Pub. online:24 Jan 2022Type:Research ArticleOpen Access
Journal:Informatica
Volume 33, Issue 1 (2022), pp. 151–179
Abstract
To resolve both certificate management and key escrow problems, a certificateless public-key system (CLPKS) has been proposed. However, a CLPKS setting must provide a revocation mechanism to revoke compromised users. Thus, a revocable certificateless public-key system (RCLPKS) was presented to address the revocation issue and, in such a system, the key generation centre (KGC) is responsible to run this revocation functionality. Furthermore, a RCLPKS setting with an outsourced revocation authority (ORA), named RCLPKS-ORA setting, was proposed to employ the ORA to alleviate the KGC’s computational burden. Very recently it was noticed that adversaries may adopt side-channel attacks to threaten these existing conventional public-key systems (including CLPKS, RCLPKS and RCLPKS-ORA). Fortunately, leakage-resilient cryptography offers a solution to resist such attacks. In this article, the first leakage-resilient revocable certificateless encryption scheme with an ORA, termed LR-RCLE-ORA scheme, is proposed. The proposed scheme is formally shown to be semantically secure against three types of adversaries in the RCLPKS and RCLPKS-ORA settings while resisting side-channel attacks. In the proposed scheme, adversaries are allowed to continually extract partial ingredients of secret keys participated in various computational algorithms of the proposed scheme while retaining its security.
Journal:Informatica
Volume 31, Issue 3 (2020), pp. 597–620
Abstract
Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typically, in traditional cryptography, private/secret keys are assumed to be completely hidden to adversaries. However, by side-channel attacks, an adversary may extract fractional content of these private/secret keys. To resist side-channel attacks, leakage-resilient cryptography is a countermeasure. Identity-based public-key system (ID-PKS) is an attractive public-key setting. ID-PKS settings not only discard the certificate requirement, but also remove the construction of the public-key infrastructure. For solving the user revocation problem in ID-PKS settings, revocable ID-PKS (RID-PKS) setting has attracted significant attention. Numerous cryptographic schemes based on RID-PKS settings have been proposed. However, under RID-PKS settings, no leakage-resilient signature or encryption scheme is proposed. In this article, we present the first leakage-resilient revocable ID-based signature (LR-RIBS) scheme with cloud revocation authority (CRA) under the continual leakage model. Also, a new adversary model of LR-RIBS schemes with CRA is defined. Under this new adversary model, security analysis is made to demonstrate that our LR-RIBS scheme with CRA is provably secure in the generic bilinear group (GBG) model. Finally, performance analysis is made to demonstrate that our scheme is suitable for mobile devices.
Pub. online:1 Jan 2019Type:Research ArticleOpen Access
Journal:Informatica
Volume 30, Issue 4 (2019), pp. 711–728
Abstract
The primitive of certificateless signature, since its invention, has become a widely studied paradigm due to the lack of key escrow problem and certificate management problem. However, this primitive cannot resist catastrophic damage caused by key exposure. Therefore, it is necessary to integrate revocation mechanism into certificateless signature. In this paper, we propose a new certificateless signature scheme with revocation (RCLS) and prove its security under the standard model. In the meanwhile, our scheme can resist malicious-but-passive Key Generation Center (KGC) attacks that were not possible in previous solutions. The theoretical analysis shows our scheme has high efficiency and practicality.
Journal:Informatica
Volume 27, Issue 3 (2016), pp. 549–572
Abstract
Certificateless short signature (CLSS) possesses the advantages of both certificateless signature and short signature. CLSS eliminates the certificate management in conventional signatures and solves the key escrow problem in ID-based signatures. In the meantime, due to its short signature length, CLSS reduces the bandwidth for communication so that it is suitable for some specific authentication applications requiring bandwidth-constrained communication environments. However, up to now, there is no work on studying the revocation problem in existing CLSS schemes. In this article, we address the revocation problem and propose the first revocable certificateless short signature (RCLSS) scheme. Based on the computational Diffie–Hellman (CDH) assumption, we demonstrate that our RCLSS scheme possesses strong unforgeability against adaptive chosen-message attacks under an accredited security model. It turns out that our scheme has the shortest signature length while retaining computational efficiency. Thus, the proposed RCLSS scheme is well suited for low-bandwidth communication environments. Finally, we combine the proposed RCLSS scheme with cloud revocation authority (CRA) to present a CRA-aided authentication scheme with period-limited privileges for mobile multi-server environment.
Journal:Informatica
Volume 25, Issue 2 (2014), pp. 299–326
Abstract
Up to now, there was very little work on studying the revocation problem in existing hierarchical ID-based encryption (HIBE) systems. Certainly, all existing HIBE systems may inherit the revocation method suggested by Boneh and Franklin to revoke illegal or expired users, in which non-revoked users must periodically update their private keys using secure channels by contacting their ancestors in hierarchical structures. In this paper, we propose the first HIBE scheme with public revocation mechanism, called revocable HIBE (RHIBE), which is extended from Lewko and Waters's unbounded HIBE scheme presented in Eurocrypt 2011. We demonstrate that the proposed RHIBE scheme is fully secure while removing the requirement of secure channels for private key updating in Boneh and Franklin's revocation method. The public revocation mechanism is an exciting alternative to the existing revocation methods. Finally, we discuss the transformation technique from a HIBE scheme to a RHIBE scheme and employ it to another well-known HIBE scheme.
Journal:Informatica
Volume 23, Issue 3 (2012), pp. 487–505
Abstract
Revocation problem is a critical issue for key management of public key systems. Any certificate-based or identity (ID)-based public key systems must provide a revocation method to revoke misbehaving/compromised users from the public key systems. In the past, there was little work on studying the revocation problem of ID-based public key systems. Most recently, Tseng and Tsai presented a novel ID-based public key system with efficient revocation using a public channel, and proposed a practical revocable ID-based encryption (called RIBE). They proved that the proposed RIBE is semantically secure in the random oracle model. Although the ID-based encryption schemes based on the random oracle model can offer better performance, the resulting schemes could be insecure when random oracles are instantiated with concrete hash functions. In this paper, we employ Tseng and Tsai's revocable concept to propose a new RIBE without random oracles to provide full security. We demonstrate that the proposed RIBE is semantically secure against adaptive-ID attacks in the standard model.
Journal:Informatica
Volume 15, Issue 4 (2004), pp. 455–464
Abstract
A proxy signature allows a designated person, called a proxy signer, to sign the message on behalf of the original signer. Proxy signatures are very useful tools when one needs to delegate his/her signing capability to other party. A number of proxy signature schemes have been proposed and succeeded for proxy delegations, but the schemes are in defective in proxy revocations. In this paper, we propose two proxy signature schemes based on RSA cryptosystems. The proposed first scheme does not consider proxy revocation mechanism; however, it will help us to compare our protocol with the existing RSA‐based schemes. The proposed second scheme provides an effective proxy revocation mechanism. The proposed schemes do not require any secure channel to proxy key delivery and support the necessary security requirements of proxy signature.