Parvin Rastegari
Abstract
The certificateless public key cryptography (CL-PKC) setting, makes it possible to overcome the problems of the conventional public key infrastructure and the ID-Based public key cryptography, concurrently. A certificateless signcryption (CL-SC) scheme is an important cryptographic primitive which provides ...
Read More
The certificateless public key cryptography (CL-PKC) setting, makes it possible to overcome the problems of the conventional public key infrastructure and the ID-Based public key cryptography, concurrently. A certificateless signcryption (CL-SC) scheme is an important cryptographic primitive which provides the goals of a signature scheme and an encryption scheme both at once, in a certificateless setting. In addition to the basic security requirements of a CL-SC scheme (i. e. the unforgeability and the confidentiality), a new security notion called as the known session specific temporary information security (KSSTIS) has been proposed in the literature, recently. This security notion guarantees the confidentiality of the message even if the temporary information, used for creating the signcryption on the message, reveals. However, as discussed in the literature, there are not any secure CL-SC schemes in the standard model (i. e. without the assumption of random oracles) which guarantees the KSSTIS. In this paper, three recently proposed CL-SC schemes (Caixue, Shan and Ullah et al.'s schemes) are analyzed and it is shown that these schemes not only do not satisfy the KSSTIS, but also they do not even provide the basic security requirements of a CL-SC scheme. Furthermore, an enhanced secure CL-SC scheme is proposed in the standard model which satisfies the KSSTIS.
P. Rastegari; M. Berenjkoub
Abstract
Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. ...
Read More
Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which provides the goals of signing and encrypting, simultaneously. In 2010, Liu et al. presented the first certificateless signcryption (CLSC) scheme in the standard model, but their scheme is vulnerable against different attacks presented in the literature, till now. In this paper, we improve their scheme and propose a new CLSC scheme, which is semantically secure against adaptive chosen ciphertext attack under the (Ѕ2, 5)-BDHE-Set assumption and existentially unforgeable against adaptive chosen message attack under the 3-CDHE assumption in the standard model. Our scheme is more efficient than all other secure CLSC schemes in the standard model proposed up to now.
M. Sabzinejad Farash; M. Ahmadian Attari
Abstract
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public ...
Read More
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is generated by a trusted Private Key Generator (PKG). However, it is unrealistic to assume that a single PKG will be responsible for issuing private keys to members of different organizations or a large-scale nation. Hence, it is needed to consider multiple PKG environments with different system parameters. In this paper, we propose an identity-based key agreement protocol among users of different networks with independent PKGs, which makes use of elliptic curves. We prove the security of the proposed protocol in the random oracle model and show that all security attributes are satisfied. We also demonstrate a comparison between our protocol and some related protocols in terms of the communication costs and the execution time. The results show that the execution time of our protocol is less than 10%, and its communication costs are about 50% of the competitor protocols.