Byoungcheon Lee

Secure Mobile Agent Using Strong Non-designated Proxy Signature

It is expected that mobile agent will be widely used for electronic commerce as an important key technology. If a mobile agent can sign a message in a remote server on behalf of a customer without exposingh is/her private key, it can be used not only to search for special products or services, but also to make a contract with a remote server. To construct mobile agents, [KBC00] used an RSA-based undetachable signature scheme, but it does not provide servers non-repudiation because the undetachable signature does not contain servers signature.Mobile agent is a very good application example of proxy signature, and the undetachable signature can be considered as an example of proxy signature. In this paper we show that secure mobile agent can be constructed using strong non-designated proxy signature [LKK01] which represents both the original signers (customer) and the proxy signers (remote server) signatures. We provide RSA-based and Schnorr-based constructions of secure mobile agent, and moreover we show that the Schnorr-based scheme can be used very efficiently in multi-proxy mobile agent situation.

Providing Receipt-Freeness In Mixnet-Based Voting Protocols

It had been thought that it is difficult to provide receipt-freeness in mixnet-based electronic voting schemes. Any kind of user chosen randomness can be used to construct a receipt, since a user can prove to a buyer how he had encrypted the ballot. In this paper we propose a simple and efficient method to incorporate receipt-freeness in mixnet-based electronic voting schemes by using the well known re-encryption technique and designated verifier re-encryption proof (DVRP). In our scheme a voter has to prepare his encrypted ballot through a randomization service provided by a tamper resistant randomizer (TRR), in such a way that he finally loses his knowledge on randomness. This method can be used in most mixnet-based electronic voting scheme to provide receipt-freeness.

Efficient Public Auction with One-Time Registration and Public Verifiability

In public auction, all bid values are published, but each bidder participates in auction protocol in anonymous way. Recently, Omote and Miyaji [OM01] proposed a new model of public auction in which any bidder can participate in plural rounds of auction with one-time registration. They have introduced two managers, registration manager (RM) and auction manager (AM), and have used efficient tools such as bulletin board and signature of knowledge [CS97].In this scheme, even if a bidder is identified as a winner in a round, he can participate in next rounds of auction maintaining anonymity for RM, AM, and any bidder. But a problem of this protocol is that the identity of winner cannot be published. In the winner announcement stage, RM informs the vendor of winners identity secretly. Therefore RMs final role cannot be verified, and AM and any participating bidder can not be sure of the validity of auction.In this paper, we propose a new public auction scheme which can solve this problem. In the proposed scheme, both RM and AM execute randomization operation in round setup process which makes the publication of winners identity be possible while keeping anonymity of winner in next rounds of auction. Moreover, AM provides ticket identifier based on Diffie-Hellman key agreement which is recognized only by the bidder. Our scheme provides real anonymity in plural rounds of auction with one-time registration in a verifiable way.

Receipt-Free Electronic Auction Schemes Using Homomorphic Encryption

Bid-rigging is a dangerous attack in electronic auction. Abe and Suzuki firstly introduced the idea of receipt-free to prevent this attack. In this paper we point out that Abe and Suzuki’s scheme only provides receipt-freeness for losing bidders. We argue that it is more important to provide receipt-freeness for winners and propose a new receipt-free sealed bid auction scheme using the homomorphic encryption technique. In contrast to Abe and Suzuki’s scheme, our scheme satisfies privacy, correctness, public verifiability and receipt-freeness for all bidders. Also, our scheme is not based on threshold trust model but three-party trust model, so it is more suitable for real-life auction. Furthermore, we extend our scheme to M+1-st price receipt-free auction.

An Efficient Mixnet-Based Voting Scheme Providing Receipt-Freeness

Receipt-freeness is an essential security property in electronic voting to prevent vote buying, selling or coercion. In this paper, we propose an efficient mixnet-based receipt-free voting scheme by modifying a voting scheme of Lee et al. The receipt-freeness property is obtained through the randomization service given by a trusted administrator, and assuming that two-way untappable channel is used between voters and the administrator. The efficiency is improved by employing a more efficient mixnet, which is a modification of Golle et al.’s optimistic mixnet. In the proposed scheme, the administrator provides both randomization (ballot re-encryption) and mixing service in the voting stage. Afterward, the ballots are mixed using the proposed efficient mixnet. Our mixnet-based voting scheme offers receipt-freeness in an efficient manner.

Secure Length-Saving ElGamal Encryption under the Computational Diffie-Hellman Assumption

A design of secure and efficient public key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as the ElGamal-type encryption is concerned, some variants of the original ElGamal encryption scheme whose security depends on weaker computational assumption have been proposed: Although the security of the original ElGamal encryption is based on the decisional Diffie-Hellman assumption (DDH-A), the security of a recent scheme, such as Pointcheval’s ElGamal encryption variant, is based on the weaker assumption, the computational Diffie-Hellman assumption (CDH-A). In this paper, we propose a length-saving ElGamal encryption variant whose security is based on CDH-A and analyze its security in the random oracle model. The proposed scheme is length-efficient which provides a shorter ciphertext than that of Pointcheval’s scheme and provably secure against the chosen-ciphertext attack.

Batch Verification for Equality of Discrete Logarithms and Threshold Decryptions

A general technique of batch verification for equality of discrete logarithms is proposed. Examples of batching threshold decryption schemes are presented based on threshold versions of ElGamal and RSA cryptosystems. Our technique offers large computational savings when employed in schemes with a large number of ciphertexts to be decrypted, such as in e-voting or e-auction schemes using threshold decryption. The resulting effect is beneficial for producing more efficient schemes.

Self-certified Signatures

A digital signature provides the authenticity of a signed message with respect to a public key and a certificate provides the authorization of a signer for a public key. Digital signature and certificate are generated independently by different parties, but they are verified by the same verifier who wants to verify the signature. In the point of a verifier, verifying two independent digital signatures (a digital signature and the corresponding certificate) is a burden.In this paper we propose a new digital signature scheme called self-certified signature. In this scheme a signer computes a temporary signing key with his long-term signing key and its certification information together, and generates a signature on a message and certification information using the temporary signing key in a highly combined and unforgeable manner. Then, a verifier verifies both signers signature on the message and related certification information together. This approach is very advantageous in efficiency. We extend the proposed self-certified signature scheme to multi-certification signature in which multiple certification information are verified. We apply it to public key infrastructure (PKI) and privilege management infrastructure (PMI) environments.

New receipt-free voting scheme using double-trapdoor commitment

It is considered to be the most suitable solution for large scale elections to design an electronic voting scheme using blind signatures and anonymous channels. Based on this framework, Okamoto first proposed a receipt-free voting scheme [30] for large scale elections. However, in the following paper, Okamoto [31] proved that the scheme [30] was not receipt-free and presented two improved schemes. One scheme requires the help of the parameter registration committee and the other needs a stronger physical assumption of the voting booth. In this paper, we utilize the double-trapdoor commitment to propose a new receipt-free voting scheme based on blind signatures for large scale elections. Neither the parameter registration committee nor the voting booth is required in our scheme. We also present a more efficient zero-knowledge proof for secret permutation. Therefore, our scheme is much more efficient than Okamotos schemes [30,31] with the weaker physical assumptions. Moreover, we prove that our scheme can achieve the desired security properties.

Security Framework for RFID-based Applications in Smart Home Environment

The concept of Smart-Homes is becoming more and more popular. It is anticipated that Radio Frequency IDentification (RFID) technology will play a major role in such environments. We can find many previously proposed schemes that focus solely on: authentication between the RFID tags and readers, and user privacy protection from malicious readers. There has also been much talk of a very popular RFID application: a refrigerator/bookshelf that can scan and list out the details of its items on its display screen. Realizing such an application is not as straight forward as it seems to be, especially in securely deploying such RFID-based applications in a smart home environment. Therefore this paper describes some of the RFID-based applications that are applicable to smart home environments. We then identify their related privacy and security threats and security requirements and also propose a secure approach, where RFID-tagged consumer items, RFID-reader enabled appliances (e.g., refrigerators), and RFID-based applications would securely interact among one another. At the moment our approach is just a conceptual idea, but it sheds light on very important security issues related to RFID-based applications that are beneficial for consumers.