Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings

Proxy re-encryption (PRE) is a useful primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one key into an encryption of the same plaintext under another key. A PRE scheme is bidirectional if the proxy is able to transform ciphertexts in both directions. In ACM CCS’07, Canetti and Hohenberger presented a bidirectional PRE scheme with chosen-ciphertext security, which captures the indistinguishability of ciphertexts even if the adversary has access to the standard decryption oracle as well as a re-encryption oracle and a re-encryption key oracle. They also left an important open problem to come up with a chosen-ciphertext secure PRE scheme without pairings. To resolve this problem, we propose a bidirectional PRE scheme without pairings, and prove its chosen-ciphertext security under the computational Diffie-Hellman assumption in the random oracle model. Based on this scheme, we further present a non-transitive bidirectional PRE scheme, in which the proxy alone cannot re-delegate the decryption rights.     

ID-based proxy signature scheme with message recovery

A proxy signature scheme, introduced by Mambo, Usuda and Okamoto, allows an entity to delegate its signing rights to another entity. Identity based public key cryptosystems are a good alternative for a certificate based public key setting, especially when efficient key management and moderate security are required. From inception several ID-based proxy signature schemes have been discussed, but no more attention has been given to proxy signature with message recovery. In this paper, we are proposing provably secure ID-based proxy signature scheme with message recovery and we have proved that our scheme is secure as existential forgery-adaptively chosen message and ID attack. As proposed scheme is efficient in terms of communication overhead and security, it can be a good alternative for certificate based proxy signatures, used in various applications such as wireless e-commerce, mobile agents, mobile communication and distributed shared object systems, etc.     

Efficient ID-based proxy multi-signature scheme secure in random oracle

Proxy signature schemes enable an entity to delegate its signing rights to any other party, called proxy signer. As a variant of proxy signature primitive, proxymultisignature allows a group of original signers to delegate their signing capabilities to a single proxy signer in such a way that the proxy signer can sign a message on behalf of the group of original signers. We propose a concrete ID-based proxy multi-signature scheme from bilinear pairings. The proposed scheme is existential unforgeable against adaptively chosen message and given ID-attack in random oracle model under the computational Diffie-Hellman (CDH) assumption. The fascinating property of new scheme is that the size of a proxy multi-signature is independent of the number of original signers. Furthermore the proposed scheme is simple and computationally more efficient than other ID-based proxy multisignature schemes.     

对来自双线性配对的三种代理签名体制的密码学分析

纪家慧等人利用双线性配对提出了三类代理签名体制:代理多签名、多代理签名和多代理多签名,但这三类代理签名方案都是不安全的.分析说明了这三类代理签名存在伪造攻击,任何一个原始签名人或代理签名人都可以伪造合法的代理签名.     

Efficient bidirectional proxy re-encryption with direct chosen-ciphertext security

Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for a user into another ciphertext of the same message intended for another user, and the proxy, however, cannot learn anything about the message encrypted. In previous papers, in order to achieve the CCA2-security, a common method for constructing PRE schemes was to apply the paradigm of using strongly-unforgeable one-time signature which transforms a selective-identity, CPA-secure identity-based encryption (IBE) scheme into a CCA-secure cryptosystem. In this paper, we propose a direct design of the bidirectional CCA-secure PRE scheme, which makes a direct use of the underlying IBE structure and does not need any auxiliary signature mechanism. Our construction is efficient and suitable for further designing multi-user PRE schemes. Its security is proved on the base of the decisional bilinear Diffie-Hellman assumption in the standard model.     

前向安全的基于身份代理签名方案

前向安全是数字签名方案的一个重要的方面.现在已经提出了许多前向安全的数字签名方案,但前向安全的代理签名方案到目前为止并不多.提出了一个前向安全的基于身份的代理签名方案,方案的安全参数与总的时间周期数量无关,可以在保证代理签名者私钥长度和公钥保持不变的条件下无限制的进行代理私钥更新.由于双线性配对的使用,方案具有短签名和短密钥的特点.最后给出了代理签名方案的安全性分析.     

Certificateless threshold cryptosystem secure against chosen-ciphertext attack

This paper proposes the first certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. The scheme is secure against threshold chosen-ciphertext attack. It tolerates the Type I adversary that can replace public key and the Type II adversary that has access to the system’s master key. The formal proof of security is presented in the random oracle model, assuming some underlying problems closely related to the Bilinear Diffie-Hellman Problem are computationally hard.     

A secure identity-based proxy multi-signature scheme

In a proxy multi-signature scheme, a designated proxy signer can generate the signature on behalf of a group of original signers. To our best knowledge, most of existing proxy multi-signature schemes are proposed in public key infrastructure setting, which may be the bottleneck due to its complexity. To deduce the complexity, several proxy multi-signature schemes are proposed in the ID-based setting. However, no formal definitions on ID-based proxy are proposed until now. To fill the gap, this paper proposes the formal definition. Furthermore, we present a proven secure ID-based proxy multi-signature scheme, which is more efficient than existing schemes in term of computational cost.     

一种新的基于身份的变色龙数字签名方案

变色龙签名是一种非交互的数字签名，基于“先哈希后签名”的范式。其中使用的哈希函数是一种特殊的陷门单向哈希函数――变色龙哈希。变色龙签名与普通数字签名的不同之处在于不可传递性。应用双线性对，提出了一个新的基于身份的变色龙签名方案。新方案构造简洁，在随机预言模型下是安全的。     

Improvement of a proxy multi-signature scheme without random oracles

A proxy multi-signature scheme permits two or more original singers to delegate their signing powers to the same proxy signer. Recently, Liu et al. proposed the first proxy multi-signature that be proven secure in the standard model [Liu et al. (2008) [20]], which can be viewed as a two-level hierarchical signature due to Waters. However, because of the direct employment of Waters’ signature, their scheme needs a relatively large number of public parameters and is not tightly reduced to the security assumption. In this paper, inspired by Boneh, Boyen’s technique and Waters’ technique, we propose a new proxy multi-signature scheme without random oracles, whose unforgeability can be tightly reduced to the CDH assumption in bilinear groups. The new scheme can be regarded as an improvement to overcome the weaknesses of Liu et al.’s scheme. Compared with Liu et al.’s scheme, the improvement has three merits, tighter security reduction, shorter system parameters and higher efficiency.     

基于ID的代理盲签名

在代理签名中，原始签名人能将其数字签名的权力委托给代理签名人；而在盲签名方案中，被签消息的内容对签名者是不可见的，签名被接受者得到后，签名者不能追踪签名。文章结合二者的优点，利用基于椭圆曲线上的Weil配对的双线性映射，在基于身份的数字签名的基础上，构造了一个基于ID的代理盲签名方案，并对其安全性作了简要分析。     

一种新的可证明安全的代理环签名方案

提出了一个有效的代理环签名方案,此方案克服了以往基于身份的方案在代理钥生成时运算域不合理的弱点。同时使方案的有效性提高:双线对的计算开销从O(n)降到了O(1)。在计算性Diffie-Hellman问题(CDHP)困难假设下,证明了它的不可伪造性。提出的方案也满足代理环签名方案的其他安全性要求:无条件匿名性、可验证性、可区分性。     

A secure and useful “keyless cryptosystem”

Keyless cryptography is a technique in which the basis of security is the anonymity of the sender. We describe a protocol that fits the technique to realistic communication environments, and extend the security and the range of applications of the technique.     

An efficient secure proxy verifiably encrypted signature scheme

Verifiably encrypted signature is an important cryptographic primitive, it can convince a verifier that a given ciphertext is an encryption of signature on a given message. It is often used as a building block to construct an optimistic fair exchange. In this paper, we propose a new concept: a proxy verifiably encrypted signature scheme, by combining proxy signature with a verifiably encrypted signature. And we formalize security model of proxy verifiably encrypted signature. After a detail construction is given, we show that the proposed scheme is provably secure in the random oracle model. The security of the scheme is related to the computational Diffie–Hellman problem.     

Proxy-protected signature secure against the undelegated proxy signature attack

The proxy signature scheme enables an original signer to delegate his/her signing capability to a designated proxy signer, thereby the proxy signer can sign messages on behalf of the original signer. Recently, Zhou et al. proposed two proxy-protected signature schemes. One is based on the RSA problem and the other is based on the integer factorization problem. In this paper, however, we point out that Zhou et al.’s schemes are insecure against undelegated proxy signature attack because any user without the delegation of the original signer can generate a valid proxy signature. To solve this problem, an improved scheme is proposed and its security is analyzed.     

一个新的基于身份的强代理签名方案

提出了一个基于身份的具有代理保护的强代理签名方案,方案实现主要用到双射对(Bilinear Pairings)性质。该方案比zhang and Kim^[4]的方案更有效。     

Multi-use and unidirectional identity-based proxy re-encryption schemes

In a proxy re-encryption scheme, a semi-trusted proxy is given special power that allows it to transform a ciphertext for Alice into a ciphertext for Bob without learning any information about the messages encrypted under either key. When a proxy re-encryption scheme is constructed in an identity-based setting, it means that a proxy converts a ciphertext encrypted under Alice’s identity into a ciphertext under Bob’s. Proxy re-encryption has become more and more popular these years due to the fact that it has many practical applications. In this paper, we present an IND-CCA2 secure identity-based proxy re-encryption scheme which has several useful properties, including, multi-use, unidirectionality, etc. Finding a unidirectional, multi-use, and CCA2-secure proxy re-encryption scheme is presented as an open problem by Green et al. Fortunately, our identity-based proxy re-encryption scheme is a solution to this problem. As a middleware for fulfilling our main goal, we also propose a new construction of identity-based encryption using random padding techniques. The security of our schemes is based on the standard decisional bilinear Diffie-Hellman assumption in the random oracle model.     

可证安全的基于身份的门限代理签名方案

在Paterson基于身份的签名方案基础上,提出一个在标准模型下可证安全的基于身份的门限代理签名方案。新方案具有在自适应选择消息攻击下存在不可伪造性,其安全性在标准模型下可归约为CDH问题假定,与基于公钥密码体制的门限代理签名方案相比,新方案的安全性更高。同时,相对随机预言模型下基于身份的门限签名方案,新方案更具有实际意义。     

An ID-based aggregate signature scheme with constant pairing computations

An aggregate signature scheme allows n signatures on n distinct messages from n distinct users to aggregate a single signature. The main benefit of such schemes is that they allow bandwidth and computational savings. Since Boneh et al.’s aggregate signature scheme from pairings, there exist several trials for constructing ID-based aggregate signature schemes. However, their computational complexity for pairing computations grows linearly with the number of signers. In this paper, we propose an efficient ID-based aggregate signature scheme with constant pairing computations. We also give its security proof in the random oracle model under the Computational Diffie-Hellman assumption.