Haiyong Bao

Efficient Certificateless Authentication and Key Agreement (CL-AK) for Grid Computing

Most of the current security architectures for grid systems use conventional public key infrastructure (PKI) to authenticate grid members and to secure resource allocation to these members. Certificateless public-key cryptography (CL-PKC) has some attractive properties which seem to align well with the demands of grid computing. In this paper, we present a certificateless protocol for authentication and key agreement (CL-AK) which fits well with the Grid Security Infrastructure (GSI) and provides a more lightweight key management approach for grid users. We show that the newly proposed protocol is of great efficiency and practical. Moreover, we prove that it provides perfect forward secrecy plus all the other security attributes of authentication and key agreement protocols such as known-key secrecy and no key control.

Identity-Based threshold proxy signature scheme with known signers

Threshold proxy signature is a variant of the proxy signature scheme in which only some subgroup of proxy signers with efficient size can sign messages on behalf of the original signer. Some threshold proxy signature schemes have been proposed up to data. But nearly all of them are under the certificate-based (CA-based) public key systems. In this paper, we put forward an identity-based (ID-based) threshold proxy signature scheme with known signers from bilinear pairings for the first time. Most of our constructions would be simpler but still with high security due to the properties of bilinear map built from Weil pairing or Tate pairing.

Improvement on Tzeng et al.'s nonrepudiable threshold multi-proxy multi-signature scheme with shared verification

Tzeng et al. proposed a novel variation of proxy signature scheme called threshold multi-proxy multi-signature scheme with shared verification. However, their scheme has some security weaknesses. In this paper, by identifying some concrete instances and analyses, we will show that their scheme cannot resist frame attacks. That is, after intercepting a valid proxy signature generated by a subset of a proxy group, an adversary can frame new signatures, which can be authenticated as if they were generated by the subset of the proxy group on behalf of the adversary. Furthermore, their scheme needs a trusty share distribution center (SDC) for setting some parameters and initialization of the scheme. To overcome these weaknesses, we also propose our improvement with no SDC in this paper.

Security of an efficient ID-Based authenticated key agreement protocol from pairings

Authenticated key agreement protocols are essential for secure communications in open and distributed environments. In 2004, Ryu et al. proposed an efficient two-party identity-based authenticated key agreement protocol based on pairings. However, in this paper, we demonstrate that their protocol is vulnerable to a key-compromise impersonation attack. The attacking scenario is described in details. Furthermore,we point out that their protocol provides the property of deniability and at the same time it is the mechanism used to achieve deniability that allows the key-compromise impersonation attack.

Cryptanalysis of Li-Tzeng-Hwang's improved signature schemes based on factoring and discrete logarithms

Laih and Kuo proposed two efficient signature schemes based on discrete logarithms and factorization. Recently, Li et al. improve one of their schemes in order to use fewer keys for a signing document. In this paper, we shall prove that their improvement of Laih and Kuos signature scheme is insecure. Moreover the improved signature scheme in fact is not based on two cryptographic assumptions simultaneously, and forging a signature on any message would not need to solve any difficult problems.

Remarks on Wu-Hsu's threshold signature scheme using self-certified public keys

Wu and Hsu proposed a (t,n) threshold signature scheme using self-certified public keys in order to integrate the properties of self-certified public key schemes and threshold signature schemes. Even though their scheme is more efficient when compared to previous works based on the certificate-based public key systems, we find some design defects of their scheme. In this paper, by identifying some concrete instances and analyses we will show that their scheme is not as secure as they claimed.

Proxy signature scheme using self-certified public keys

A (t, n) threshold proxy signature scheme enables an original signer to delegate his/her signing capability to n proxy signers such that any t or more proxy signers can sign messages on behalf of the original signer, but t−1 or less of them cannot do the same thing. Threshold proxy signatures have been suggested for use in the scenarios of distributed computing where delegation of rights is quite common. In ISPA’04, Xue and Cao proposed a new efficient threshold proxy signature scheme using self-certified public keys. The key advantage of their scheme is that a verifier can simultaneously validate the public keys of the original and proxy signers, and the alleged proxy signature just in a single step. As for the security, they claimed their scheme is secure against internal attacks, external attacks, collusion attacks, and public key substitution attacks. In this paper, however, we successfully identify an insider attack again their scheme. That is, a malicious proxy signer can forge a valid threshold proxy signature on any message. To thwart this attack, some improvements are further proposed.

Group–Proxy Signature Scheme: A Novel Solution to Electronic Cash

Abstract Proxy signature and group signature are two basic cryptographic primitives. Due to their valuable characteristics, many schemes have been put forward independently and they have been applied in many practical scenarios up to the present. However, with the development of electronic commerce, many special requirements come into being. In this article, we put forward the concept of group–proxy signature, which integrates the merits of proxy signature and group signature for the first time. We also demonstrate how to apply our scheme to construct an electronic cash system. The space, time, and communication complexities of the relevant parameters and processing procedures are independent of group size. Our demonstration of the concrete group–proxy signature scheme shows that the concepts brought forward by us are sure to elicit much consideration in the future.

On the security of a group signcryption scheme from distributed signcryption scheme

Signcryption denotes a cryptographic method, which can process encryption and digital signature simultaneously. So, adopting such schemes, computational cost of encryption and signature compared to traditional signature-then-encryption can be reduced to a great extent. Based on the existing distributed signcryption schemes, Kwak and Moon proposed a new distributed signcryption scheme with sender ID confidentiality and extended it to a group signcryption. Their scheme is more efficient in both communication and computation aspects. Unfortunately we will demonstrate that their scheme is insecure by identifying some security flaws. Exploring these flaws, an attacker without any secret can mount universal forging attacks. That is, anyone (not necessary the group member) can forge valid group signatures on arbitrary messages of his/her choice.

Two-Pass ID-Based Authenticated Key Agreement Protocol with Key Confirmation Using Pairings

In the area of secure communications, key agreement is one of the most important issues. In this paper, a practical two-party ID-based authenticated key agreement protocol is proposed, which uses pairings on certain elliptic curves. An important advantage of our protocol is that it provides unilateral key confirmation to the protocol initiator only in two passes. We first put forward a variant of the ID-based signature scheme due to Sakai et al., then we describe our protocol, which uses the variant as a building block. We show that the newly proposed key agreement protocol is fit for real-world applications, and at the same time, it satisfies every desired security requirements of key agreement protocols