Han-Yu Lin

Efficient proxy signcryption scheme with provable CCA and CMA security

For facilitating the confidential transaction with delegation such as on-line proxy auction and business contract signing by an authorized proxy, we propose an efficient proxy signcryption scheme from pairings. Our scheme allows an original signer to delegate his signing power to a proxy one such that the latter can signcrypt a plaintext on behalf of the former. The signcrypted message can only be decrypted by a designated recipient who is also responsible for verifying the recovered proxy signature. To deal with a later dispute over repudiation, the designated recipient can easily announce the ordinary proxy signature for public verification without extra computational efforts. To guarantee the realistic applicability, we demonstrate that our scheme outperforms previous works in terms of functionalities and computational efficiency. Moreover, the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) are proved in random oracle models.

Pairing-based strong designated verifier proxy signature scheme with low cost

A proxy signature (PS) scheme has crucial benefits to the delegation operations in an organization. To further provide PS schemes with the property of confidentiality, in this paper, we propose a strong designated verifier PS scheme from pairings. The proposed scheme allows an authorized proxy signer to generate a valid PS on behalf of an original signer such that only the intended verifier is capable of validating it. Besides, the designated verifier cannot transfer the proof to convince any third party, which is referred to as non-transferability. Compared with previous works, ours has lower computational costs. Especially, the delegation process of our proposed scheme is pairing free. Moreover, the security requirement of unforgeability against existential forgery under adaptive chosen-message attacks is formally proven in the random oracle model. Copyright

Improved convertible authenticated encryption scheme with provable security

Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated recipient to reveal an ordinary signature for dealing with a later dispute over repudiation. Based on the ElGamal cryptosystem, in 2009, Lee et al. proposed a CAE scheme with only heuristic security analyses. In this paper, we will demonstrate that their scheme is vulnerable to the chosen-plaintext attack and then further propose an improved variant. Additionally, in the random oracle model, we prove that the improved scheme achieves confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA).

A Study on Parallel RSA Factorization

The RSA cryptosystem is one of the widely used public key systems. The security of it is based on the intractability of factoring a large composite integer into two component primes, which is referred to as the RSA assumption. So far, the Quadratic Sieve (QS) is the fastest and general-purpose method for factoring composite numbers having less than about 110 digits. In this paper, we present our study on a variant of the QS, i.e., the Multiple Polynomial Quadratic Sieve (MPQS) for simulating the parallel RSA factorization. The parameters of our enhanced methods (such as the size of the factor base and the length of the sieving interval) are benefit to reduce the overall running time and the computation complexity is actually lower. The experimental result shows that it only takes 6.6 days for factoring larger numbers of 100 digits using the enhanced MPQS by 32 workstations.

New identity-based key-insulated convertible multi-authenticated encryption scheme

Elaborating on the merits of convertible multi-authenticated encryption (CMAE) schemes and key-insulated systems, we propose a novel identity-based key-insulated convertible multi-authenticated encryption scheme (IB-KI-CMAE), which can effectively reduce the impact caused by the key exposure. Our scheme allows each user to periodically update his private key while the corresponding public one remains unchanged. Additionally, a group of signers can cooperatively generate an authenticated ciphertext such that only the designated recipient has the ability to decrypt the ciphertext and verify their signature. In case of a later dispute over repudiation, the designated recipient can easily reveal the converted multi-signature for public arbitration. Our scheme can bring crucial benefits to the applications such as joint account and business contract signing. Moreover, in the random oracle model, we also formally prove that the proposed scheme achieves the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA).

A NOVEL IDENTITY-BASED KEY-INSULATED CONVERTIBLE AUTHENTICATED ENCRYPTION SCHEME

For securing confidential applications such as credit card transactions, on-line auctions and business contract signing, etc., a convertible authenticated encryption (CAE) scheme simultaneously satisfying the properties of authenticity, confidentiality and non-repudiation is a better choice. By combining the advantages of identity-based systems and key-insulated ones, in this paper, we propose the first novel identity-based key-insulated CAE (IB-KICAE) scheme from pairings. Integrating with key-insulated systems, our scheme can effectively mitigate the impact caused by key exposure, as each user can periodically update his private key while the corresponding public one remains unchanged. The proposed scheme is conversion-free and supports unbounded time periods and random-access key-updates. Moreover, to guarantee its practical feasibility, the essential security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) are realized in the random oracle model.

An Identity-Based Key-Insulated Encryption with Message Linkages for Peer-to-Peer Communication Network

Key exposure is a major threat to secure cryptosystems. To mitigate the impact caused by key-compromise attacks, a key-insulated cryptographic mechanism is a better alternative. For securing the large message communication in peer-to-peer networks, in this paper, we propose the first novel identity-based key-insulated encryption (IB-KIE) scheme with message linkages. Our scheme has the properties of unbounded time periods and random-access key-updates. In the proposed scheme, each client can periodically update his private key while the corresponding public one remains unchanged. The essential security assumption of our proposed scheme is based on the well-known bilinear Diffie-Hellman problem (BDHP). To ensure the practical feasibility, we also formally prove that the proposed scheme achieves the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) in the random oracle model.

Provably convertible multi-authenticated encryption scheme for generalized group communications

In 2008, Wu et al. proposed a convertible multi-authenticated encryption (CMAE) scheme based on discrete logarithms. To improve the computational efficiency of Wu et al.s scheme, Tsai proposed another CMAE scheme without using message redundancy. These CMAE schemes, however, might be inadequate for group-oriented applications. In the same year, Chang presented a CMAE scheme using message redundancy for group communications [published in Information Sciences 178 (17) (2008) 3426-3434]. In his scheme, multiple signers of the same group can cooperate with each other to generate a valid authenticated encryption signature for a designated verifying group with access structured multiple verifiers. In this paper, we propose a new convertible multi-authenticated encryption scheme without using message redundancy for generalized group communications. Multiple signers of the signing group can cooperate with each other to generate a valid authenticated encryption signature for a verifying group with access structured multiple verifiers. The verifiers in the same access structure can cooperatively recover and verify the signing groups signature. In case of a later dispute, any participant verifier can convert the authenticated encryption signature into an ordinary one. As compared with previous works, our proposed scheme is more efficient in terms of computational efforts and communication overheads.

Improvement of the Miyazaki--Takaragi threshold digital signature scheme

To enhance the applications of smart cards, Miyazaki and Takaragi recently proposed a (t,n) threshold digital signature scheme based on the security of elliptic curve discrete logarithm problem (ECDLP). The advantages of their scheme are low communication bandwidth and computational complexity, which provides critical benefits for the use of smart cards in the distributed environments. Unfortunately, this paper will show that their scheme cannot withstand the forgery attack, which violates their security claim. We further amend the scheme against the attack with a simple improvement.

Self-Certified Proxy Convertible Authenticated Encryption Scheme

A proxy convertible authenticated encryption (CAE) scheme allows an original signer to delegate his signing power to a proxy signer such that the proxy signer can generate an authenticated ciphertext on behalf of the original signer. The generated authenticated ciphertext can only be decrypted and verified by the specific recipient instead of everyone else for the purpose of confidentiality. Integrating with self-certified public key systems, the proposed scheme can save more communication overheads and computation efforts, since it is not necessary to transmit and verify the public key certificate. That is, authenticating the public key can be combined with subsequent cryptographic operations such as the signature verification. In case of a later repudiation, the specific recipient has the ability to convert the signature into an ordinary one for convincing anyone of the signers dishonesty.