Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

An improved ring signature scheme without trusted key generation center for wireless sensor network

Abstract: Security of wireless sensor network (WSN) is a considerable challenge, because of limitation in energy, communication bandwidth and storage. ID-based cryptosystem without checking and storing certificate is a suitable way used in WSN. But key escrow is an inherent disadvantage for traditional ID-based cryptosystem, i.e., the dishonest key generation center (KGC) can forge the signature of any node and on the other hand the node can deny the signature actually signed by him/herself. To solving this problem, we propose an ID-based ring signature scheme without trusted KGC. We also present the accurate secure proof to prove that our scheme is secure against existential forgery on adaptively chosen message and ID attacks assuming the complexity of computational Diffie-Hellman (CDH) problem. Compared with other ring signature schemes, we think proposed scheme is more efficient.

Lightweight Searchable Encryption Scheme Based on Certificateless Cryptosystem

Abstract: Searchable encryption technology can guarantee the confidentiality of cloud data and the searchability of ciphertext data, which has a very broad application prospect in cloud storage environments. However, most existing searchable encryption schemes have problems, such as excessive computational overhead and low security. In order to solve these problems, a lightweight searchable encryption scheme based on certificateless cryptosystem is proposed. The user's final private key consists of partial private key and secret value, which effectively solves the certificate management problem of the traditional cryptosystem and the key escrow problem of identity-based cryptosystem. At the same time, the introduction of third-party manager has significantly reduced the burden in the cloud server and achieved lightweight multi-user ciphertext retrieval. In addition, the data owner stores the file index in the third-party manager, while the file ciphertext is stored in the cloud server. This ensures that the file index is not known by the cloud server. The analysis results show that the scheme satisfies trapdoor indistinguishability and can resist keyword guessing attacks. Compared with similar certificateless encryption schemes, it has higher computational performance in key generation, keyword encryption, trapdoor generation and keyword search.

Insecurity of a Secure Certificate-Based Signature Scheme

Abstract: Certificate-Based Signature (CBS) not only provides the solution of certificate revocation problems arise in the traditional public key cryptography but also solve key escrow problem arise in ID Based signature scheme. Recently, Hung et al’s design an efficient short certificate based signature scheme (SCBS) using bilinear pairing publish in "Information Technology and Control", T. 45, Nr. 3 in 2016 and proves that it is safe against type 1 and type 2 adversaries under the computational Diffie-Hallmen (CDH) assumption. In this paper, we show that Hung et al’s scheme is not protected against an adversary who has no need of secret value and partial private key to forge the legal signature.

New Efficient Certificateless Blind Signature Scheme

Abstract: As a new paradigm, certificateless public key cryptography was introduced by AI-Riyami and Paterson. It resolves the high cost of certificate in the traditional public key cryptography and the inherent key escrow problem in the identity-based cryptography. Due to the advantages of certificateless public key cryptography, a new efficient certificateless blind signature scheme from bilinear maps is proposed, which requires less computational effort by comparing with previous constructions. The number of pairing operations in the signing and verification phase of our scheme is only one. This is probably the best to achieve in pairing based signature schemes. Furthermore, we show that the proposed scheme is provably secure in the random oracle model. The security of our scheme is proven based on the hardness of q-Strong Diffie-Hellman problem and the Inverse Computational Diffie-Hellman problem.

Certificateless Public Key Authenticated Searchable Encryption With Enhanced Security Model in IIoT Applications

Abstract: In Industrial Internet of Things, powerful cloud servers are needed to process substantial sensitive industrial data, which should be encrypted before being uploaded to the cloud. To retrieve encrypted data, certificateless public key authenticated encryption with keyword search (CLPAEKS) is proposed. It has three advantages: 1) no certificate management problem; 2) no key escrow problem; and 3) inside keyword guessing attack resistance. The basic security requirements of current CLPAEKS schemes are ciphertext indistinguishability (CI security) and trapdoor indistinguishability (TI security) in the single-challenge setting. However, these security requirements are incomplete, since some necessary real-world scenarios are not considered: 1) the multichallenge setting to capture scenarios where multiple keywords may be embedded in one file or search query and 2) the fully chosen keyword attack, which allows the adversary to obtain ciphertext or trapdoor of any keyword. In this article, we formalize two enhanced security models for the CLPAEKS system to both capture the multichallenge setting and resist against fully chosen keyword attacks. Then, we provide a cryptanalysis on some of previous CLPAEKS schemes to better understand the necessity of these security models. Furthermore, we propose the first CLPAEKS scheme provably secure in our enhanced security models. Compared with previous CLPAEKS schemes, our scheme provides stronger security guarantee for the privacy of both ciphertext keyword and target keyword. We also evaluate the performance of our CLPAEKS scheme and optimize the efficiency of our scheme by performing most of the computation offline. As a result, the online efficiency of our CLPAEKS scheme is comparable to other schemes optimized using the same techniques.