Showing papers on "Key escrow published in 2015"

Revocable and Scalable Certificateless Remote Authentication Protocol With Anonymity for Wireless Body Area Networks

Abstract: To ensure the security and privacy of the patient’s health status in the wireless body area networks (WBANs), it is critical to secure the extra-body communication between the smart portable device held by the WBAN client and the application providers, such as the hospital, physician or medical staff. Based on certificateless cryptography, this paper proposes a remote authentication protocol featured with nonrepudiation, client anonymity, key escrow resistance, and revocability for extra-body communication in the WBANs. First, we present a certificateless encryption scheme and a certificateless signature scheme with efficient revocation against short-term key exposure, which we believe are of independent interest. Then, a certificateless anonymous remote authentication with revocation is constructed by incorporating the proposed encryption scheme and signature scheme. Our revocation mechanism is highly scalable, which is especially suitable for the large-scale WBANs, in the sense that the key-update overhead on the side of trusted party increased logarithmically in the number of users. As far as we know, this is the first time considering the revocation functionality of anonymous remote authentication for the WBANs. Both theoretic analysis and experimental simulations show that the proposed authentication protocol is provably secure in the random oracle model and highly practical.

Round-Efficient and Sender-Unrestricted Dynamic Group Key Agreement Protocol for Secure Group Communications

Abstract: Modern collaborative and group-oriented applications typically involve communications over open networks. Given the openness of today’s networks, communications among group members must be secure and, at the same time, efficient. Group key agreement (GKA) is widely employed for secure group communications in modern collaborative and group-oriented applications. This paper studies the problem of GKA in identity-based cryptosystems with an emphasis on round-efficient, sender-unrestricted, member-dynamic, and provably secure key escrow freeness. The problem is resolved by proposing a one-round dynamic asymmetric GKA protocol which allows a group of members to dynamically establish a public group encryption key, while each member has a different secret decryption key in an identity-based cryptosystem. Knowing the group encryption key, any entity can encrypt to the group members so that only the members can decrypt. We construct this protocol with a strongly unforgeable stateful identity-based batch multisignature scheme. The proposed protocol is shown to be secure under the $k$ -bilinear Diffie–Hellman exponent assumption.

An Efficient Certificateless Aggregate Signature Scheme for Vehicular Ad-Hoc Networks

Abstract: The state-of-the-art telecommunication technologies have widely been adapted for sensing the traffic related information and collection of it. Vehicular Ad-Hoc Networks (VANETs) have emerged as a novel technology for revolutionizing the driving experiences of human. The most effective and widely recognized way for mutual authentication among entities in VANETs is digital signature scheme. The new and attractive paradigm which eliminates the use of certificates in public key cryptography and solves the key escrow problem in identity based cryptography is certificateless cryptography. A new certificateless aggregate signature scheme is proposed in the paper for VANETs with constant pairing computations. Assuming the hardness of computational Diffie-Hellman Problem, the scheme is proved to be existentially unforgeable in the random oracle model against adaptive chosen-message attacks.

Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud

Abstract: As a sophisticated mechanism for secure fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) is a highly promising solution for commercial applications such as cloud computing. However, there still exists one major issue awaiting to be solved, that is, the prevention of key abuse. Most of the existing CP-ABE systems missed this critical functionality, hindering the wide utilization and commercial application of CP-ABE systems to date. In this paper, we address two practical problems about the key abuse of CP-ABE: (1) The key escrow problem of the semi-trusted authority; and, (2) The malicious key delegation problem of the users. For the semi-trusted authority, its misbehavior (i.e., illegal key (re-)distribution) should be caught and prosecuted. And for a user, his/her malicious behavior (i.e., illegal key sharing) need be traced. We affirmatively solve these two key abuse problems by proposing the first accountable authority CP-ABE with white-box traceability that supports policies expressed in any monotone access structures. Moreover, we provide an auditor to judge publicly whether a suspected user is guilty or is framed by the authority.

Leading Johnny to Water: Designing for Usability and Trust.

Abstract: Although the means and the motivation for securing private messages and emails with strong end-to-end encryption exist, we have yet to see the widespread adoption of existing implementations. Previous studies have suggested that this is due to the lack of usability and understanding of existing systems such as PGP. A recent study by Ruoti et al. suggested that transparent, standalone encryption software that shows ciphertext and allows users to manually participate in the encryption process is more trustworthy than integrated, opaque software and just as usable. In this work, we critically examine this suggestion by revisiting their study, deliberately investigating the effect of integration and transparency on users’ trust. We also implement systems that adhere to the OpenPGP standard and use end-to-end encryption without reliance on third-party key escrow servers. We find that while approximately a third of users do in fact trust standalone encryption applications more than browser extensions that integrate into their webmail client, it is not due to being able to see and interact with ciphertext. Rather, we find that users hold a belief that desktop applications are less likely to transmit their personal messages back to the developer of the software. We also find that despite this trust difference, users still overwhelmingly prefer integrated encryption software, due to the enhanced user experience it provides. Finally, we provide a set of design principles to guide the development of future consumerfriendly end-to-end encryption tools.

Certificateless aggregate signature with efficient verification

Abstract: Certificateless public key cryptography CL-PKC is a cryptosystem solving the key escrow problem of identity-based cryptography. One of the applications of CL-PKC is certificateless aggregate signature CLAS that in practice can be used to efficiently verify concealed data aggregation in wireless sensor networks. CLAS is referred to as an extension of certificateless signature, which in particular performs verification for many signatures efficiently. Therefore, not only plenty of CLAS schemes have been proposed but also the security models of CLAS were introduced in the literature. Recently, some CLAS schemes are extended from specific certificateless signature CLS schemes. However, we found that two certificateless signature CLS and their corresponding CLAS schemes are not secure. In this paper, we simplify the relation of security definitions of CLS and CLAS. Then, a new CLAS scheme is proposed, which leads to the advantages of both certificateless cryptography and aggregate signature. Moreover, our scheme only depends on constant pairing operations to verify a large number of signatures per time, because pairing is a complicated operation with high cost in computations. Copyright © 2014 John Wiley & Sons, Ltd.

An efficient certificateless signature scheme without bilinear pairings

Abstract: During these years, the research field of certificateless signature (CLS) scheme is promptly investigated as the key escrow problem in identity-based cryptography can be solved via CLS concept. However, due to the bandwidth limitation of mobile communication and the resource-constraint property of handheld mobile devices, most CLS schemes cannot fulfill the requirement of computation efficiency for mobile communication architecture. Hence, the design of lightweight CLS protocol refined from traditional cryptosystem technologies for existing mobile communication environment becomes one of the most important research trends. In this paper, we demonstrate a novel CLS scheme which is immune against bilinear pairings. Without the heavy computation of bilinear pairings, our proposed scheme is efficient and practical for mobile communication. Meanwhile, the proposed CLS scheme possesses strong security density owing to the adoption of point addition of elliptic curve cryptography. A formal security analysis is presented to guarantee the security robustness of our CLS protocol under the hardness of breaking elliptic curve discrete logarithm problem.

Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud.

Abstract: As a sophisticated mechanism for secure fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) is a highly promising solution for commercial applications such as cloud computing. However, there still exists one major issue awaiting to be solved, that is, the prevention of key abuse. Most of the existing CP-ABE systems missed this critical functionality, hindering the wide utilization and commercial application of CP-ABE systems to date. In this paper, we address two practical problems about the key abuse of CP-ABE: (1) The key escrow problem of the semi-trusted authority; and, (2) The malicious key delegation problem of the users. For the semi-trusted authority, its misbehavior (i.e., illegal key (re-)distribution) should be caught and prosecuted. And for a user, his/her malicious behavior (i.e., illegal key sharing) need be traced. We affirmatively solve these two key abuse problems by proposing the first accountable authority CP-ABE with whitebox traceability that supports policies expressed in any monotone access structures. Moreover, we provide an auditor to judge publicly whether a suspected user is guilty or is framed by the authority.

Revocable Certificateless Public Key Encryption

Abstract: The concept of a certificateless public-key system (CL-PKS) was first introduced by Al-Riyami and Paterson. The CL-PKS not only solves the key escrow problem but also retains the merit of eliminating the required certificates in the identity-based PKS. Up to now, there was little work on studying the revocation problem in existing CL-PKS constructions. In this paper, we address the revocation problem and propose the first revocable certificateless public-key encryption (RCL-PKE). We define the new syntax and security notions of the RCL-PKE and propose a concrete RCL-PKE scheme. Compared with the previously proposed CL-PKE schemes, the proposed RCL-PKE scheme retains efficiency for encryption and decryption procedures while providing an efficient revocation alternative using a public channel. Under the computational and the bilinear Diffie–Hellman assumptions, we demonstrate that our RCL-PKE scheme is semantically secure against adaptive chosen-ciphertext attacks.

ECDLP-based certificateless proxy signature scheme with message recovery

Abstract: Certificateless public key cryptography PKC eliminates the use of certificates in traditional PKC and the key escrow problem in identity-based PKC. Up to now, a number of certificateless proxy signature CLPS schemes have been proposed. However, only a little attention has been paid to the construction of CLPS schemes with message recovery. Recently, Singh and Verma proposed a CLPS scheme with message recovery from bilinear pairings. Total computation cost of a pairing is higher than that of elliptic curve-based scalar multiplication over elliptic curve group. So, schemes without pairings would be more appealing in terms of efficiency. To the best of our knowledge, there is no provable secure CLPS scheme with message recovery based on elliptic curve discrete log problem. We first propose such CLPS scheme. Our scheme is secure against existential forgery under adaptive chosen message and ID attacks. Furthermore, it is more efficient than Singh and Verma's scheme for practical applications. Copyright © 2012 John Wiley & Sons, Ltd.

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Abstract: Disruption-tolerant network (DTN) advancements are getting to be a productive provision that allow remote device passed on by officers to talk with each other and access the classified data or secret data by abusing outside storage nodes. This framework gives the effective situation to approval strategies and the solutions overhaul for secure data recovery in most difficult cases. The most encouraging cryptographic solutions are acquainted with control the access issues called Cipher text-Policy Attribute-Based Encryption (CP-ABE). Indisputably the most difficult issues in this state are the prerequisite of endorsement arrangements and the methodologies redesign for secure data recovery. Then again, the issue of applying CP-ABE in decentralized DTNs presents a couple of securities and insurance challenges as to the property disavowal, key escrow, and coordination of characteristics issued from particular forces. In this paper, we propose a protected data recovery arrangement using CP-ABE for decentralized DTNs where various key forces manage their properties freely. We display how to apply the proposed part to securely and proficiently deal with the portrayed data scattered in the data scattered in the Interference or disruption tolerant network.

Certificateless online/offline signcryption scheme

Abstract: Signcryption is a highly efficient approach to achieve simultaneously confidentiality and authentication of message, which is more feasible than the simple combination of encryption and signature. The online/offline cryptography can further enhance the efficiency of signcryption system process without affecting its security. At present, most online/offline signcryptions focus on the ID-based setting. However, the key escrow problem is inherent in ID-based cryptography, which is regarded as the main barrier to affect the implementation of system. In this paper, we propose a brand new certificateless online/offline signcryption scheme. We prove the security of our scheme under q-mBDHI, CDH and q-CAA assumptions in the random oracle model. The proposed scheme overcomes the key escrow problem in the ID-based setting. Copyright © 2014 John Wiley & Sons, Ltd.

A Modified Efficient Certificateless Signature Scheme without Bilinear Pairings

Abstract: Certificateless public key cryptography was proposed to solve the key escrow problem in identity-based public key cryptography. Namely, a user's full private key must be comprised of a partial private key which is provided by the key generation center and a secret value which is chosen by the user. Thus the key generation center can no longer acquire each user's full private key by itself. In 2014, Yeh et al. proposed an efficient certificateless public key signature scheme without bilinear pairings. They also showed their scheme is secure against super adversary under the hardness of breaking discrete logarithm problem in the random model. In this paper, we modify Yeh et al.'s scheme to obtain a new scheme which is more practical than theirs. And our modified scheme can achieve the same security level as Yeh et al.'s scheme under the hardness of breaking discrete logarithm problem in the random model.

Certificateless Proxy Re-Encryption Without Pairing: Revisited

Abstract: Proxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to efficiently solve the problem of delegation of decryption rights. In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same message for Bob without learning anything about the underlying message. From its introduction, several proxy re-encryption schemes in the Public Key Infrastructure (PKI) and Identity (ID) based setting have been proposed. In practice, systems in the public key infrastructure suffer from the certificate management problem and those in identity based setting suffer from the key escrow problem. Certificateless Proxy Re-encryption schemes enjoy the advantages provided by ID-based constructions without suffering from the key escrow problem.In this work, we construct the first unidirectional, single-hop CCA-secure certificateless proxy re-encryption scheme without pairing by extending the PKI based construction of Chow et al. proposed in 2010. We prove its security in the random oracle model under the Computational Diffie-Hellman (CDH) assumption. Prior to this work, the only secure certificateless proxy re-encryption scheme is due to Guo et al. proposed in 2013 using bilinear pairing. They proved their construction is RCCA-secure under q-weak Decisional Bilinear Diffie-Hellman assumption. The construction proposed in this work is more efficient than that system and its security relies on more standard assumptions. We also show that the recently proposed construction of Yang et al. is insecure with respect to the security model considered in this work.

EABDS: Attribute-Based Secure Data Sharing with Efficient Revocation in Cloud Computing

Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is becoming a promising solution to guarantee data security in cloud computing. In this paper, we present an attribute-based secure data sharing scheme with Efficient revocation (EABDS) in cloud computing. Our scheme first encrypts data with Data encryption key (DEK) using symmetric encryption and then encrypts DEK based on CP-ABE, which guarantees the data confidentiality and achieves fine-grained access control. In order to solve the key escrow problem in current attribute based data sharing schemes, our scheme adopts additively homomorphic encryption to generate attribute secret keys of users by attribute authority in cooperation with key server, which prevents attribute authority from accessing the data by generating attribute secret keys alone. Our scheme presents an immediate attribute revocation method that achieves both forward and backward security. The computation overhead of user is also reduced by delegating most of the decryption operations to the key server. The security and performance analysis results show that our scheme is more secure and efficient.

Multi-authority attribute-based encryption scheme from lattices

Abstract: Access control can selectively restrict access to sensitive information stored by third-party sites on the Internet. Attribute-based encryption (ABE) schemes can strengthen the effective combination of flexibility and operability of access control. They allow one sender to encrypt a message for more than one recipient, and to spec- ify who should be able to decrypt, using attributes alone. Since 2005, many powerful ABE schemes have been presented, but there are two types of problem that haven't be efficiently resolved so far. On the one hand, as practical extension of identity-based encryption (IBE) schemes, ABE schemes are also confronted with key escrow problem. On the other hand, attribute set belonging to one user is usually monitored by different authorities in this era of collaboration. Multi-authority ABE (MA-ABE) schemes can simultaneously resolve these problems, but now they have not been thoroughly inves- tigated yet. More precisely, MA-ABE schemes against quantum attack are the main barrier of the development of ABE schemes in a 'post-quantum' world. In this paper, we firstly present a MA-ABE scheme from lattices, in which identities of users are authenticated by a central authority, which improves the efficiency of authentication. Furthermore, different attribute private keys are still distributed by different authorities, and the central authority cannot obtain any secret information of other attribute authorities, which resolves key escrow problem to some extent. In MA- ABE, attribute private keys belonging to one user are generated by different authorities, and how to ensure correct decryption is one of the crux of schemes. Our scheme gives a simple solution, and each user's attribute private keys are combined using sharing of common public information to automatically realize correct decryption. To our best knowledge, this is the first MA-ABE scheme from lattices, and it is more efficient than the MA-ABE presented by Melissa Chase. Finally, we present a multi-authority large universe ABE scheme, in which the sizes of the public key and the ciphertext are only relative to the number of the attribute authorities, and a user will be able to decrypt a ciphertext if and only if he has at least tK attributes from each authority K.

Secure Data Storage and Data Retrieval in Cloud Storage using Cipher Policy Attribute based Encryption

Abstract: Cloud is an arising and a massive technical development of this modern era which offers variety of services to satisfy the needs of multiple users. Cloud technology has various advantages such as high availability, storage, fast data retrieval, it still has a limitation to overcome which is known as security. Ciphertext Policy Attribute Based Encryption is a proficient technique for addressing this security issue, in which the owner of the data will create a control structure for encrypting the information. Decryption is possible when the peculiar attributes of the users satisfies that access control tree. Private keys for the users will be generated based on the attributes of the users. Another aspect to be considered in this technique is key escrow problem where single third party authority has the ability to decrypt the ciphertext which might contain sensitive information. In order to overcome this problem multiple authority CP-ABE is introduced. In the proposed scheme key generation for the users will issued by separate key generation authority and attributes of the users will be managed by attribute management authority. So none of the authority can decrypt data holder’s secret information. Authorities cannot pool data so the collision attack is not possible. Illustration of the proposed technique follows in the later sections of the paper.

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Abstract: Mobile nodes in military environments such as a battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions Disruption-tolerant network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval Ciphertext-policy attribute-based encryption (CP -ABE) is a promising cryptographic solution to the access control issues However, the problem of applying CP-ABE in decentralized DTNs introduces several security and privacy challenges with regard to the attribute revocation, key escrow, and coordination of attributes issued from different authorities In this paper, we propose a se-cure data retrieval scheme using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network

Secure Certificateless Aggregate Signature Scheme

Abstract: Certificateless public key cryptography can solve the key escrow problem without any digital certificates to bind users and their public keys. Meanwhile, aggregate signature can efficiently lower the cost of computations and communications. Hence it is of interest to construct a certificateless aggregate signature scheme by taking advantages of the two methods. Though great progress has been made in this area, certificateless aggregate signature schemes available today cannot simultaneously achieve the objectives of being secure against both types of super adversaries and being efficient in operation. This paper puts forward a construction of certificateless aggregate signature scheme with stronger security by using pairings and introducing state information. The state information is used to hold partial information on a given hard problem in the random oracle model. The results show that the presented scheme, based on the infeasibility of the computational Diffie-Hellman (CDH) problem, is secure against both super adversaries. At the same time, the new scheme needs only four pairings during the processes of individual signature and verification for an aggregate signature by making good use of public information and the properties of bilinear maps. Furthermore, after knowing the same state information, a user in the scheme can perform individual signature operations in a non-interactive manner, which allows any users in the system to join dynamically for generating an

Certificateless and certificate-based signatures from lattices

Abstract: Certificateless signature and certificate-based signature are two attractive replacements of regular signature and identity-based signature because they can alleviate the vexing certificate management problem in regular signatures and can also eliminate the inherent key escrow problem in identity-based signatures. Although a number of certificateless signatures and certificate-based signatures from bilinear pairings have been proposed, their lattice-based counterparts still remain unrealized. In this paper, we present the first constructions of certificateless signature and certificate-based signature from lattices. Both constructions are proven to be secure in the random oracle model under conventional small integer solution assumption that is as hard as approximating several standard lattice problems. Copyright © 2014 John Wiley & Sons, Ltd.

A strongly secure pairing-free certificateless authenticated key agreement protocol suitable for smart media and mobile environments

Abstract: The authenticated key agreement (AKA) protocol is an important cryptographic mechanism, which allows two users to establish a session key for future communication. Recently, the certificateless public key cryptography received wide attention since it could solve the certificate management problem in the traditional public key cryptography and solve the key escrow problem in the identity-based public key cryptography. In this paper, we present a strongly secure certificateless authenticated key agreement (CLAKA) protocol without pairing suitable for smart media and mobile environments, which is provably secure in the extended Canetti---Krawczyk (eCK) model and is secure as long as each party has at least one uncompromised secret. Compared with previous CLAKA protocols, our protocol has advantages over them in security or efficiency.

Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing

Abstract: Proxy re-encryption (PRE) has been considered as a promising candidate to secure data sharing in public cloud by enabling the cloud to transform the ciphertext to legitimate recipients on behalf of the data owner, and preserving data privacy from semi-trusted cloud. Certificateless proxy re-encryption (CL-PRE) not only eliminates the heavy public key certificate management in traditional public key infrastructure, but also solves the key escrow problem in the ID-based public key cryptography. By considering that the existing CL-PRE schemes either rely on expensive bilinear pairings or are proven secure under weak security models, we propose a strongly secure CL-PRE scheme without resorting to the bilinear pairing. The security of our scheme is proven to be secure against adaptive chosen ciphertext attack (IND-CCA) under a stronger security model in which the Type I adversary is allowed to replace the public key associated with the challenge identity. Furthermore, the simulation results demonstrate that our scheme is practical for cloud based data sharing in terms of communication overhead and computation cost for data owner, the cloud and data recipient.

Strongly Secure Certificateless Signature: Cryptanalysis and Improvement of Two Schemes *

Abstract: Certificateless cryptography is a well-known system to avoid the key escrow problem of identity-based cryptography. Since it was introduced by Al-Riyami and Paterson in 2003, plenty of schemes and security models had been presented and discussed. Particularly, certificateless signature (CLS) is the most lightened to attract research attention. In the literature works, Hu et al. introduced generic construction and security model that can satisfy non-repudiation. On the other hand, Huang et al. simulated possible attacks and defined more complete security models of CLS for existential unforgeability, and they sorted adversaries into normal, strong, and super adversaries (ordered by their attack powers). In this paper, we consider the security of CLS schemes regarding both of existential unforgeability and non-repudiation. We not only show the weaknesses of two CLS schemes of Fan et al. [5] and Xiong et al. [13], but also point out the loopholes of their security proofs. Hence, we improve the weaknesses and loopholes by proposing a new certificateless short signature with low bandwidth. The proposed scheme is provably secure against the super adversaries and reaches the highest security level.

A Pairing Free Anonymous Certificateless Group Key Agreement Protocol for Dynamic Group

Abstract: Group key agreement protocol is the primary requirement of several groupware applications like secure conferences; pay-per view, etc. which requires secure and authentic conversations among a group of participants via public networks. Protocols based on the certificateless public key cryptography (CL-PKC) are in demand because it overcomes the complex certificate management of traditional public key cryptography, as well as the key escrow problem of identity-based cryptography. Several group applications often need users anonymity also, along with their security features. However in current literature only few group key agreement protocols are available which supports user's anonymity. Further almost all GKA protocols based on CL-PKC are employs bilinear pairing in their operations. The expensive computation of pairing motivates the researchers to propose pairing free protocols based on the CL-PKC. The present paper proposes a pairing free certificateless group key agreement protocol that meets the efficiency, authenticity, and strong security with complete anonymity. The formal security validation of proposed protocol has been done by using automated validation of internet security protocols and applications tool which shows that it is unforgeable against the various attacks. The proposed protocol has the comparable performance than other existing protocols in terms of computation and communication overheads.

Making Any Identity-Based Encryption Accountable, Efficiently

Abstract: Identity-Based Encryption IBE provides a compelling solution to the PKI management problem, however it comes with the serious privacy consideration that a trusted party called the PKG is required to generate and hence also know the secret keys of all users. This inherent key escrow problem is considered to be one of the major reasons hindering the wider utilization of IBE systems. In order to address this problem, Goyal [20] introduced the notion of accountable authority IBE A-IBE, in which a judge can differentiate the PKG from the user as the source of a decryption software. Via this "tracing" mechanism, A-IBE deters the PKG from leaking the user's secret key and hence offers a defense mechanism for IBE users against a malicious PKG. All previous works on A-IBE focused on specialized constructions trying to achieve different properties and efficiency enhancements. In this paper for the first time we show how to add accountability to any IBE scheme using oblivious transfer OT, with almost the same ciphertext efficiency as the underlying IBE. Furthermore, we extend our generic construction to support identity reuse without losing efficiency. This property is desirable in practice as users may accidentally lose their secret keys and they -naturally- prefer not to abandon their identities. How to achieve this property was open until our work. Along the way, we first modify the generic construction and develop a new technique to provide public traceability generically.

Strongly secure certificateless key-insulated signature secure in the standard model

Abstract: To protect signing rights against the compromise of secret key, the key-insulated signature (KIS) has attracted a lot of attention from the industry and academia. It would be interesting to investigate the notion of KIS in the certificateless public key cryptography (CL-PKC) environment to solve the problem of certificate management and key escrow simultaneously. To capture the seeming neglected attack mounted by the malicious key generation center (KGC), a stronger security model for the CL-PKC should be considered. In this paper, we first show that the only known CL-KIS scheme is vulnerable against malicious KGC attack, and then propose the first CL-KIS scheme secure against malicious KGC attack, with security proof in the standard model.

An improved certificateless strong key-insulated signature scheme in the standard model

Abstract: Exposure of secret keys may be the most devastating attack on a public key cryptographic scheme since such that security is entirely lost. The key-insulated security provides a promising approach to deal with this threat since it can effectively mitigate the damage caused by the secret key exposure. To eliminate the cumbersome certificate management in traditional PKI-supported key-insulated signature while overcoming the key escrow problem in identity-based key-insulated signature, two certificateless key-insulated signature schemes without random oracles have been proposed so far. However, both of them suffer from some security drawbacks and do not achieve existential unforgeability. In this paper, we propose a new certificateless strong key-insulated signature scheme that is proven secure in the standard model. Compared with the previous certificateless strong proxy signature scheme, the proposed scheme offers stronger security and enjoys higher computational efficiency and shorter public parameters.