Pub. online:6 Mar 2024Type:Research ArticleOpen Access
Journal:Informatica
Volume 35, Issue 1 (2024), pp. 131–154
Abstract
Signcryption integrates both signature and encryption schemes into single scheme to ensure both content unforgeability (authentication) and message confidentiality while reducing computational complexity. Typically, both signers (senders) and decrypters (receivers) in a signcryption scheme belong to the same public-key systems. When signers and decrypters in a signcryption scheme belong to heterogeneous public-key systems, this scheme is called a hybrid signcryption scheme which provides more elastic usage than typical signcryption schemes. In recent years, a new kind of attack, named side-channel attack, allows adversaries to learn a portion of the secret keys used in cryptographic algorithms. To resist such an attack, leakage-resilient cryptography has been widely discussed and studied while a large number of leakage-resilient schemes have been proposed. Also, numerous hybrid signcryption schemes under heterogeneous public-key systems were proposed, but none of them possesses leakage-resilient property. In this paper, we propose the first hybrid signcryption scheme with leakage resilience, called leakage-resilient hybrid signcryption scheme, in heterogeneous public-key systems (LR-HSC-HPKS). Security proofs are demonstrated to show that the proposed scheme provides both authentication and confidentiality against two types of adversaries in heterogeneous public-key systems.
Pub. online:19 Dec 2022Type:Research ArticleOpen Access
Journal:Informatica
Volume 34, Issue 1 (2023), pp. 199–222
Abstract
Due to the popularity of mobile communication, many computing devices are exposed to remote environments without physical protection so that these devices easily suffer from leakage attacks (e.g., side-channel attacks). Under such leakage attacks, when a computing device performs some cryptographic algorithm, an adversary may acquire partial bits of secret keys participated in this cryptographic algorithm. To resist leakage attacks, researchers offer leakage-resilient cryptography as a solution. A signcryption scheme combines signing and encrypting processes to simultaneously provide both authentication and confidentiality, which is an important cryptographic primitive. Indeed, many leakage-resilient signcryption schemes under various public key system (PKS) settings were proposed. Unfortunately, these schemes still have two shortcomings, namely, bounded leakage resilience and conditionally continuous leakage resilience. In this paper, a “fully” continuous leakage-resilient certificate-based signcryption (FCLR-CBSC) scheme is proposed. Security analysis is formally proved to show that our scheme possesses both authentication and confidentiality against two types of adversaries in the certificate-based PKS setting. Performance analysis and simulation experience show that our scheme is suited to run on both a PC and a mobile device.
Pub. online:24 Jan 2022Type:Research ArticleOpen Access
Journal:Informatica
Volume 33, Issue 1 (2022), pp. 151–179
Abstract
To resolve both certificate management and key escrow problems, a certificateless public-key system (CLPKS) has been proposed. However, a CLPKS setting must provide a revocation mechanism to revoke compromised users. Thus, a revocable certificateless public-key system (RCLPKS) was presented to address the revocation issue and, in such a system, the key generation centre (KGC) is responsible to run this revocation functionality. Furthermore, a RCLPKS setting with an outsourced revocation authority (ORA), named RCLPKS-ORA setting, was proposed to employ the ORA to alleviate the KGC’s computational burden. Very recently it was noticed that adversaries may adopt side-channel attacks to threaten these existing conventional public-key systems (including CLPKS, RCLPKS and RCLPKS-ORA). Fortunately, leakage-resilient cryptography offers a solution to resist such attacks. In this article, the first leakage-resilient revocable certificateless encryption scheme with an ORA, termed LR-RCLE-ORA scheme, is proposed. The proposed scheme is formally shown to be semantically secure against three types of adversaries in the RCLPKS and RCLPKS-ORA settings while resisting side-channel attacks. In the proposed scheme, adversaries are allowed to continually extract partial ingredients of secret keys participated in various computational algorithms of the proposed scheme while retaining its security.
Journal:Informatica
Volume 31, Issue 3 (2020), pp. 597–620
Abstract
Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typically, in traditional cryptography, private/secret keys are assumed to be completely hidden to adversaries. However, by side-channel attacks, an adversary may extract fractional content of these private/secret keys. To resist side-channel attacks, leakage-resilient cryptography is a countermeasure. Identity-based public-key system (ID-PKS) is an attractive public-key setting. ID-PKS settings not only discard the certificate requirement, but also remove the construction of the public-key infrastructure. For solving the user revocation problem in ID-PKS settings, revocable ID-PKS (RID-PKS) setting has attracted significant attention. Numerous cryptographic schemes based on RID-PKS settings have been proposed. However, under RID-PKS settings, no leakage-resilient signature or encryption scheme is proposed. In this article, we present the first leakage-resilient revocable ID-based signature (LR-RIBS) scheme with cloud revocation authority (CRA) under the continual leakage model. Also, a new adversary model of LR-RIBS schemes with CRA is defined. Under this new adversary model, security analysis is made to demonstrate that our LR-RIBS scheme with CRA is provably secure in the generic bilinear group (GBG) model. Finally, performance analysis is made to demonstrate that our scheme is suitable for mobile devices.
Pub. online:1 Jan 2019Type:Research ArticleOpen Access
Journal:Informatica
Volume 30, Issue 3 (2019), pp. 595–612
Abstract
Certificate-based cryptography (CB-PKC) is an attractive public key setting, which reduces the complexity of public key infrastructure in traditional public key settings and resolves the key escrow problem in ID-based public key settings. In the past, a large number of certificate-based signature and encryption schemes were proposed. Nevertheless, the security assumptions of these schemes are mainly relied on the difficulties of the discrete logarithm and factorization problems. Unfortunately, both problems will be resolved when quantum computers come true in the future. Public key cryptography from lattices is one of the important candidates for post-quantum cryptography. However, there is little work on certificate-based cryptography from lattices. In the paper, we propose a new and efficient certificate-based signature (CBS) scheme from lattices. Under the short integer solution (SIS) assumption from lattices, the proposed CBS scheme is shown to be existential unforgeability against adaptive chosen message attacks. Performance comparisons are made to demonstrate that the proposed CBS scheme from lattices is better than the previous lattice-based CBS scheme in terms of private key size and signature size.
Pub. online:1 Jan 2018Type:Research ArticleOpen Access
Journal:Informatica
Volume 29, Issue 1 (2018), pp. 125–155
Abstract
The previous adversary models of public key cryptography usually have a nature assumption that permanent/temporary secret (private) keys must be kept safely and internal secret states are not leaked to an adversary. However, in practice, it is difficult to keep away from all possible kinds of leakage on these secret data due to a new kind of threat, called “side-channel attacks”. By side-channel attacks, an adversary could obtain partial information of these secret data so that some existing adversary models could be insufficient. Indeed, the study of leakage-resilient cryptography resistant to side-channel attacks has received significant attention recently. Up to date, no work has been done on the design of leakage-resilient certificateless key encapsulation (LR-CL-KE) or public key encryption (LR-CL-PKE) schemes under the continual leakage model. In this article, we propose the first LR-CL-KE scheme under the continual leakage model. Moreover, in the generic bilinear group (GBG) model, we formally prove that the proposed LR-CL-KE scheme is semantically secure against chosen ciphertext attacks for both Type I and Type II adversaries.
Pub. online:1 Jan 2017Type:Research ArticleOpen Access
Journal:Informatica
Volume 28, Issue 1 (2017), pp. 193–214
Abstract
To provide better overall performance, identity (ID)-based signcryption (IBSC) has been constructed by combining ID-based signature (IBS) and ID-based encryption (IBE) in a secure manner. Undoubtedly, the IBSC fulfills the authentication and the confidentiality by signature and encryption, respectively. All the previously proposed IBSC schemes are inseparable in the sense that the two-layer sign-then-encrypt procedure must be performed only by the same entity. However, the entities, such as wireless sensors and smart cards, are resource-constrained and become time consuming in executing the two-layer sign-then-encrypt procedure. Nowadays, the usage of mobile cloud computing is gaining expanding interest which provides scalable and virtualized services over the Internet or wireless networks while users with resource-constrained devices can enjoy the advantages of mobile cloud computing environments. Hence, we aim to reduce the computational cost for resource-constrained devices by employing a third party. In this article, we present the first separable ID-based signcryption (SIBSC) scheme in which the signing and encrypting layers are performed by the device and a third party, respectively. Under the computation Diffie–Hellman (CDH) and bilinear Diffie–Hellman (BDH) assumptions, we demonstrate that the proposed SIBSC scheme offers the provable security of authentication and confidentiality while retaining communication performance.
Journal:Informatica
Volume 27, Issue 3 (2016), pp. 549–572
Abstract
Certificateless short signature (CLSS) possesses the advantages of both certificateless signature and short signature. CLSS eliminates the certificate management in conventional signatures and solves the key escrow problem in ID-based signatures. In the meantime, due to its short signature length, CLSS reduces the bandwidth for communication so that it is suitable for some specific authentication applications requiring bandwidth-constrained communication environments. However, up to now, there is no work on studying the revocation problem in existing CLSS schemes. In this article, we address the revocation problem and propose the first revocable certificateless short signature (RCLSS) scheme. Based on the computational Diffie–Hellman (CDH) assumption, we demonstrate that our RCLSS scheme possesses strong unforgeability against adaptive chosen-message attacks under an accredited security model. It turns out that our scheme has the shortest signature length while retaining computational efficiency. Thus, the proposed RCLSS scheme is well suited for low-bandwidth communication environments. Finally, we combine the proposed RCLSS scheme with cloud revocation authority (CRA) to present a CRA-aided authentication scheme with period-limited privileges for mobile multi-server environment.
Journal:Informatica
Volume 26, Issue 4 (2015), pp. 663–684
Abstract
Certificateless public-key systems (CL-PKS) were introduced to simultaneously solve two critical problems in public-key systems. One is the key escrow problem in ID-based public-key systems and the other is to eliminate the presence of certificates in conventional public-key systems. In the last decade, several certificateless signature (CLS) schemes have been proposed in the random oracle model. These CLS schemes possess existential unforgeability against adaptive chosen-message attacks, and only few of them possess strong unforgeability. A CLS scheme with strong unforgeability plays an important role in the construction of certificateless cryptographic schemes. Unfortunately, all the existing CLS schemes in the standard model (without random oracles) have been shown insecure to provide existential unforgeability under a generally adopted security model. In the article, we propose a strongly secure CLS scheme in the standard model under the generally adopted security model. Our scheme possesses not only existential unforgeability but also strong unforgeability, and turns out to be the first strongly secure CLS scheme in the standard model. Under the collision resistant hash (CRH) and computational Diffie–Hellman (CDH) assumptions, we prove that our CLS scheme possesses strong unforgeability against both Type I (outsiders) and Type II (key generation center) adversaries.
Journal:Informatica
Volume 25, Issue 3 (2014), pp. 505–521
Abstract
Up to date, a large number of ID-based signature (IBS) schemes based on bilinear pairings have been proposed. Most of these IBS schemes possess existential unforgeability under adaptive chosen-message attacks, among which some offer strong unforgeability. An IBS scheme is said to be strongly unforgeable if it possesses existential unforgeability and an adversary who is given signatures of the IBS scheme on some message m is unable to generate a new signature on m. Strong unforgeable IBS schemes can be used to construct many important ID-based cryptographic schemes. However, the existing strongly unforgeable IBS schemes lack efficiency for the signature size and the computation cost of verification phase. In this paper, we propose an efficient strongly unforgeable IBS scheme without random oracles. Under the computational Diffie–Hellman and collision resistant hash assumptions, we demonstrate that the proposed IBS scheme possesses strong unforgeability against adaptive chosen-message attacks. When compared with previously proposed strongly unforgeable IBS schemes, our scheme has better performance in terms of signature size and computation cost.