An improved and provable self‐certified digital signature scheme with message recovery

This paper presents a self‐certified digital signature scheme with message recovery that is proven to be secure. So far, many schemes of this kind have been proposed to keep message secret in the transmission. But Zhang et al. has proposed the man‐in‐middle attack to Shao's self‐certified signature scheme, which is based on discrete logarithm. The attacker can make a new signature by using an old one, but the reason of such man‐in‐middle attack was not referred. We present the scheme of Yoon et al., which is also based on discrete logarithm, that cannot resist man‐in‐middle attack either, give the analysis of the attack, and propose a new scheme. The proposed scheme can resist forgery attack in the random oracle model and avoid message leakage, the man‐in‐middle attack, and meanwhile has several security characters. Compared with some self‐certified schemes, our scheme is the best because of the time cost. Copyright © 2013 John Wiley & Sons, Ltd.     

Identity‐based proxy signature over NTRU lattice

Proxy signature scheme is an important cryptographic primitive, for an entity can delegate his signing right to another entity. Although identity‐based proxy signature schemes based on conventional number‐theoretic problems have been proposed for a long time, the researchers have paid less attention to lattice‐based proxy signature schemes that can resist quantum attack. In this paper, we first propose an identity‐based proxy signature scheme over Number Theory Research Unit (NTRU)‐lattice. We proved that the proposed paradigm is secure under the hardness of the γ‐shortest vector problem on the NTRU lattice in random oracle model; furthermore, the comparison with some existing schemes shows our scheme is more efficient in terms of proxy signature secret key size, proxy signature size, and computation complexity. As the elemental problem of the proposed scheme is difficult even for quantum computation model, our scheme can work well in quantum age.     

Weaknesses and improvements of an efficient certificateless signature scheme without using bilinear pairings

The certificateless signature (CLS) scheme is a special signature scheme that solves the key escrow problem in identity‐based signature schemes. In CLS schemes, the private key is generated cooperatively by the key generator center (KGC) and signer, such that a malicious KGC cannot masquerade as the signer and sign a message. He et al. in 2011 proposed an efficient CLS scheme without using bilinear pairings. However, we discovered that the CLS scheme by He et al. cannot resist a strong type 2 adversary if this adversary replaces the master public key of the KGC. This work proposes an improved scheme that overcomes this weakness. Copyright © 2012 John Wiley & Sons, Ltd.     

Provable secure identity‐based multi‐proxy signature scheme

Multi‐proxy signature is one of the useful primitives of the proxy signature. Till now, only a few schemes of identity‐based multi‐proxy signature (IBMPS) have been proposed using bilinear pairings, but most of the schemes are insecure or lack a formal security proof. Because of the important application of IBMPS scheme in distributed systems, grid computing, and so on, construction of an efficient and provable‐secure IBMPS scheme is desired. In 2005, Li & Chen proposed an IBMPS scheme from bilinear pairings, but their paper lacks a formal model and proof of the security. Further, in 2009, Cao & Cao presented an IBMPS scheme with the first formal security model for it. Unfortunately, their scheme is not secure against the Xiong et al's attack. In this paper, first, we present an IBMPS scheme, then we formalize a security model for the IBMPS schemes and prove that the presented scheme is existential unforgeable against adaptive chosen message and identity attack in the random oracle model under the computational Diffie–Hellman assumption. Also, our scheme is not vulnerable for the Xiong et al's attack. The presented scheme is more efficient in the sense of computation and operation time than the existing IBMPS schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

A provably secure code‐based short signature scheme and its nontransferable variant

Signatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are helpful where bandwidth is one of the critical concern. This primitive is especially used for signing short messages in applications such as time stamping, certified email services, and identity‐based cryptosystems. In this paper, to have quantum‐attack‐resistant short signatures, the first signature scheme with partially message recovery based on coding theory is presented. Next, it is shown that the proposal is secure under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially message recovery property, the proposal is shorter than Dallot signature scheme, the only provably secure and practical code‐based signature scheme, while it preserves Dallot signature efficiency. We should highlight that our scheme can be used as a building block to construct short code‐based signature schemes with special properties. To show this, we present a provably secure short designated verifier signature scheme, a nontransferable form of short signatures, which is used in electronic voting and deniable authentication protocols.     

Provably Secure Aggregate Signcryption Scheme

An aggregate signature scheme is a digital signature scheme that allows aggregation of n distinct signatures by n distinct users on n distinct messages. In this paper, we present an aggregate signcryption scheme (ASC) that is useful for reducing the size of certification chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols. The new ASC scheme combines identity‐based encryption and the aggregation of signatures in a practical way that can simultaneously satisfy the security requirements for confidentiality and authentication. We formally prove the security of the new scheme in a random oracle model with respect to security properties IND‐CCA2, AUTH‐CMA2, and EUF‐CMA.     

Constructing Strong Identity‐Based Designated Verifier Signatures with Self‐Unverifiability

An identity‐based strong designated verifier signature scheme provides restricted verifiability only for a verifier designated by a signer and proper privacy for the signer. In this paper, we show that strong designated verifier signature schemes do not satisfy the self‐unverifiability requirement in the sense that not only exposure of the verifier's secret key but also of the signer's secret key enables an attacker to verify signatures, which should have been the exclusive right of the verifier. We also present a generic method to construct a strong identity‐based designated verifier signature scheme with self‐unverifiability from identity‐based key encapsulation and identity‐based key sharing schemes. We prove that a scheme constructed from our method achieves unforgeability, non‐transferability, and self‐unverifiability if the two underlying components are secure. To show the advantage of our method, we present an example that outputs short signatures and we analyze its performance.     

Further improvement of a certificateless signature scheme without pairing

Recently, He et al. proposed an efficient certificateless signature (CLS) scheme without pairings and demonstrated their scheme to be provably secure in the random oracle model. Unfortunately, Tian and Huang and Tsai et al. pointed out that the scheme cannot withstand a Type II adversary's attack. Tsai et al. also proposed an improved scheme to enhance security. However, the schemes of He et al. and Tsai et al. are not real CLS schemes because the user's public key is used to generate its partial private key. Besides, He et al. and Tsai et al. just demonstrated that their schemes are secure against the normal adversary in the random oracle model. In this paper, we propose a real CLS scheme and demonstrate that our scheme is secure against the super adversary. Security analysis and performance analysis show that our scheme could enhance security and increase computational cost slightly. Copyright © 2012 John Wiley & Sons, Ltd.     

对2个基于身份签名方案的伪造攻击

对李—姜(2009)和谷—贾—姜(2011)依据Paterson方案(2006)分别提出的标准模型下基于身份的签名方案构造了3个有效的伪造攻击算法:攻击者在不得到任何签名用户私钥的情况下,仅通过选取随机参数以及多项式时间内的计算,便能够以显著的概率成功伪造任意用户对任意消息的有效签名。这些攻击算法显示李—姜和谷—贾—姜的基于身份签名方案都是不安全的。最后分析了方案遭受攻击的原因,并给出了2个可能的改进措施。     

Identity-based threshold signature and mediated proxy signature schemes

Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation .     

Identity-based key-insulated proxy signature

In proxy signature schemes, the proxy signer B is permitted to produce a signature on behalf of the original signer A. However, exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper, we applied Dodis, et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.     

Ring proxy signatures

Proxy signatures have been used to enable the transfer of digital signing power within some context and ring signatures can be used to provide the anonymity of a signer. By combining the functionalities of proxy signatures and ring signatures, this paper introduces a new concept, named ring proxy signature, which is a proxy signature generated by an anonymous member from a set of potential signers. The paper also constructs the first concrete ring proxy signature scheme based on the provably secure Schnorr＇s signatures and two ID-based ring proxy signature schemes. The security analysis is provided as well.     

Nyberg-Rueppel消息恢复盲签名的一般化和改进

给出Nyberg-Rueppel消息恢复签名方案的一般性盲化方法,由该方法可以得到其3个盲化方案,其中一个就是Camenisch等人的方案,另外两个则是新的。在这两个新的方案中,一个与已有方案效率相当,另一个因无需求逆运算而效率更高。使用填充技术和hash函数,得到在ROM(randomoraclemodel)和GM(genericgroupmodel)模型下抗适应性选择消息伪造的可证明安全的消息恢复盲签名方案。     

Short computational Diffie–Hellman‐based proxy signature scheme in the standard model

Proxy signature is an important delegation technique. It allows that the original signer delegates his or her signing capability to a proxy signer that can generate valid signatures on behalf of the original signer. Until now, most of proxy signature schemes only were proven secure in the random oracle model. And the length of a proxy signature is usually a sum of the lengths of two signatures in most of the proxy signature schemes. Therefore, the factors make the proxy signature unsuitable for many applications with the constrained space or bandwidth. In this paper, we propose a novel short proxy signature scheme in the standard model. And the scheme is probably secure in the standard model. Compared with all existing proxy signature schemes without random oracles, the scheme achieves the following advantages: stronger security, shorter system parameters, shorter signature length and higher efficiency. To the best of our knowledge, this is the first shortest proxy signature scheme in the standard model, whose length is only 320 b for practical 80‐bit security level and the same as that of Digital Signature Algorithm. Copyright © 2012 John Wiley & Sons, Ltd.     

一种基于身份的代理盲签名方案

代理签名是一种非常有用的密码学工具，使用它，原始签名人能将其数字签名权力委托给代理签名人。在盲签名方案中，消息的内容对签名者是不可见的。签名被泄露后，签名者不能追踪其签名。代理签名和盲签名在实际中分别有着广泛的应用。文章结合两者的优点，利用椭圆曲线上的Weil对的双线性性，构造了一个基于身份的代理盲签名方案。     

Robust smart‐card‐based remote user password authentication scheme

Smart‐card‐based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu et al. proposed a smart‐card‐based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood et al. and Song discovered that the smart‐card‐based password authentication scheme of Xu et al. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood et al. does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen‐smart‐card and off‐line guessing attacks. In this paper, we will propose an improved and efficient smart‐card‐based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen‐smart‐card attack. Copyright © 2012 John Wiley & Sons, Ltd.     

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Application of ID-based aggregate signature in manets

Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (MANETs) very much. Jumin Song, et al. presented an ID-based aggregate signature, applied it to MANETs and proposed a secure routing scheme. In this work, we analyze Jumin Song, et al.’s aggregate signature scheme and find some limitations on its batch verification. In addition, in this work, we apply Craig Gentry, et al.’s ID-based aggregate signature to on-demand routing protocol to present a secure routing scheme. Our scheme not only provides sound authentication and a secure routing protocol in ad hoc networks, but also meets the nature of MANETs.     

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd.     

Certificate‐Based Signcryption Scheme without Pairing: Directly Verifying Signcrypted Messages Using a Public Key

To achieve confidentiality, integrity, authentication, and non‐repudiation simultaneously, the concept of signcryption was introduced by combining encryption and a signature in a single scheme. Certificate‐based encryption schemes are designed to resolve the key escrow problem of identity‐based encryption, as well as to simplify the certificate management problem in traditional public key cryptosystems. In this paper, we propose a new certificate‐based signcryption scheme that has been proved to be secure against adaptive chosen ciphertext attacks and existentially unforgeable against chosen‐message attacks in the random oracle model. Our scheme is not based on pairing and thus is efficient and practical. Furthermore, it allows a signcrypted message to be immediately verified by the public key of the sender. This means that verification and decryption of the signcrypted message are decoupled. To the best of our knowledge, this is the first signcryption scheme without pairing to have this feature.