They claimed that the new construction is the first designated verifier proxy signature, whose security does not rely on the random oracles. But, in this paper, we will show some attacks on Yu et al.'s scheme. So, their scheme is not secure.

Download Full-text