Your search keyword '"random oracle model"' showing total 1,304 results

1. zkSNARKs in the ROM with Unconditional UC-Security

Author

Chiesa, Alessandro, Fenzi, Giacomo, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Boyle, Elette, editor, and Mahmoody, Mohammad, editor

Published

2025

2. How to Apply Fujisaki-Okamoto Transformation to Registration-Based Encryption

Author

Chiku, Sohto, Hara, Keisuke, Hashimoto, Keitaro, Tomita, Toi, Shikata, Junji, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Kohlweiss, Markulf, editor, Di Pietro, Roberto, editor, and Beresford, Alastair, editor

Published

2025

3. Lattice-based ring signcryption scheme for smart healthcare management.

Author

Sourav and Ali, Rifaqat

Subjects

*MEDICAL records, *PHOTONS, *QUANTUM computing, *QUANTUM cryptography, *RECORDS management

Abstract

Conventional signcryption schemes that depend on discrete logarithm problem, big integer prime factorization, and bilinear pairing are at risk in the context of quantum computers. We suggest a signcryption scheme based on a lattice to overcome the problems posed due to potential quantum computers in healthcare management which is named as lattice-based ring signcryption scheme for smart healthcare management (LRS-SHM). Unlike existing schemes, our design uses regenerated keys for every signature generated by user itself (instead of a key generation center), thus protecting the privacy of the user. Furthermore, we provide an anonymous health record management scheme that combines a (t, n) threshold method with our lattice-based signcryption system in an effort to overcome the existing anonymity limits in health record administration, especially in light of quantum computing concerns. We show the anonymity of our lattice-based signcryption method against confidentiality and its existential non-forgeability against insider corruption in the context of health record administration, proving security under the random oracle model. We compare our proposed scheme with existing schemes and found that our scheme is more efficient than others. By the use of (t, n) threshold scheme, we protect our scheme from single point of failure because we distribute the secret share to n number of users and to reconstruct the secret the scheme requires at least t users. Empowering privacy, our lattice-based signcryption prevents quantum threats, introduces seamless key control, and enhances health record anonymity, setting a new standard for secure and efficient cryptographic solutions. [ABSTRACT FROM AUTHOR]

Published

2024

4. Committed-programming reductions: formalizations, implications and relations.

Author

Zhang, Jiang, Yu, Yu, Feng, Dengguo, Fan, Shuqin, and Zhang, Zhenfeng

Abstract

In this work, we introduce a class of black-box (BB) reductions called committed-programming reduction (CPRed) in the random oracle model (ROM) and obtain the following interesting results: (1) we demonstrate that some well-known schemes, including the full-domain hash (FDH) signature (Eurocrypt 1996) and the Boneh-Franklin identity-based encryption (IBE) scheme (Crypto 2001), are provably secure under CPReds; (2) we prove that a CPRed associated with an instance-extraction algorithm implies a reduction in the quantum ROM (QROM). This unifies several recent results, including the security of the Gentry-Peikert-Vaikuntanathan IBE scheme by Zhandry (Crypto 2012) and the key encapsulation mechanism (KEM) variants using the Fujisaki-Okamoto transform by Jiang et al. (Crypto 2018) in the QROM. Finally, we show that CPReds are incomparable to non-programming reductions (NPReds) and randomly-programming reductions (RPReds) formalized by Fischlin et al. (Asiacrypt 2010). [ABSTRACT FROM AUTHOR]

Published

2024

5. Fiat–Shamir Bulletproofs are Non-malleable (in the Random Oracle Model)

Author

Ganesh, Chaya, Orlandi, Claudio, Pancholi, Mahak, Takahashi, Akira, and Tschudi, Daniel

Abstract

Bulletproofs (Bünz et al., in: 2018 IEEE symposium on security and privacy, IEEE Computer Society Press, pp 315–334, 2018) are a celebrated ZK proof system that allows for short and efficient proofs, and have been implemented and deployed in several real-world systems. In practice, they are most often implemented in their non-interactive version obtained using the Fiat–Shamir transform. A security proof for this setting is necessary for ruling out malleability attacks. These attacks can lead to very severe vulnerabilities, as they allow an adversary to forge proofs re-using or modifying parts of the proofs provided by the honest parties. An earlier version of this work (Ganesh et al., in: EUROCRYPT 2022, Part II. LNCS, vol 13276, Springer, Cham, pp 397–426, 2022) provided evidence for non-malleability of Fiat–Shamir Bulletproofs. This was done by proving simulation-extractability, which implies non-malleability, in the algebraic group model. In this work, we generalize the former result and prove simulation-extractability in the programmable random oracle model, removing the need for the algebraic group model. Along the way, we establish a generic chain of reductions for Fiat–Shamir-transformed multi-round public-coin proofs to be simulation-extractable in the (programmable) random oracle model, which may be of independent interest. [ABSTRACT FROM AUTHOR]

Published

2025

6. Robust Schnorr-based subgroup multi-signature scheme

Author

Zhenqi ZHANG, Qiuchi ZHU, Zhiwei WANG

Subjects

schnorr signature, multi-signature, robustness, discrete logarithmic assumption, random oracle model, Electronic computers. Computer science, QA75.5-76.95

Abstract

The consensus mechanism has been considered as the core technology of blockchain systems. However, current consensus mechanisms have encountered three issues: low consensus efficiency, low reliability and security, and high computational complexity. To address these issues, a new Schnorr-based subgroup multi-signature scheme was proposed. This scheme retained the advantage of low computational complexity inherent in the Schnorr digital signature cryptosystem while incorporating the benefits of subgroup multi-signature. It allowed an indeterminate number of members from the entire set to form subgroups to generate multi-signatures, which replaced the group signature. The unpredictability of the subgroups effectively avoided the occurrence of Byzantine traitors, thus enhancing security and solving the problems of low reliability, security, and high computational complexity in consensus mechanisms. Additionally, a public third party was introduced, implemented by automatically and publicly executed smart contracts. It was completely open and transparent, capable of resisting the rogue public-key attack, and reduced the total number of communication rounds and time overhead in the signing process, addressing the issue of low consensus efficiency. The robustness of this scheme was proven in detail, demonstrating an improvement in the security of consensus mechanisms. Based on the discrete logarithm assumption, the scheme was shown to be unforgeable in the random oracle model. Theoretical analysis and experimental results show that the scheme possesses smaller public key length, private key length, single signature length, and multi-signature length, with fewer communication rounds and reduced time overhead in the signature generation and verification algorithms, providing superior performance when applied to consensus mechanisms.

Published

2024

7. Lattice-Based Polynomial Commitments: Towards Asymptotic and Concrete Efficiency.

Author

Fenzi, Giacomo, Moghaddas, Hossein, and Nguyen, Ngoc Khanh

Abstract

Polynomial commitments schemes are a powerful tool that enables one party to commit to a polynomial p of degree d, and prove that the committed function evaluates to a certain value z at a specified point u, i.e. p (u) = z , without revealing any additional information about the polynomial. Recently, polynomial commitments have been extensively used as a cryptographic building block to transform polynomial interactive oracle proofs (PIOPs) into efficient succinct arguments. In this paper, we propose a lattice-based polynomial commitment that achieves succinct proof size and verification time in the degree d of the polynomial. Extractability of our scheme holds in the random oracle model under a natural ring version of the BASIS assumption introduced by Wee and Wu (EUROCRYPT 2023). Unlike recent constructions of polynomial commitments by Albrecht et al. (CRYPTO 2022), and by Wee and Wu, we do not require any expensive preprocessing steps, which makes our scheme particularly attractive as an ingredient of a PIOP compiler for succinct arguments. We further instantiate our polynomial commitment, together with the Marlin PIOP (EUROCRYPT 2020), to obtain a publicly-verifiable trusted-setup succinct argument for Rank-1 Constraint System (R1CS). Performance-wise, we achieve 17 MB proof size for 2 20 constraints, which is 15 X smaller than currently the only publicly-verifiable lattice-based SNARK proposed by Albrecht et al. [ABSTRACT FROM AUTHOR]

Published

2024

8. 带鲁棒性的子分组多重 Schnorr 签名方案.

Author

张振琦, 朱秋池, and 王志伟

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

9. An efficient group signature based certificate less verification scheme for vehicular ad-hoc network.

Author

Jayashree, S. and Kumar, S. V. N. Santhosh

Subjects

*DIGITAL signatures, *VEHICULAR ad hoc networks, *ELLIPTIC curve cryptography, *AUTOMOTIVE transportation

Abstract

Vehicular ad-hoc network (VANET) is widely applied in transportation applications to ensure safety and security during road transportation. In VANET, all the information's are interchanged among vehicles with the available infrastructure on the roadside to form an ad-hoc network. In VANET, due to its communication in an open medium achieving the major security goals like integrity, authenticity, anonymity and traceability are the major concern. Since, there are numerous vehicles in the network generation and verification of digital signature requires high storage along with and verification time. To overcome all these issues, in this paper an Efficient group signature based certificate less verification scheme (EGSCVS) has been proposed to provide lightweight end to end authentication in the network. The proposed EGSCVS employs certificate less aggregation signature mechanism which is based on Elliptical curve cryptography to optimize the storage and reduce the overhead in terms of communication and computation during authentication process. Moreover, the proposed protocol utilizes the Random oracle model (ROM) to provide the formal security analysis. The implementation of the proposed protocol has been implemented using NS3 simulator with realistic simulation parameters. The simulation result shows that the proposed protocol improves the transmission overhead by 53.16%, computational cost by 48.75%, communication cost by 42.81%, signing delay by 55.17%, verification delay by 28.38% and aggregate verification delay by 45.35%. [ABSTRACT FROM AUTHOR]

Published

2024

10. Instantiating the Hash-Then-Evaluate Paradigm: Strengthening PRFs, PCFs, and OPRFs

Author

Brzuska, Chris, Couteau, Geoffroy, Egger, Christoph, Karanko, Pihla, Meyer, Pierre, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Galdi, Clemente, editor, and Phan, Duong Hieu, editor

Published

2024

11. The Analysis of Schnorr Multi-Signatures and the Application to AI

Author

Wang, Wenchao, Qin, Jing, Liu, Jinlu, Zhang, Xi, Hou, Xinyi, Wei, Zhongkai, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Vaidya, Jaideep, editor, Gabbouj, Moncef, editor, and Li, Jin, editor

Published

2024

12. Cloud-Aided Scalable Revocable IBE with Ciphertext Update from Lattices in the Random Oracle Model

Author

Zhang, Yanhua, Liu, Ximeng, Hu, Yupu, Jia, Huiwen, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Yang, Haomiao, editor, and Lu, Rongxing, editor

Published

2024

13. Enhancing Security and Efficiency: A Fine-Grained Searchable Scheme for Encryption of Big Data in Cloud-Based Smart Grids.

Author

Wen, Jing, Li, Haifeng, Liu, Liangliang, and Lan, Caihui

Subjects

*DATA encryption, *CLOUD storage, *DATA privacy, *BIG data, *ACCESS control, *UPLOADING of data, *PUBLIC key cryptography

Abstract

The smart grid, as a crucial part of modern energy systems, handles extensive and diverse data, including inputs from various sensors, metering devices, and user interactions. Outsourcing data storage to remote cloud servers presents an economical solution for enhancing data management within the smart grid ecosystem. However, ensuring data privacy before transmitting it to the cloud is a critical consideration. Therefore, it is common practice to encrypt the data before uploading them to the cloud. While encryption provides data confidentiality, it may also introduce potential issues such as limiting data owners' ability to query their data. The searchable attribute-based encryption (SABE) not only enables fine-grained access control in a dynamic large-scale environment but also allows for data searches on the ciphertext domain, making it an effective tool for cloud data sharing. Although SABE has become a research hotspot, existing schemes often have limitations in terms of computing efficiency on the client side, weak security of the ciphertext and the trapdoor. To address these issues, we propose an efficient server-aided ciphertext-policy searchable attribute-based encryption scheme (SA-CP-SABE). In SA-CP-SABE, the user's data access authority is consistent with the search authority. During the search process, calculations are performed not only to determine whether the ciphertext matches the keyword in the trapdoor, but also to assist subsequent user ciphertext decryption by reducing computational complexity. Our scheme has been proven under the random oracle model to achieve the indistinguishability of the ciphertext and the trapdoor and to resist keyword-guessing attacks. Finally, the performance analysis and simulation of the proposed scheme are provided, and the results show that it performs with high efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

14. SEPCVN: Secure and Efficient Protocol for Cloud Vehicular Networking

Author

Vinod Kumar, Seema, Kamal Kumar, Ramakant Prasad, Khalid Almutib, and M. Shamim Hossain

Subjects

Cloud vehicular networking, authentication, security, encryption, AVISPA, random oracle model, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cloud vehicular networking is a relatively new inter-vehicle communication paradigm. The ability of cloud vehicular networking to address critical safety issues in road traffic is highly rated by operators. This study examines cloud vehicular networking technology, its advantages, problems, and possible remedies. It focuses on overcoming control system issues while placing a stronger emphasis on security. Integrating vehicles into the cloud ecosystem presents numerous security and efficiency challenges. This study thoroughly examines the current protocols and suggests a brand-new, Secure, and Efficient Protocol for Cloud Vehicular Networking (SEPCVN). The proposed protocol aims to improve data transmission efficiency and address security flaws in cloud-connected vehicle networks. We discuss a specialized authentication method for secure vehicle-to-vehicle communication to tackle many challenges. According to the security study, formally and informally, our suggested protocol satisfies the necessary security requirements. Using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, a simulation analysis was carried out on the proposed protocol, which is safe from man-in-the-middle and reply attacks. Compared to similar protocols, the proposed framework is computationally and communicably effective. The results indicate that the suggested plan for cloud vehicular networking is both effective and safe.

Published

2024

15. A Secure Authentication Protocol Supporting Efficient Handover for UAV.

Author

Wen, Kang, Wang, Shengbao, Wu, Yixiao, Wang, Jie, Han, Lidong, and Xie, Qi

Subjects

*EARTH stations, *INTERNET of things, *PHYSICAL mobility, *DRONE aircraft, *RESCUE work

Abstract

Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme's superior performance over existing protocols in terms of both efficiency and security. [ABSTRACT FROM AUTHOR]

Published

2024

16. Simulation extractable versions of Groth's zk-SNARK revisited.

Author

Amine, Oussama, Baghery, Karim, Pindado, Zaira, and Ràfols, Carla

Subjects

*PUBLIC key cryptography, *ARGUMENT

Abstract

Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) are the most efficient proof systems in terms of proof size and verification. Currently, Groth's scheme from EUROCRYPT 2016, Groth 16 , is the state-of-the-art and is widely deployed in practice. Groth 16 is originally proven to achieve knowledge soundness, which does not guarantee the non-malleability of proofs. There has been considerable progress in presenting new zk-SNARKs or modifying Groth 16 to efficiently achieve strong Simulation extractability, which is shown to be a necessary requirement in some applications. In this paper, we revise the Random oracle based variant of Groth 16 proposed by Bowe and Gabizon, BG18, the most efficient one in terms of prover efficiency and CRS size among the candidates, and present a more efficient variant that saves 2 pairings in the verification and 1 group element in the proof. This supersedes our preliminary construction, presented in CANS 2020 (Baghery et al. in CANS 20, volume 12579 of LNCS, Springer, Heidelberg. pp 453-461, 2020), which saved 1 pairing in the verification, and was proven in the generic group model. Our new construction also improves on BG18 in that our proofs are in the algebraic group model with Random Oracles and reduces security to standard computational assumptions in bilinear groups (as opposed to using the full power of the generic group model (GGM)). We implement our proposed simulation extractable zk-SNARK (SE zk-SNARK) along with BG18 in the Arkworks library, and compare the efficiency of our scheme with some related works. Our empirical experiences confirm that our SE zk-SNARK is more efficient than all previous simulation extractable (SE) schemes in most dimensions and it has very close efficiency to the original Groth 16 . [ABSTRACT FROM AUTHOR]

Published

2024

17. Limits in the Provable Security of ECDSA Signatures

Author

Hartmann, Dominik, Kiltz, Eike, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Rothblum, Guy, editor, and Wee, Hoeteck, editor

Published

2023

18. Making the Identity-Based Diffie–Hellman Key Exchange Efficiently Revocable

Author

Nakagawa, Kohei, Fujioka, Atsushi, Nagai, Akira, Tomida, Junichi, Xagawa, Keita, Yasuda, Kan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Aly, Abdelrahaman, editor, and Tibouchi, Mehdi, editor

Published

2023

19. Computational Models to Prove Security Protocols Against Adversary

Author

Albermany, Salah Abdulhadi, Razzaq, Iman Saleem, Alkhafaji, Mohammed Ayad, Fatan, Muna Hakim, Zearah, Sajad Ali, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Swaroop, Abhishek, editor, Kansal, Vineet, editor, Fortino, Giancarlo, editor, and Hassanien, Aboul Ella, editor

Published

2023

20. On the Quantum Security of HAWK

Author

Fehr, Serge, Huang, Yu-Hsuan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Johansson, Thomas, editor, and Smith-Tone, Daniel, editor

Published

2023

21. Easy-ABE: An Easy Ciphertext-Policy Attribute-Based Encryption

Author

Ka, Ahmad Khoureich, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Bella, Giampaolo, editor, Doinea, Mihai, editor, and Janicke, Helge, editor

Published

2023

22. Rai-Choo! Evolving Blind Signatures to the Next Level

Author

Hanzlik, Lucjan, Loss, Julian, Wagner, Benedikt, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Hazay, Carmit, editor, and Stam, Martijn, editor

Published

2023

23. Non-interactive Blind Signatures for Random Messages

Author

Hanzlik, Lucjan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Hazay, Carmit, editor, and Stam, Martijn, editor

Published

2023

24. Proof-Carrying Data from Arithmetized Random Oracles

Author

Chen, Megan, Chiesa, Alessandro, Gur, Tom, O’Connor, Jack, Spooner, Nicholas, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Hazay, Carmit, editor, and Stam, Martijn, editor

Published

2023

25. A Pairing-free Provable Secure and Efficient Identity-based Identification Scheme with Anonymity.

Author

Kannan, R., Chin, J. J., Goh, V. T., and Yip, S. C.

Subjects

*ANONYMITY, *TRUST, *IMPERSONATION, *BLINDNESS

Abstract

In this paper, we propose a Blind Identity-Based Identification (Blind IBI) scheme based on the Guillou-Quisquater (GQ) scheme. Our proposed scheme combines the benefits of traditional Identity-Based Identification (IBI) schemes that can authenticate a user's identity without relying on a trusted third party with the Blind Signature (BS) scheme that provides anonymity. As a result, the proposed scheme assures absolute user privacy during the authentication process. It does not rely on a third party, yet the verifier can still be assured of the user's identity without the user actually revealing it. In our work, we show that the proposed scheme is provably secure under the random oracle model, with the assumption that the one-more-RSA-inversion problem is difficult. Furthermore, we demonstrate that the proposed scheme is secure against passive, active, and concurrent impersonation attacks. In conclusion, the proposed scheme is able to achieve the desired blindness property without compromising the security of the GQ-IBI scheme it is based upon. [ABSTRACT FROM AUTHOR]

Published

2023

26. 安全高效的无对运算无证书有序多重签名方案.

Author

陈虹, 曹玥, 金海波, and 王颖辉

Subjects

*LOGARITHMS

Abstract

In order to address the problem of low security or complex computation in most existing sequential multi-signature schemes, this paper proposed a new secure and efficient certificateless sequential multi-signature scheme. To prevent public key replacement attacks, the scheme hashed the signer's identity and part of public key as the partial private key of the signer. Signers verified the partial signatures generated in the signature stage with the specified signature order to ensure the order of signatures. Under the random oracle model, the scheme was proved to be unforgeable and immutable based on the difficulty of computing discrete logarithmic problems. In the signature and verification stage, the scheme mainly involved elliptic curve point multiplication without bilinear pair. Theoretical analysis and simulation experiments show that compared with similar schemes, the proposed scheme can improve the efficiency by up to 28%. [ABSTRACT FROM AUTHOR]

Published

2023

27. Blockchain-enhanced certificateless signature scheme in the standard model

Author

Xiaodong Yang, Haoqi Wen, Lei Liu, Ningning Ren, and Caifen Wang

Subjects

certificateless signature, forgery attack, random oracle model, blockchain, unforgeability, Biotechnology, TP248.13-248.65, Mathematics, QA1-939

Abstract

The Internet of Things (IoT), driven by wireless communication and other technologies, is gradually entering our lives and promoting the transformation of society from "informatization" to "intelligence". Certificateless signature (CLS) eliminates the characteristic of certificate management, making it an effective method for verifying large-scale data in the IoT environment. Nevertheless, hash functions are regarded as ideal random oracles in the security proofs of most CLS schemes, which cannot guarantee the security of CLS schemes in reality. In response to this problem, Shim devised a CLS scheme without random oracles in the standard model and declared it to be provably secure. Unfortunately, in this paper, we cryptanalyze Shim's CLS scheme and demonstrate that it is not resistant to public key replacement attacks from a Type Ⅰ attacker. Furthermore, to further improve the security of the Shim CLS scheme and avoid the single-point failure of the KGC and the signature forgery initiated, we propose a blockchain-based CLS scheme without a random oracle. Finally, we evaluate the comprehensive performance, and while maintaining the computational and communication performance of the Shim scheme, we resist both Type Ⅰ and Type Ⅱ attackers, as well as signature forgery initiated against public parameters.

Published

2023

28. A quantum resistant universal designated verifier signature proof

Author

P. Thanalakshmi, N. Anbazhagan, Gyanendra Prasad Joshi, and Eunmok Yang

Subjects

coding theory, random oracle model, syndrome decoding problem, universal designated verifier signature proof, Mathematics, QA1-939

Abstract

In order to ensure that only the designated person can verify the signer's signature on the message, Steinfeld et al. introduced the concept of Universal Designated Verifier Signature (UDVS), which enables a designator who has obtained a signature on a message from the signer to designate the signature to any desired designated verifier. This idea was developed to address the privacy concerns of the signature holder at the time of certificate distribution. They are appropriate for applications that demand the designer's secrecy. The fact that the designated verifier must generate a public key with regard to the signer's public parameter for signature verification is a significant drawback of UDVS methods. In cases where the verifier is unable to begin the key generation procedure, this constraint is inapplicable. Baek et al. developed the idea of "Universal Designated Verifier Signature Proof (UDVSP)", which does not require the verifier's public key for verification, to get around this restriction. All existing UDVSP constructions are based on a discrete logarithm problem, which is vulnerable to quantum computer attacks. As a result, an efficient quantum resistant UDVSP is built on a hard problem in coding theory, as suggested by NIST reports. The scheme's security against forgeability and impersonation attacks is examined using the random oracle model.

Published

2023

29. Enhancing Security and Efficiency: A Fine-Grained Searchable Scheme for Encryption of Big Data in Cloud-Based Smart Grids

Author

Jing Wen, Haifeng Li, Liangliang Liu, and Caihui Lan

Subjects

searchable encryption, attribute-based encryption, server-aided decryption, trapdoor indistinguishability, random oracle model, Mathematics, QA1-939

Abstract

The smart grid, as a crucial part of modern energy systems, handles extensive and diverse data, including inputs from various sensors, metering devices, and user interactions. Outsourcing data storage to remote cloud servers presents an economical solution for enhancing data management within the smart grid ecosystem. However, ensuring data privacy before transmitting it to the cloud is a critical consideration. Therefore, it is common practice to encrypt the data before uploading them to the cloud. While encryption provides data confidentiality, it may also introduce potential issues such as limiting data owners’ ability to query their data. The searchable attribute-based encryption (SABE) not only enables fine-grained access control in a dynamic large-scale environment but also allows for data searches on the ciphertext domain, making it an effective tool for cloud data sharing. Although SABE has become a research hotspot, existing schemes often have limitations in terms of computing efficiency on the client side, weak security of the ciphertext and the trapdoor. To address these issues, we propose an efficient server-aided ciphertext-policy searchable attribute-based encryption scheme (SA-CP-SABE). In SA-CP-SABE, the user’s data access authority is consistent with the search authority. During the search process, calculations are performed not only to determine whether the ciphertext matches the keyword in the trapdoor, but also to assist subsequent user ciphertext decryption by reducing computational complexity. Our scheme has been proven under the random oracle model to achieve the indistinguishability of the ciphertext and the trapdoor and to resist keyword-guessing attacks. Finally, the performance analysis and simulation of the proposed scheme are provided, and the results show that it performs with high efficiency.

Published

2024

30. Proactive threshold-proxy re-encryption scheme for secure data sharing on cloud.

Author

Raghav, Andola, Nitish, Verma, Katyayani, Venkatesan, S., and Verma, Shekhar

Subjects

*INFORMATION sharing, *IMAGE encryption, *PUBLIC key cryptography, *CONCRETE construction, *ACCESS control, *COLLUSION

Abstract

Cloud-based data sharing addresses the limited storage availability problem for resource-constrained users albeit at the cost of privacy and the need for access control mechanism. However, most of the techniques for secure data sharing with high access control are computationally intensive. Proxy re-encryption scheme is computationally light and provides secure cloud-based data sharing. Proxy re-encryption has a single semi-trust proxy for all intermediate re-encryption processes, which makes it a single point of failure and vulnerable to several attacks. In this paper, we propose, PB-TPRE, a threshold proxy re-encryption with the proactive property. The shares of re-encryption keys are sent to all proxies using shamir secret sharing. The shares may be leaked with passage of time or whenever any proxy leaves or joins the network, then, the secret needs to be change. The proactive property in threshold proxy re-encryption helps renew the shares without changing the secret. PB-TPRE scheme is collusion resistant against the proxies, users and cloud. We present a concrete construction for PB-TPRE that satisfies indistinguishability under chosen-plaintext attacks with a random oracle model and formally proves its security. We compared and discussed PB-TPRE scheme with other threshold proxy re-encryption schemes and found it to be efficient and secure for cloud-based data sharing applications. [ABSTRACT FROM AUTHOR]

Published

2023

31. A novel and quantum-resistant handover authentication protocol in IoT environment.

Author

Zhang, Shuailiang, Du, Xiujuan, and Liu, Xin

Subjects

*KEY agreement protocols (Computer network protocols), *QUANTUM cryptography, *PUBLIC key cryptography, *ELLIPTIC curve cryptography, *INTERNET of things, *POLYNOMIAL time algorithms, *MOBILE computing, *QUANTUM computers

Abstract

Handover authentication and key agreement protocol is extremely essential to ensure the security of the Internet of Things (IoT), and it enables mobile devices to access roaming services in the trust domain of the foreign agent. The energy and computing capabilities of mobile devices are extremely limited, and the requirements for storage and computing efficiency are higher in IoT. The problem of large integer decomposition and discrete logarithm can be solved in polynomial time on a quantum computer, which makes the massive traditional handover authentication and key agreement protocols based on bilinear pairing and elliptic curve cryptography no longer safe. Due to the participation of the home agent, the traditional handover authentication protocol has a long communication delay and is vulnerable to the session key compromise attacks. Moreover, the session key between the foreign agent and the home agent is randomly specified in advance, and its generation process is not given, which has poor security and is easy to cause the leakage of the session key. Lattice cipher based on NTRU is the lightweight public key primitive that can resist quantum attacks and has a faster calculation speed and smaller key length, which is more suitable for IoT. Therefore, we proposed a secure and lightweight two-party handover authentication protocol based on NTRU for the mobile device without the home agent to prevent these deficiencies. We employ the BAN logic to validate the correctness of the proposed protocol and utilize the random oracle model to evaluate the security of the proposed protocol. In contrast with other current handover authentication protocols, the proposed protocol has greater security, higher efficiency, and lower communication overhead. [ABSTRACT FROM AUTHOR]

Published

2023

32. A quantum resistant universal designated verifier signature proof.

Author

Thanalakshmi, P., Anbazhagan, N., Joshi, Gyanendra Prasad, and Yang, Eunmok

Subjects

CODING theory, CYBERTERRORISM, IMPERSONATION, QUANTUM computers, LOGARITHMS

Abstract

In order to ensure that only the designated person can verify the signer's signature on the message, Steinfeld et al. introduced the concept of Universal Designated Verifier Signature (UDVS), which enables a designator who has obtained a signature on a message from the signer to designate the signature to any desired designated verifier. This idea was developed to address the privacy concerns of the signature holder at the time of certificate distribution. They are appropriate for applications that demand the designer's secrecy. The fact that the designated verifier must generate a public key with regard to the signer's public parameter for signature verification is a significant drawback of UDVS methods. In cases where the verifier is unable to begin the key generation procedure, this constraint is inapplicable. Baek et al. developed the idea of "Universal Designated Verifier Signature Proof (UDVSP)", which does not require the verifier's public key for verification, to get around this restriction. All existing UDVSP constructions are based on a discrete logarithm problem, which is vulnerable to quantum computer attacks. As a result, an efficient quantum resistant UDVSP is built on a hard problem in coding theory, as suggested by NIST reports. The scheme's security against forgeability and impersonation attacks is examined using the random oracle model. [ABSTRACT FROM AUTHOR]

Published

2023

33. A Secure and Privacy-Preserving Lightweight Authentication and Key Exchange Algorithm for Smart Agriculture Monitoring System

Author

Samiulla Itoo, Akber Ali Khan, Musheer Ahmad, and M. Javed Idrisi

Subjects

Agriculture sensors, Elliptic curve cryptography, Gateway, Scyther tool, Wireless sensor networks, Random oracle model, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Agriculture plays a vital role in the economic life cycle of an agrarian country and considers the backbone of the economy. It supplies not just raw food materials, but also a vast number of job opportunities. Therefore, modern technology is required in agriculture to increase productivity. Wireless Sensor Networks (WSN) could be used to monitor climatic parameters in an agriculture field, such as the acidity level of soil, soil moisture, humidity, light, and so on. Climate variables have a significant impact on crop growth, quality, and productivity. These factors contribute to increased agricultural productivity in terms of both quantity and quality. WSN, on the other hand, has security risks such as impersonation, alteration, interference, and interception all of which have negative effects on crop production and other agricultural activities. The primary issues for agricultural WSN are hence privacy preservation and security enhancement. In this paper, we proposed a privacy-preserving and efficient key agreement framework for smart agriculture monitoring systems by using elliptic curve cryptography and hash function. The proposed framework is secure against various security assaults and provides secure communication in smart agriculture monitoring systems. We demonstrate the accuracy of the proposed protocol for mutual authentication and key exchange using BAN logic, and we also simulate the security correctness of the encrypted proposed framework using the well-known security verification Scyther tool. Using the ROR model, we formalize the security of the proposed system. Further, we provide a comparison based on security features, computation, and communication overheads comparison between the proposed protocol and similar protocols in the same context. Hence, when compared to other similar protocols in the same environment, the proposed protocol provides superior security and efficiency than other existing protocols. For the practical implementation of smart agriculture monitoring systems, the proposed protocol is better than comparable protocols.

Published

2023

34. A Computational Diffie–Hellman-Based Insider Secure Signcryption with Non-interactive Non-repudiation

Author

Togde, Ngarenon, Sarr, Augustin P., Rushi Kumar, B., editor, Ponnusamy, S., editor, Giri, Debasis, editor, Thuraisingham, Bhavani, editor, Clifton, Christopher W., editor, and Carminati, Barbara, editor

Published

2022

35. Compact and Tightly Selective-Opening Secure Public-key Encryption Schemes

Author

Pan, Jiaxin, Zeng, Runzhi, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Agrawal, Shweta, editor, and Lin, Dongdai, editor

Published

2022

36. One-Time Anonymous Certificateless Signcryption Scheme Based on Blockchain

Author

Jin, Yan, Ye, Chunxiao, Yang, Mengqing, Ye, Chunming, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Gao, Honghao, editor, Wang, Xinheng, editor, Wei, Wei, editor, and Dagiuklas, Tasos, editor

Published

2022

37. PI-Cut-Choo and Friends: Compact Blind Signatures via Parallel Instance Cut-and-Choose and More

Author

Chairattana-Apirom, Rutchathon, Hanzlik, Lucjan, Loss, Julian, Lysyanskaya, Anna, Wagner, Benedikt, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dodis, Yevgeniy, editor, and Shrimpton, Thomas, editor

Published

2022

38. On Succinct Non-interactive Arguments in Relativized Worlds

Author

Chen, Megan, Chiesa, Alessandro, Spooner, Nicholas, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dunkelman, Orr, editor, and Dziembowski, Stefan, editor

Published

2022

39. A Pairing-Free Signature Scheme from Correlation Intractable Hash Function and Strong Diffie-Hellman Assumption

Author

Chevallier-Mames, Benoît, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and Galbraith, Steven D., editor

Published

2022

40. Robust Subgroup ID-based Multi-signature Scheme

Author

TIAN Chen, WANG Zhi-wei

Subjects

id-based signature, multi-signatures, computational diffie-hellman(cdh) problem, random oracle model, forking lemma, Computer software, QA76.75-76.765, Technology (General), T1-995

Abstract

The existing multi-signature scheme applied in the consensus mechanism scenario defaults that the signers are honest entities,so the security and validity of the signature could not be guaranteed when malicious nodes existed.In order to improve the robustness of multi-signature in the typical adversarial scenarios in consensus protocols,this paper proposes an ID-based multi-signature scheme based on the advantages of the ID-based cryptography system.In this signature scheme,non-fixed subgroup generates randomly cooperated to generate multi-signatures representing the entire group,and the validity of all subgroup signatures must be verified before signature aggregation.The bilinear pairings required by this scheme to generate multi-signatures are related to the number of subgroup members,which improve the security of the scheme at the cost of certain efficiency.This paper introduces a notion of robustness for robust subgroup ID-based multi-signatures,and the corresponding proof of the proposed scheme is given.Furthermore,under the random oracle model,relying on the hardness of the computational Diffie-Helman(CDH) problem,the scheme is proved is proved to be unforgeable under adaptive selection message attack.In addition,theoretical analysis and prototype implementation of the signature scheme are carried out,and the experimental results are compared with the performance of relevant signature schemes.

Published

2022

41. Pairing-free certificateless blind signature scheme for smart grid

Author

ShuangGen Liu, Yu Zhu, and RuiYun Wang

Subjects

Smart grid, Certificateless blind signature, Batch verification, Elliptic curve discrete logarithm, Random oracle model, Electronic computers. Computer science, QA75.5-76.95

Abstract

The smart grid is an emerging power system that can realize the information exchange between users and power companies in two-way communication and adjust power companies’ power supply according to the real-time power requests from smart meters on the users’ side. However, since malicious attackers can eavesdrop on two-way communication to collect and transmit information, they may leak users’ information. Therefore, this paper proposes a new certificateless blind signature (CLBS) scheme with batch verification function and improves a power request system model for the smart grid to protect users’ privacy. In addition, the proposed CLBS scheme simplifies the certificate management process in the traditional public key cryptosystem and eliminates the hidden key escrow in the identity-based public key cryptosystem. The unforgeability of the scheme is proved through the random oracle model, and the scheme’s security can be reduced to the intractability of the elliptic curve discrete logarithm problem (ECDLP). The analysis results show that our scheme does not use the time-consuming bilinear pairing operation, and has obvious advantages in computing performance compared with the existing signature schemes.

Published

2022

42. RDAF-IIoT: Reliable Device-Access Framework for the Industrial Internet of Things.

Author

Alasmary, Hisham

Subjects

*INTERNET of things, *CYBERTERRORISM, *DATA privacy, *MACHINE-to-machine communications, *DATA security, *FACTORIES

Abstract

The Internet of Things (IoT) has experienced significant growth and is now a fundamental part of the next-generation Internet. Alongside improving daily life, IoT devices generate and collect vast amounts of data that can be leveraged by AI-enabled big data analytics for diverse applications. However, due to the machine-to-machine communication inherent in IoT, ensuring data security and privacy is crucial to mitigate various malicious cyber attacks, including man-in-the-middle, impersonation, and data poisoning attacks. Nevertheless, designing an efficient and adaptable IoT security framework poses challenges due to the limited computational and communication power of IoT devices, as well as their wide-ranging variety. To address these challenges, this paper proposes an Access Key Agreement (AKA) scheme called the "Reliable Device-Access Framework for the Industrial IoT (RDAF-IIoT)". RDAF-IIoT verifies the user's authenticity before granting access to real-time information from IIoT devices deployed in an industrial plant. Once authenticated at the gateway node, the user and IIoT device establish a session key for future encrypted communication. The security of the proposed RDAF-IIoT is validated using a random oracle model, while the Scyther tool is employed to assess its resilience against various security attacks. Performance evaluations demonstrate that the proposed scheme requires lower computational and communication costs compared to related security frameworks while providing enhanced security features. [ABSTRACT FROM AUTHOR]

Published

2023

43. An Authenticated Group Shared Key Mechanism Based on a Combiner for Hash Functions over the Industrial Internet of Things.

Author

Ali, Waleed and Ahmed, Adel Ali

Subjects

INTERNET of things, PROCESS capability, ELLIPTIC curves, CYBERTERRORISM

Abstract

The Industrial Internet of Things (IIoT) provides internet connectivity for instruments, digital machines, and any other manufactured object to enable intelligent industrial operations to achieve high productivity. Securing communications between IIoT devices remains a critical and challenging issue due to the resource-constrained and processing capabilities of sensing devices. Moreover, the traditional group shared key might implement complex mathematical operations that are not suitable for the limited recourse capability of the IIoT device. Furthermore, the standard Diffie–Hellman (DH) and elliptic curve Diffie–Hellman (ECDH), which are the most suited for tiny devices, only work between a pair of IIoT devices, while they are not designed to work among a group of IIoT devices. This paper proposes an authenticated group shared key (AGSK) mechanism that allows a set of industrial objects to establish a common session key over the IIoT. The proposed AGSK utilizes the combiner for the hash function and digital signature, which is implemented in IIoT devices. Additionally, the random oracle model has been used to prove the security of AGSK, while the IIoT adversary model has been used to analyze the AGSK countermeasures against cyberattacks. The results of the performance evaluation showed that the efficiency of the AGSK was reduced by 41.3% for CPU computation time, 45.7% for storage cost, and 40% less power consumption compared to the baseline group key management algorithms. [ABSTRACT FROM AUTHOR]

Published

2023

44. Identity-Based Encryption With Continuous Leakage-Resilient CCA Security From Static Complexity Assumption.

Author

Zhou, Yanwei, Wang, Zhaolong, Qiao, Zirui, Wang, Ying, Yang, Bo, Mu, Yi, and Zhang, Mingwu

Subjects

*SECURITY management, *LEAKAGE

Abstract

Although a large number of provably secure cryptographic primitives have been proposed in the literature, many of these schemes might be broken in practice because of various leakage attacks. Therefore, the leakage resilience should be considered in designing these primitives. However, in identity-based cryptography, most of the existing leakage-resilient identity-based encryption (IBE) schemes suffer some limitations: they either resist the leakage attacks in the selective identity security model or achieve the chosen-ciphertext attack (CCA) security based on a non-static assumption. In this paper, an IBE scheme with adaptive leakage-resilient CCA security is proposed, and its security is rigorously proved in the random oracle model under a classic static complexity assumption, e.g. decisional bilinear Diffie–Hellman assumption. In our construction, all elements of ciphertext are randomly distributed in the adversary's view. Hence, the adversary cannot obtain any useful information of the user's private key from the given ciphertexts. Moreover, a unique property of our construction is that the leakage parameter is independent of the plaintext space, which contributes a better leakage rate. [ABSTRACT FROM AUTHOR]

Published

2023

45. A Secure Authentication Protocol Supporting Efficient Handover for UAV

Author

Kang Wen, Shengbao Wang, Yixiao Wu, Jie Wang, Lidong Han, and Qi Xie

Subjects

Unmanned Aerial Vehicle, handover authentication, ProVerif, random oracle model, Mathematics, QA1-939

Abstract

Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme’s superior performance over existing protocols in terms of both efficiency and security.

Published

2024

46. Secure and efficient two-party collaborative SM9 signature scheme suitable for smart home

Author

Shuang Gen Liu, Ru Liu, and Si Yuan Rao

Subjects

Smart home, SM9 algorithm, Two-party collaborative signature, Random oracle model, Provable security, Electronic computers. Computer science, QA75.5-76.95

Abstract

The smart home usually has poor security and is vulnerable to attack since it adopts embedded processors that are limited by volume and power consumption. To improve the communication security of the smart home system, identity-based signature schemes are widely used in wireless network communications. However, the user’s signature private key is generally stored in a single device, it is easy to be stolen by attackers to control the smart home devices. To reduce the risk of leakage of the signature private key, a two-party collaborative signature scheme based on the SM9 algorithm is proposed in this paper. The user’s signature private key is generated through the collaboration of the two-party key generation center (KGC), and the integer secrets related to the signature private key are stored in two devices respectively. During the signing process, the two devices sign collaboratively to prevent the complete private key from being leaked. The security of the scheme is proved in the random oracle model. Theoretical analysis and experimental results show that our proposed scheme can achieve higher security with lower computation cost and communication cost when compared with the existing two-party SM9 signature schemes.

Published

2022

47. Practical dynamic group signatures without knowledge extractors.

Author

Kim, Hyoseung, Sanders, Olivier, Abdalla, Michel, and Park, Jong Hwan

Subjects

PUBLIC key cryptography, ANONYMITY, LOGARITHMS

Abstract

A dynamic group signature (DGS ) allows a user to generate a signature on behalf of a group, while preserving anonymity. Although many existing DGS schemes have been proposed in the random oracle model for achieving efficiency, their security proofs require knowledge extractors that cause loose security reductions. In this paper, we first propose a new practical DGS scheme whose security can be proven without knowledge extractors in the random oracle model. Moreover, our scheme can also be proven in the strong security model where an adversary is allowed to generate the group managers' keys maliciously. The efficiency of our scheme is comparable to existing secure DGS schemes in the random oracle model using knowledge extractors. The security of our scheme is based on a new complexity assumption that is obtained by generalizing the Pointcheval–Sanders (PS) assumption. Although our generalized PS (GPS) assumption is interactive, we prove that, under the (2,1)-discrete logarithm assumption, the new GPS assumption holds in the algebraic group model. [ABSTRACT FROM AUTHOR]

Published

2023

48. 基于身份的可审计多重截取签名方案.

Author

何启芝, 曹素珍, 王彩芬, 卢彦霏, 方子旋, and 闫俊鉴

Abstract

To solve the problems of malicious user revisions in content extraction signatures and untraceability of signatures after extraction, an auditable extraction signature scheme is proposed under the identity-based cryptosystem. The scheme adopts a generic model of M-tree to realize hier-archical multiple extraction signatures, and achieves auditability of signatures by backtracking the tree structure to achieve the purpose of extractor auditable questioning rights. Under the random oracle model, based on the discrete logarithmic difficulty problem, it is proved to be resistant to existential forgery under the adaptive selection message attack. The analysis of experimental results shows that the proposed scheme has certain computational advantages in the signature and extraction phases and the signature verification phase. [ABSTRACT FROM AUTHOR]

Published

2023

49. Understanding Failures in Security Proofs of Multi-Factor Authentication for Mobile Devices.

Author

Wang, Qingxuan and Wang, Ding

Abstract

Multi-factor authentication is a promising way to enhance the security of password-based authenticated key exchange (PAKE) schemes. It is widely deployed in various daily applications for mobile devices (e.g., e-Bank, smart home, and cloud services) to provide the first line of defense for system security. However, despite intensive research, how to design a secure and efficient multi-factor authentication scheme is still a challenging problem. Hundreds of new schemes have been successfully proposed, and many are even equipped with a formal security proof. However, most of them have been shortly found to be insecure and cannot achieve the claimed security goals. Now a paradox arises: How can a multi-factor scheme that was “formally proven secure” later be found insecure? To answer this seemingly contradicting question, this paper takes a substantial first step towards systematically exploring the security proof failures in multi-factor authentication schemes for mobile devices. We first investigate the root causes of the “provable security” failure in vulnerable multi-factor authentication schemes under the random oracle model, and classify them into eight different types in terms of the five steps of conducting a formal security proof. Then, we elaborate on each type of these eight proof failures by examining three typical vulnerable protocols, and suggest corresponding countermeasures. Finally, we conduct a large-scale comparative measurement of 70 representative multi-factor authentication schemes under our extended evaluation criteria. The schemes we select range from 2009 to 2022, and the comparison results suggest that understanding failures in formal security proofs is helpful to design more secure multi-factor authentication protocols for mobile devices. [ABSTRACT FROM AUTHOR]

Published

2023

50. Blockchain-enhanced efficient and anonymous certificateless signature scheme and its application.

Author

Feng, Tao, Wang, Jie, and Zheng, Lu

Subjects

DIGITAL signatures, SMART devices, DIGITAL certificates, ACCESS control, ELLIPTIC curves, VEHICULAR ad hoc networks

Abstract

Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people's lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user's secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios. [ABSTRACT FROM AUTHOR]

Published

2024