Futai Zhang

On the security of certificateless signature schemes from asiacrypt 2003

In traditional digital signature schemes, certificates signed by a trusted party are required to ensure the authenticity of the public key. In Asiacrypt 2003, the concept of certificateless signature scheme was introduced. In the new paradigm, the necessity of certificates has been successfully removed. The security model for certificateless cryptography was also introduced in the same paper. However, as we shall show in this paper, the proposed certificateless signature is insecure in their defined model. We provide an attack that can successfully forge a certificateless signature in their model. We also fix this problem by proposing a new scheme.

A new certificateless aggregate signature scheme

Aggregate signatures are useful in special areas where the signatures on many different messages generated by many different users need to be compressed. In this paper, we study aggregate signatures in certificateless public key settings. We first present the notion and security model of certificateless aggregate signature schemes. Then we give an efficient certificateless aggregate signature scheme. Our scheme is existentially unforgeable under adaptive chosen-message attacks assuming the computational Diffie-Hellman problem is hard.

Identity-based ring signcryption schemes: cryptographic primitives for preserving privacy and authenticity in the ubiquitous world

In this paper, we present a new concept called an identity based ring signcryption scheme (IDRSC,). We argue that this is an important cryptographic primitive that must be used to protect privacy and authenticity of a collection of users who are connected through an ad-hoc network, such as Bluetooth. We also present an efficient IDRSC scheme based on bilinear pairing. As a regular signcryption scheme, our scheme combines the functionality of signature and encryption schemes. However, the idea is to have an identity based system. In our scheme, a user can anonymously sign-crypts a message on behalf of the group. We show that our scheme outperforms a traditional identity based scheme, that is obtained by a standard sign-then-encrypt mechanism, in terms of the length of the ciphertext. We also provide a formal proof of our scheme with the chosen cipher-text security under the decisional bilinear Diffie-Hellman assumption, which is believed to be intractable.

Short designated verifier signature scheme and its identity-based variant

The notion of strong designated verifier signature was put forth by Jakobsson, Sako and Impagliazzo in 1996, but the formal definition was defined recently by Saeednia, Kremer and Markowitch in 2003 and revisited by Laguillaumie and Vergnaud in 2004. In this paper, we firstly propose the notion of short strong designated verifier signature scheme, and extend it to the short identity-based strong designated verifier scheme. Then, we propose the first construction of short strong designated verifier signature scheme. We also extend our scheme to construct a short identity-based strong designated verifier signature scheme. The size of the signature of our schemes is the shortest compared to any existing schemes reported in the literature. We provide formal security proofs for our schemes based on the random oracle model. Finally, we also discuss an extension of our scheme to construct a short strong designated verifier signature without random oracle.

Simulatable certificateless two-party authenticated key agreement protocol

Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public-key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the so-called key escrow problem. Recently, certificateless cryptography was introduced to mitigate these limitations. In this paper, we first propose a security model for AKA protocols using certificateless cryptography. Following this model, we then propose a simulatable certificateless two-party AKA protocol. Security is proven under the standard computational Diffie-Hellman (CDH) and bilinear Diffie-Hellman (BDH) assumptions. Our protocol is efficient and practical, because it requires only one pairing operation and five multiplications by each party.

Efficient many-to-one authentication with certificateless aggregate signatures

Aggregate signatures allow an efficient algorithm to aggregate n signatures of n distinct messages from n different users into one single signature. The resulting aggregate signature can convince a verifier that the n users did indeed sign the n messages. This feature is very attractive for authentications in bandwidth-limited applications such as reverse multicasts and senor networks. Certificateless public key cryptography enables a similar functionality of public key infrastructure (PKI) and identity (ID) based cryptography without suffering from complicated certificate management in PKI or secret key escrow problem in ID-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme which has the advantages of both aggregate signatures and certificateless cryptography. The scheme is proven existentially unforgeable against adaptive chosen-message attacks under the standard computational Diffie-Hellman assumption. Our scheme is also very efficient in both communication and computation and the proposal is practical for many-to-one authentication.

Strongly secure certificateless public key encryption without pairing

Certificateless Public Key Cryptography (CLPKC) enjoys the advantage of ID-based public key cryptography without suffering from the key escrow problem. In 2005, Baek et al. proposed the first certificateless encryption (CLPKE) scheme that does not depend on pairing. Although it provides high efficiency, one drawback of their scheme is that the security proof only holds for a weaker security model in which the Type I adversary is not allowed to replace the public key associated with the challenge identity. In this paper, we eliminate this limitation and construct a strongly secure CLPKE scheme without pairing. We prove that the proposed scheme is secure against adaptive chosen-ciphertext attack in the random oracle model, provided that the Computational Diffie-Hellman problem is intractable.

A New Provably Secure Certificateless Signature Scheme

Certificateless public key cryptography was introduced by Al-Riyami and Paterson to overcome the key escrow problem of ID-PKC. In this paper, we present an efficient certificateless signature scheme using bilinear maps. The scheme can be proved secure in the strongest security model of certificateless signature schemes. In terms of computational cost, totally, only two pairing operations are required for signing and verification. It is more efficient than the other existing certificateless signature schemes secure against a super type I/II adversary.

Short (identity-based) strong designated verifier signature schemes

The notion of strong designated verifier signature was put forth by Jakobsson, Sako and Impagliazzo in 1996, but the formal definition was defined recently by Saeednia, Kremer and Markowitch in 2003 and revisited by Laguillaumie and Vergnaud in 2004. In this paper, we firstly propose the notion of short strong designated verifier signature scheme, and extend it to the short identity-based strong designated verifier scheme. Then, we propose the first construction of short strong designated verifier signature scheme. We also extend our scheme to construct a short identity-based strong designated verifier signature scheme. The size of the signature of our schemes is the shortest compared to any existing schemes reported in the literature. We provide formal security proofs for our schemes based on the random oracle model. Finally, we also discuss an extension of our scheme to construct a short strong designated verifier signature without random oracle.

Certificateless Designated Verifier Signature Schemes

Designated verifier signature schemes allow a signer to convince a designated verifier, in such a way that only the designated verifier will believe with the authenticity of such a signature. The previous constructions of designated verifier signature rely on the underlying public key Infrastructure, that requires both signer and verifier to verify the authenticity of the public keys, and hence, the certificates are required. In contrast to the previous constructions, in this paper, we propose the first notion and construction of the certificateless designated verifier signature scheme. In our new notion, the necessity of certificates are eliminated. We show that our scheme satisfies all the requirements of the designated verifier signature schemes in the certificateless system. We also provide complete security proofs for our scheme and prove that our scheme is unforgeable under the assumption of the gap bilinear Diffie-Hellman problem in the random oracle model