Attacks to Some Recently Proposed CL-SC Schemes and Presenting a Secure Scheme with KSSTIS

Rastegari, Parvin

doi:10.22042/isecure.2022.266258.602

Attacks to Some Recently Proposed CL-SC Schemes and Presenting a Secure Scheme with KSSTIS

Document Type : Research Article

Author

Parvin Rastegari

Electrical and Computer Engineering Group, Golpayegan College of Engineering, Isfahan University of Technology, Golpayegan, Iran

https://doi.org/10.22042/isecure.2022.266258.602

Abstract

The certificateless public key cryptography (CL-PKC) setting, makes it possible to overcome the problems of the conventional public key infrastructure and the ID-Based public key cryptography, concurrently. A certificateless signcryption (CL-SC) scheme is an important cryptographic primitive which provides the goals of a signature scheme and an encryption scheme both at once, in a certificateless setting. In addition to the basic security requirements of a CL-SC scheme (i. e. the unforgeability and the confidentiality), a new security notion called as the known session specific temporary information security (KSSTIS) has been proposed in the literature, recently. This security notion guarantees the confidentiality of the message even if the temporary information, used for creating the signcryption on the message, reveals. However, as discussed in the literature, there are not any secure CL-SC schemes in the standard model (i. e. without the assumption of random oracles) which guarantees the KSSTIS. In this paper, three recently proposed CL-SC schemes (Caixue, Shan and Ullah et al.'s schemes) are analyzed and it is shown that these schemes not only do not satisfy the KSSTIS, but also they do not even provide the basic security requirements of a CL-SC scheme. Furthermore, an enhanced secure CL-SC scheme is proposed in the standard model which satisfies the KSSTIS.

Keywords

Certificateless Signcryption

KSSTIS

Standard Model

Random Oracle Model

20.1001.1.20082045.2022.14.2.7.9

[1] Adi Shamir. Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques, pages 47–53. Springer, 1984.
[2] Sattam S Al-Riyami and Kenneth G Paterson. Certificateless public key cryptography. In International conference on the theory and application of cryptology and information security, pages 452–473. Springer, 2003.
[3] Yuliang Zheng. Digital signcryption or how to achieve cost (signature & encryption) cost(signature) + cost (encryption). In Annual international cryptology conference, pages 165–179. Springer, 1997.
[4] Manuel Barbosa and Pooya Farshim. Certificateless signcryption. In Proceedings of the 2008 ACM symposium on Information, computer and communications security, pages 369–372, 2008.
[5] Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 62–73, 1993.
[6] Zhenhua Liu, Yupu Hu, Xiangsong Zhang, and Hua Ma. Certificateless signcryption scheme in the standard model. Information Sciences, 180(3):452–464, 2010.
[7] S Sharmila Deva Selvi, S Sree Vivek, and C Pandu Rangan. Security weaknesses in two certificateless signcryption schemes. IACR Cryptol. ePrint Arch., 2010:92, 2010.

[8] Jian Weng, Guoxiang Yao, Robert H Deng, MinRong Chen, and Xiangxue Li. Cryptanalysis of a certificateless signcryption scheme in the standard model. Information Sciences, 181(3):661–667, 2011.
[9] Songqin Miao, Futai Zhang, Sujuan Li, and Yi Mu. On security of a certificateless signcryption scheme. Information Sciences, 232:475–481, 2013.
[10] Zhengping Jin, Qiaoyan Wen, and Hua Zhang. A supplement to liu et al.’s certificateless signcryption scheme in the standard model. IACR Cryptol. ePrint Arch., 2010:252, 2010.
[11] Hu Xiong. Toward certificateless signcryption scheme without random oracles. IACR Cryptol. ePrint Arch., 2014:162, 2014.
[12] Lin Cheng and Qiaoyan Wen. An improved certificateless signcryption in the standard model. Int. J. Netw. Secur., 17(3):229–237, 2015.
[13] Xiao Zheng and Xudong Li. An efficient certificateless signcryption in the standard model. In 2016 IEEE International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), pages 199–205. IEEE, 2016.
[14] Caixue Zhou, Guangyong Gao, and Zongmin Cui. Certificateless signcryption in the standard model. Wireless Personal Communications, 92(2):495–513, 2017.
[15] Parvin Rastegari and Mehdi Berenjkoub. An improved certificateless signcryption scheme. In 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pages 106–111. IEEE,2016.
[16] Parvin Rastegari and Mehdi Berenjkoub. An efficient certificateless signcryption scheme in the standard model. ISeCure, 9(1), 2017.
[17] Ming Luo and Yuwei Wan. An enhanced certificateless signcryption in the standard model. Wireless Personal Communications, 98(3):2693–2709, 2018.
[18] ZHOU Caixue. Certificateless signcryption scheme without random oracles. Chinese Journal of Electronics, 27(5):1002–1008, 2018.
[19] Shan Shan. An efficient certificateless signcryption scheme without random oracles. International Journal of Electronics and Information Engineering, 11(1):9–15, 2019.
[20] Parvin Rastegari, Willy Susilo, and Mohammad Dakhlalian. Efficient certificateless signcryption in the standard model: Revisiting luo and wan’s scheme from wireless personal communications(2018). The Computer Journal, 62(8):1178–1193,
2019.
[21] Parvin Rastegari and Mohammad Dakhilalian. Cryptanalysis of a certificateless signcryption scheme. In 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pages 67–71. IEEE, 2019.
[22] Yumin Yuan. Security analysis of an enhanced certificateless signcryption in the standard model. Wireless Personal Communications, pages 1–8, 2020.
[23] Xi-Jun Lin, Lin Sun, Zhen Yan, Xiaoshuai Zhang, and Haipeng Qu. On the security of a certificateless signcryption with known session-specific temporary information security in the standard model. The Computer Journal, 63(8):1259–1262, 2020.
[24] Insaf Ullah, Noor Ul Amin, Mahdi Zareei, Asim Zeb, Hizbullah Khattak, Ajab Khan, and Shidrokh Goudarzi. A lightweight and provable secured certificateless signcryption approach for crowdsourced iiot applications. Symmetry,11(11):1386, 2019.
[25] Fangguo Zhang, Reihaneh Safavi-Naini, and Willy Susilo. An efficient signature scheme from bilinear pairings and its applications. In International Workshop on Public Key Cryptography, pages 277–290. Springer, 2004.
[26] Marc Girault. Self-certified public keys. In Workshop on the Theory and Application of of Cryptographic Techniques, pages 490–497. Springer, 1991.
[27] Yi-Fan Tseng, Chun-I Fan, and Ching-Wen Chen. Top-level secure certificateless signature scheme in the standard model. IEEE Systems Journal, 13(3):2763–2774, 2019.
[28] Wenjie Yang, Shangpeng Wang, Wei Wu, and Yi Mu. Top-level secure certificateless signature against malicious-but-passive kgc. IEEE Access, 7:112870–112878, 2019.