Informatica

The primitive of certificateless signature, since its invention, has become a widely studied paradigm due to the lack of key escrow problem and certificate management problem. However, this primitive cannot resist catastrophic damage caused by key exposure. Therefore, it is necessary to integrate revocation mechanism into certificateless signature. In this paper, we propose a new certificateless signature scheme with revocation (RCLS) and prove its security under the standard model. In the meanwhile, our scheme can resist malicious-but-passive Key Generation Center (KGC) attacks that were not possible in previous solutions. The theoretical analysis shows our scheme has high efficiency and practicality.

Up to date, a large number of ID-based signature (IBS) schemes based on bilinear pairings have been proposed. Most of these IBS schemes possess existential unforgeability under adaptive chosen-message attacks, among which some offer strong unforgeability. An IBS scheme is said to be strongly unforgeable if it possesses existential unforgeability and an adversary who is given signatures of the IBS scheme on some message m is unable to generate a new signature on m. Strong unforgeable IBS schemes can be used to construct many important ID-based cryptographic schemes. However, the existing strongly unforgeable IBS schemes lack efficiency for the signature size and the computation cost of verification phase. In this paper, we propose an efficient strongly unforgeable IBS scheme without random oracles. Under the computational Diffie–Hellman and collision resistant hash assumptions, we demonstrate that the proposed IBS scheme possesses strong unforgeability against adaptive chosen-message attacks. When compared with previously proposed strongly unforgeable IBS schemes, our scheme has better performance in terms of signature size and computation cost.

Revocation problem is a critical issue for key management of public key systems. Any certificate-based or identity (ID)-based public key systems must provide a revocation method to revoke misbehaving/compromised users from the public key systems. In the past, there was little work on studying the revocation problem of ID-based public key systems. Most recently, Tseng and Tsai presented a novel ID-based public key system with efficient revocation using a public channel, and proposed a practical revocable ID-based encryption (called RIBE). They proved that the proposed RIBE is semantically secure in the random oracle model. Although the ID-based encryption schemes based on the random oracle model can offer better performance, the resulting schemes could be insecure when random oracles are instantiated with concrete hash functions. In this paper, we employ Tseng and Tsai's revocable concept to propose a new RIBE without random oracles to provide full security. We demonstrate that the proposed RIBE is semantically secure against adaptive-ID attacks in the standard model.

Key-insulated cryptography is an important technique to protect private keys in identity-based (IB) cryptosytems. Despite the flurry of recent results on IB key-insulated encryption (IBKIE) and signature (IBKIS), a problem regarding the security and efficiency of practicing IBKIE and IBKIS as a joint IB key-insulated signature/encryption scheme with a common set of parameters and keys remains open. To deal with the above question, we propose an identity-based key-insulated signcryption (IBKISC) scheme. Compared with the Sign-then-Encrypt (StE) and Encrypt-then-Sign (EtS) using IBKIE and IBKIS in the standard model, our proposed IBKISC scheme is the fastest with the shortest ciphertext size.

In this paper, we propose a new ID-based threshold signature scheme from the bilinear pairings, which is provably secure in the random oracle model under the bilinear Diffie–Hellman assumption. Our scheme adopts the approach that the private key associated with an identity rather than the master key of PKG is shared. Comparing to the-state-of-art work by Baek and Zheng, our scheme has the following advantages. (1) The round-complexity of the threshold signing protocol is optimal. Namely, during the signing procedure, each party broadcasts only one message. (2) The communication channel is optimal. Namely, during the threshold signing procedure, the broadcast channel among signers is enough. No private channel between any two signing parties is needed. (3) Our scheme is much more efficient than the Baek and Zheng scheme in term of computation, since we try our best to avoid using bilinear pairings. Indeed, the private key of an identity is indirectly distributed by sharing a number xID∈ $\mathbb{Z}^{*}_{q}$, which is much more efficient than directly sharing the element in the bilinear group. And the major computationally expensive operation called distributed key generation protocol based on the bilinear map is avoided. (4) At last, the proactive security can be easily added to our scheme.