Key Replacement Attack on Two Certificateless Signature Schemes without Random Oracles

Liu et al. proposed the first certificateless signature scheme without random oracles in 2007. However, Xiong et al. showed that Liu et al.'s scheme is insecure against a malicious-but-passive KGC attack and proposed an improved scheme. In ISA 2009, Yuan et al. also proposed a new certificateless signature scheme without random oracles. Although they claimed that the two schemes are secure in the standard model, this paper shows that both Xiong et al.'s improved scheme and Yuan et al.'s new scheme are vulnerable to key replacement attack, where an adversary, obtaining a signature on a message and replacing the public key of a signer, can forge valid signatures on the same message under the replaced public key. We also give the corresponding modifications of the two schemes to resist key replacement attack.

Download Full-text

Secure Certificateless Signature with Revocation in the Standard Model

Mathematical Problems in Engineering ◽

10.1155/2014/728591 ◽

2014 ◽

Vol 2014 ◽

pp. 1-16 ◽

Cited By ~ 5

Author(s):

Tung-Tso Tsai ◽

Sen-Shan Huang ◽

Yuh-Min Tseng

Keyword(s):

Standard Model ◽

Public Key Cryptography ◽

Public Key ◽

Key Generation ◽

Security Model ◽

Certificateless Public Key Cryptography ◽

Random Oracles ◽

Diffie Hellman ◽

The Standard Model ◽

Certificateless Signature

Certificateless public key cryptography is very attractive in solving the key escrow problem which is inherent in identity- (ID-) based public key cryptography. In the past, a large number of certificateless cryptographic schemes and protocols were presented, but a secure certificateless signature in the standard model (without random oracles) is still not accessible until now. To the best of our knowledge, all the previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC). In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS). Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

Download Full-text

Strong Designated Verifier Signature Scheme with Undeniability and Strong Unforgeability in the Standard Model

Applied Sciences ◽

10.3390/app9102062 ◽

2019 ◽

Vol 9 (10) ◽

pp. 2062

Author(s):

Xiaodong Yang ◽

Guilan Chen ◽

Ting Li ◽

Rui Liu ◽

Meiding Wang ◽

...

Keyword(s):

Standard Model ◽

Signature Scheme ◽

Signature Schemes ◽

Private Key ◽

Random Oracles ◽

Computational Overhead ◽

The Standard Model ◽

Designated Verifier ◽

Designated Verifier Signature ◽

Strong Unforgeability

Strong designated verifier signature can provide an efficient way to protect the identity privacy of the signer and the integrity of the data transmitted over the public channel. These characteristics make it very useful in outsourcing computing, electronic voting, electronic bidding, electronic auction and other fields. However, most strong designated verifier signature schemes are unable to identify the real signature generator when the signer and the designated verifier dispute a signature. In addition, the existing strong designated verifier signature schemes in the standard model rarely satisfy strong unforgeability, and thus cannot prevent the attacker from forging a valid signature on any previously signed message. Therefore, designing a strong designated verifier signature scheme without random oracles that satisfies strong unforgeability and undeniability is very attractive in both practice and theory. Motivated by these concerns, we design the first undeniable strong designated verifier signature scheme without random oracles, in which the arbiter can independently perform the judgment procedure to prove whether a controversial signature is generated by the signer or the designated verifier. Under standard assumptions, the scheme is proved to be strongly unforgeable in standard model. Furthermore, it not only achieves non-transferability and privacy of the signer’s identity but also satisfies the undeniable property of traditional digital signature schemes. Performance analysis results show that the length of the signer’s private key, the designated verifier’s private key and signature length are 40 bits, 40 bits and 384 bits, respectively. Compared with he related schemes, the proposed scheme has higher performance in signature length, private key size and computational overhead. Finally, we show how to apply it to implement outsourcing computation in cloud computing.

Download Full-text

Attacks on One Designated Verifier Proxy Signature Scheme

Journal of Applied Mathematics ◽

10.1155/2012/508981 ◽

2012 ◽

Vol 2012 ◽

pp. 1-6 ◽

Cited By ~ 1

Author(s):

Baoyuan Kang

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Random Oracle ◽

Proxy Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Random Oracles ◽

The Standard Model ◽

New Construction ◽

Designated Verifier

In a designated verifier proxy signature scheme, there are three participants, namely, the original signer, the proxy signer, and the designated verifier. The original signer delegates his or her signing right to the proxy signer, then the proxy signer can generate valid signature on behalf of the original signer. But only the designated verifier can verify the proxy signature. Several designated verifier proxy signature schemes have been proposed. However, most of them were proven secure in the random oracle model, which has received a lot of criticism since the security proofs in the random oracle model are not sound with respect to the standard model. Recently, by employing Water's hashing technique, Yu et al. proposed a new construction of designated verifier proxy signature. They claimed that the new construction is the first designated verifier proxy signature, whose security does not rely on the random oracles. But, in this paper, we will show some attacks on Yu et al.'s scheme. So, their scheme is not secure.

Download Full-text

Certificateless Short Signature Scheme from Bilinear Pairings

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.380-384.2435 ◽

2013 ◽

Vol 380-384 ◽

pp. 2435-2438 ◽

Cited By ~ 2

Author(s):

Shu Rong Feng ◽

Jiao Mo ◽

Hua Zhang ◽

Zheng Ping Jin

Keyword(s):

Bilinear Pairings ◽

Public Key ◽

Security Level ◽

Signature Scheme ◽

Signature Schemes ◽

Short Signature ◽

Certificateless Signature ◽

Provably Secure

Certificateless short signature schemes can not only have the advantage of certificateless signature, but also provide a short signature size in communication. However, all existing certificateless short signature schemes only proven secure against a normal adversary which can only obtain the valid signature for the original public key rather than a super adversary which can obtain the valid signature for the replaced public key. Recently, Fan et al. proposed a certificateless short signature scheme which is very efficient, but we found it is still cannot against super adversary. In this paper, we first analysis their scheme, and then present an improved scheme which can against super adversaries. Furthermore, our scheme can provide both the strongest security level and the shortest signature size compared the existed provably secure certificateless short signature scheme.

Download Full-text

Secure and Efficient Certificateless Signature and Blind Signature Scheme from Pairings

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.457-458.1262 ◽

2013 ◽

Vol 457-458 ◽

pp. 1262-1265

Author(s):

Min Qin Chen ◽

Qiao Yan Wen ◽

Zheng Ping Jin ◽

Hua Zhang

Keyword(s):

Random Oracle Model ◽

Public Key Cryptography ◽

Random Oracle ◽

Blind Signature ◽

Public Key ◽

Signature Scheme ◽

Signature Schemes ◽

Diffie Hellman ◽

Identity Based ◽

Certificateless Signature

Based an identity-based signature scheme, we givea certificateless signature scheme. And then we propose a certificateless blind signature (CLBS) scheme in this paper. This schemeis more efficient than those of previous schemes by pre-computing the pairing e (P, P)=g. Based on CL-PKC, it eliminates theusing of certificates in the signature scheme with respect to thetraditional public key cryptography (PKC) and solves key escrowproblems in ID-based signature schemes. Meanwhile it retains themerits of BS schemes. The proposed CLBS scheme is existentialunforgeable in the random oracle model under the intractabilityof the q-Strong Diffie-Hellman problem.

Download Full-text

Provably Secure Lattice-Based Self-Certified Signature Scheme

Security and Communication Networks ◽

10.1155/2021/2459628 ◽

2021 ◽

Vol 2021 ◽

pp. 1-9

Author(s):

Qiang Yang ◽

Daofeng Li

Keyword(s):

Computational Cost ◽

Random Oracle Model ◽

Random Oracle ◽

Public Key ◽

Communication Overhead ◽

Small Integer ◽

Signature Scheme ◽

Signature Schemes ◽

The Public ◽

Security Technologies

Digital signatures are crucial network security technologies. However, in traditional public key signature schemes, the certificate management is complicated and the schemes are vulnerable to public key replacement attacks. In order to solve the problems, in this paper, we propose a self-certified signature scheme over lattice. Using the self-certified public key, our scheme allows a user to certify the public key without an extra certificate. It can reduce the communication overhead and computational cost of the signature scheme. Moreover, the lattice helps prevent quantum computing attacks. Then, based on the small integer solution problem, our scheme is provable secure in the random oracle model. Furthermore, compared with the previous self-certified signature schemes, our scheme is more secure.

Download Full-text

Strongly Unforgeable Ring Signature Scheme from Lattices in the Standard Model

Journal of Applied Mathematics ◽

10.1155/2014/371924 ◽

2014 ◽

Vol 2014 ◽

pp. 1-12

Author(s):

Geontae Noh ◽

Ji Young Chun ◽

Ik Rae Jeong

Keyword(s):

Standard Model ◽

Signature Scheme ◽

Signature Schemes ◽

Ring Signature ◽

Arbitrary Ring ◽

Computational Overhead ◽

The Standard Model ◽

First Time ◽

Strong Unforgeability

In a ring signature scheme, a user selects an arbitrary ring to be able to sign a message on behalf of the ring without revealing the signer’s identity. Whistle-blowers especially find this useful. To date, various ring signature schemes have been proposed, all considered to be secure as existentially unforgeable with respect to insider corruption; that is, an adversary who chooses ring-message pairs for which he requests signatures, corrupts honest users, and obtains their signing keys can not produce forgeries for new ring-message pairs. Lattice-based ring signature schemes offer lower computational overhead and security from quantum attacks. In this paper, we offer a lattice-based scheme. We begin by showing that the existing ring signature schemes are not sufficiently secure, because existential unforgeability still permits a signer to potentially produce a new signature on previously signed messages. Furthermore, we show that existing ring signature schemes from lattices are not even existentially unforgeable with respect to insider corruption. We then improve previous schemes by applying, for the first time, the concept of strong unforgeability with respect to insider corruption to a ring signature scheme in lattices. This offers more security than any previous ring signature scheme: adversaries cannot produce new signatures for any ring-message pair, including previously signed ring-message pairs.

Download Full-text

A Lattice-Based Identity-Based Proxy Blind Signature Scheme in the Standard Model

Mathematical Problems in Engineering ◽

10.1155/2014/307637 ◽

2014 ◽

Vol 2014 ◽

pp. 1-6 ◽

Cited By ~ 8

Author(s):

Lili Zhang ◽

Yanqin Ma

Keyword(s):

Number Theory ◽

Standard Model ◽

Blind Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Proxy Blind Signature ◽

The Standard Model ◽

Identity Based ◽

Lattice Based Cryptography ◽

Solution Problem

A proxy blind signature scheme is a special form of blind signature which allowed a designated person called proxy signer to sign on behalf of original signers without knowing the content of the message. It combines the advantages of proxy signature and blind signature. Up to date, most proxy blind signature schemes rely on hard number theory problems, discrete logarithm, and bilinear pairings. Unfortunately, the above underlying number theory problems will be solvable in the postquantum era. Lattice-based cryptography is enjoying great interest these days, due to implementation simplicity and provable security reductions. Moreover, lattice-based cryptography is believed to be hard even for quantum computers. In this paper, we present a new identity-based proxy blind signature scheme from lattices without random oracles. The new scheme is proven to be strongly unforgeable under the standard hardness assumption of the short integer solution problem (SIS) and the inhomogeneous small integer solution problem (ISIS). Furthermore, the secret key size and the signature length of our scheme are invariant and much shorter than those of the previous lattice-based proxy blind signature schemes. To the best of our knowledge, our construction is the first short lattice-based identity-based proxy blind signature scheme in the standard model.

Download Full-text