86 results sorted by ID
Possible spell-corrected query: ind-based signature
Loquat: A SNARK-Friendly Post-Quantum Signature based on the Legendre PRF with Applications in Ring and Aggregate Signatures
Xinyu Zhang, Ron Steinfeld, Muhammed F. Esgin, Joseph K. Liu, Dongxi Liu, Sushmita Ruj
Cryptographic protocols
We design and implement a novel post-quantum signature scheme based on the Legendre PRF, named Loquat. Prior to this work, efficient approaches for constructing post-quantum signatures with comparable security assumptions mainly used the MPC-in-the-head paradigm or hash trees. Our method departs from these paradigms and, notably, is SNARK-friendly, a feature not commonly found in earlier designs. Loquat requires significantly fewer computational operations for verification than other...
Post-Quantum ID-based Ring Signatures from Symmetric-key Primitives
Maxime Buser, Joseph K. Liu, Ron Steinfeld, Amin Sakzad
Cryptographic protocols
Ring signatures and ID-based cryptography are considered promising in terms of application. A ring signature authenticates messages while the author of the message remains anonymous. ID-based cryptographic primitives suppress the need for certificates in public key infrastructures (PKI). In this work, we propose a generic construction for post-quantum ID-based ring signatures (IDRS) based on symmetric-key primitives from which we derive the first two constructions of IDRS. The first...
Two-Party Adaptor Signatures From Identification Schemes
Andreas Erwig, Sebastian Faust, Kristina Hostáková, Monosij Maitra, Siavash Riahi
Public-key cryptography
Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties....
A New Trapdoor over Module-NTRU Lattice and its Application to ID-based Encryption
Jung Hee Cheon, Duhyeong Kim, Taechan Kim, Yongha Son
Public-key cryptography
A trapdoor over NTRU lattice proposed by Ducas, Lyubashevsky and Prest~(ASIACRYPT 2014) has been widely used in various crytographic primitives such as identity-based encryption~(IBE) and digital signature,
due to its high efficiency compared to previous lattice trapdoors.
However, the most of applications use this trapdoor with the power-of-two cyclotomic rings,
and hence to obtain higher security level one should double the ring dimension which results in a huge loss of efficiency.
In...
An efficient and secure ID-based multi-proxy multi-signature scheme based on lattice
Rahim Toluee, Taraneh Eghlidos
Cryptographic protocols
Multi-proxy multi-signature schemes are useful in distributed networks, where a group of users cooperatively could delegate their administrative rights to the users of another group, who are authorized to generate the proxy signatures cooperatively on behalf of the original signers. In this paper, we aim to propose an ID-based lattice-based multi-proxy multi-signature (ILMPMS) scheme, which enjoys security against quantum computers and efficiency due to ID-based framework, linear operations...
2017/222
Last updated: 2019-08-21
A Note on Obtain Confidentiality or/ and Authenticity in Big Data by ID-Based Generalized Signcryption
Nizamud Dina, Arif Iqbal Umar, Abdul Waheed, Noor ul Amin
Public-key cryptography
ID based generalized signcryption can adaptively work as a signature scheme, an encryption scheme or a signcryption scheme and avoid weighty and complicated certificate management like Public Key Infrastructure. It has application in emerging paradigm big data security. Recently,Wei et al proposed a new ID based generalized signcryption scheme to obtain con…dentiality or/and authenticity in big data, and claimed that their scheme is provably secure in standard model. Unfortunately, by...
A Novel Multi-factor ID-based Designated Verifier Signature scheme
Mike Scott
Cryptographic protocols
In a classic digital signature scheme, the global community is capable of verifying a signature. In a designated verifier scheme (DVS), only the designated verifier has this capability. In a classic DVS scheme the signer themselves ``designates'' the entity that will have the capability of verifying their signature. In a pure identity-based signature scheme a Trusted Authority is introduced, and is responsible for issuing secret signing keys to all participants. In our proposed scheme it is...
Constrained PRFs for Unbounded Inputs with Short Keys
Hamza Abusalah, Georg Fuchsbauer
Secret-key cryptography
A constrained pseudorandom function (CPRF) $F \colon {\cal K} \times {\cal X} \to {\cal Y}$ for a family ${\cal T}$ of subsets of $\cal X$ is a function where for any key $k \in {\cal K}$ and set $S \in {\cal T}$ one can efficiently compute a short constrained key $k_S$, which allows to evaluate $F(k,\cdot)$ on all inputs $x \in S$, while the outputs on all inputs $x \notin S$ look random even given $k_S$.
Abusalah et al. recently constructed the first constrained PRF for inputs of...
An Efficient ID-Based Message Recoverable Privacy-Preserving Auditing Scheme
Mehmet Sabır Kiraz, İsa Sertkaya, Osmanbey Uzunkol
Applications
One of the most important benefits of public cloud storage is outsourcing of management and maintenance with easy accessibility and retrievability over the internet. However, outsourcing data on the cloud brings new challenges such as integrity verification and privacy of data. More concretely, once the users outsource their data on the cloud they have no longer physical control over the data and this leads to the integrity protection issue. Hence, it is crucial to guarantee proof of data...
ID Based Signcryption Scheme in Standard Model
S. Sharmila Deva Selvi, S. Sree Vivek, Dhinakaran Vinayagamurthy, C. Pandu Rangan
Public-key cryptography
Designing an ID based signcryption scheme in the standard model is among the most interesting and important problems in cryptography. However, all the existing systems in the ID based setting, in the standard model, do not have either the unforgeability property or the indistinguishability property or both of them. In this paper, we present the first provably secure ID based signcryption scheme in the standard model with both these properties. The unforgeability property of this scheme is...
Breaking pairing-based cryptosystems using $\eta_T$ pairing over $GF(3^{97})$
Takuya Hayashi, Takeshi Shimoyama, Naoyuki Shinohara, Tsuyoshi Takagi
Public-key cryptography
There are many useful cryptographic schemes, such as ID-based encryption,
short signature, keyword searchable encryption, attribute-based encryption,
functional encryption, that use a bilinear pairing.
It is important to estimate the security of such pairing-based cryptosystems in cryptography.
The most essential number-theoretic problem in pairing-based cryptosystems is
the discrete logarithm problem (DLP)
because pairing-based cryptosystems are no longer secure once the underlining DLP is...
On the Security of ID Based Signcryption Schemes
S. Sharmila Deva Selvi, S. Sree Vivek, Dhinakaran Vinayagamurthy, C. Pandu Rangan
Public-key cryptography
A signcryption scheme is secure only if it satisfies both the confidentiality and the unforgeability properties. All the ID based signcryption schemes presented in the standard model till now do not have either the confidentiality or the unforgeability or both of these properties. Cryptanalysis of some of the schemes have been proposed already. In this work, we present the security attacks on `Secure ID based signcryption in the standard model' proposed by Li-Takagi and `Further improvement...
A Multi-Receiver ID-Based Generalized Signcryption Scheme
Caixue Zhou
Public-key cryptography
Generalized signcryption(GSC) can adaptively work as an encryption scheme, a signature scheme or a signcryption scheme with only one algorithm. In this paper, the formal definition and security notions of multi-receiver identity-based generalized signcryption (MID-GSC) are defined. A concrete scheme is also proposed and proved to be confidential under the Bilinear Diffie-Hellman (BDH) assumption and existential unforgeable under the Computational Diffie-Hellman(CDH) assumption in the random...
2011/173
Last updated: 2012-05-22
An efficient certificateless short signature scheme from pairings
Debiao He, Jianhua Chen
Public-key cryptography
To avoid the inherent key escrow problem in ID-based public key cryptosystem, Al-Riyami and Paterson introduced a new approach called certificateless public key cryptography. Recently, several short certificateless signature schemes are presented to improve the performance. In this paper, we propose an efficient short certificateless signature scheme which is secure against the super adversary. Compared with the related scheme, our scheme has the best performance in both sign algorithm and...
The Fiat--Shamir Transform for Group and Ring Signature Schemes
M. -F. Lee, N. P. Smart, B. Warinschi
The Fiat-Shamir (FS) transform is a popular tool to produce
particularly efficient digital signature schemes out of identification protocols.
It is known that the resulting signature scheme is secure (in the
random oracle model) if and only if the identification protocol is secure
against passive impersonators. A similar results holds for constructing
ID-based signature schemes out of ID-based identification protocols.
The transformation had also been applied to identification protocols...
2010/256
Last updated: 2010-05-08
On the Public Key Replacement and Universal Forgery Attacks of Short Certificateless Signature
Mingwu Zhang, Tsuyoshi Takagi, Bo Yang
Public-key cryptography
Certificateless cryptography eliminates the need of certificates in the PKI and solves the inherent key escrow problem in the ID-based cryptography. Recently, Du and Wen proposed a short certi¯cateless signature scheme without MapToPoint hash function, and the signature size is short enough with only half of the DSA signature. In this paper, after the detailing the formal of certificateless signature scheme, we show that the Du and Wen's short certificateless signature scheme is insecure...
An efficient ID- based directed signature scheme from bilinear pairings
B. Umaprasada Rao, P. Vasudeva Reddy, T. Gowri
Public-key cryptography
A directed signature scheme allows a designated verifier to directly verify a signature issued to him, and a third party to check the signature validity with the help of the signer or the designated verifier as well. Directed signatures are applicable where the signed message is sensitive to the signature receiver. Due to its merits, directed signature schemes are suitable for applications such as bill of tax and bill of health. In this paper, we proposed an efficient identity based directed...
A Novel ID-based Electronic Cash System from Pairings
Jue-Sam Chou, Yalin Chen, Ming-Hsun Cho, Hung-Min Sun
Cryptographic protocols
Recently, Chen et al. and Juang et al. each proposed one and two e-cash payment systems respectively. They claimed that their schemes are secure. However, in this paper, we will present the shortcomings of their schemes and then propose a novel one from pairings. After security analysis and comparison, we conclude that our scheme not only is more secure but also possesses more functions that a secure electronic cash system should encompass than all of the proposed protocols.
Generalization of Barreto et al ID based Signcryption Scheme
Sunder Lal, Prashant Kushwah
Public-key cryptography
This paper presents an efficient and provable secure identity based generalized signcryption scheme based on [1] which can work as signcryption scheme, encryption scheme and signature scheme as per need. Its security is proved under the difficulty of q-BDHIP. A generalized signcryption scheme in multiple PKGs environment is also proposed.
How Risky is the Random-Oracle Model?
Gaetan Leurent, Phong Q. Nguyen
Public-key cryptography
RSA-FDH and many other schemes secure in the Random-Oracle Model (ROM) require
a hash function with output size larger than standard sizes.
We show that the random-oracle instantiations proposed in the literature for such cases
are weaker than a random oracle,
including the proposals by Bellare and Rogaway from 1993 and 1996,
and the ones implicit in IEEE P1363 and PKCS standards:
for instance, there is a practical $2^{30}$ preimage attack on BR93 for 1024-bit digests.
Next, we study the...
An Efficient and Provably Secure ID-Based Threshold Signcryption Scheme
Fagen Li, Yong Yu
Public-key cryptography
Signcryption is a cryptographic primitive that performs digital
signature and public key encryption simultaneously, at a lower
computational costs and communication overheads than the
signature-then-encryption approach. Recently, two identity-based
threshold signcryption schemes[12],[26] have been
proposed by combining the concepts of identity-based threshold
signature and signcryption together. However, the formal models and
security proofs for both schemes are not considered. In this...
2008/179
Last updated: 2008-05-29
An Efficient ID-based Ring Signature Scheme from Pairings
Chunxiang Gu, Yuefei Zhu
Public-key cryptography
A ring signature allows a user from a set of possible signers to convince the verifier that the author of the signature belongs to the set but identity of the author is not disclosed. It protects the anonymity of a signer since the verifier knows only that the signature comes from a member of a ring, but doesn't know exactly who the signer is. This paper proposes a new ID-based ring signature scheme based on the bilinear pairings. The new scheme provides signatures with constant-size without...
Strongly Unforgeable ID-based Signatures Without Random Oracles
Chifumi Sato, Takeshi Okamoto, Eiji Okamoto
Cryptographic protocols
In this paper, we construct a strongly unforgeable ID-based signature scheme without random oracles. The signature size of our scheme is smaller than that of other schemes based on varieties of the Diffie-Hellman problem or the discrete logarithm problem. The security of the scheme relies on the difficulty to solve three problems related to the Diffie-Hellman problem and a one-way isomorphism.
New ID-based Fair Blind Signatures
Girraj Kumar Verma
Public-key cryptography
A blind signature is a cryptographic premitive in which a user can obtain a signature from the signer without revealing any information about message signature pair.Blind signatures are used in electronic payment systems, electronic voting machines etc.The anonymity can be misused by criminals by money laundering or by dubious money.To prevent these crimes, the idea of fair blind signature scheme was given by stadler et al.In fair blind signature scheme, there is a trusted third party judge...
ID based generalized signcryption
Sunder Lal, Prashant Kushwah
Public-key cryptography
Generalized signcryption is a new cryptographic primitive in which a signcryption scheme can work as an encryption scheme as well as a signature scheme. This paper presents an identity based generalized signcryption scheme based on bilinear pairing and discusses its security for message confidentiality non repudiation and ciphertext authentication.
ID-Based Group Password-Authenticated Key Exchange
Xun Yi, Raylin Tso, Eiji Okamoto
Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an ``honest but curious'' server, intend to establish a common secret key (i.e., a group key) with the help of the server. In this setting, the key established is known to the clients only and no one else,...
Proxy Re-Signature Schemes without Random Oracles
Jun Shao, Zhenfu Cao, Licheng Wang, Xiaohui Liang
Public-key cryptography
To construct a suitable and secure proxy re-signature scheme is not an easy job, up to now, there exist only three schemes, one is proposed by Blaze et al. at EUROCRYPT 1998, and the others are proposed by Ateniese and Hohenbergerat ACM CCS 2005. However, none of these schemes is proved in the standard model (i.e., do not rely on the random oracle heuristic). In this paper, based on Waters' approach, we first propose a multi-use bidirectional proxy re-signature scheme, denoted as $S_{mb}$,...
On the Forgeability of Wang-Tang-Li's ID-Based Restrictive Partially Blind Signature
Shengli Liu, Xiaofeng Chen, Fangguo Zhang
Public-key cryptography
Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of {\bf unforgeability} as claimed. More precisely, a user can forge a valid message-signature pair $(ID, msg, {\bf info'},...
Some Identity Based Strong Bi-Designated Verifier Signature Schemes
Sunder Lal, Vandani Verma
The problem of generalization of (single) designated verifier schemes to several designated verifiers was proposed by Desmedt in 2003. The paper proposes eight new Identity Based Strong Bi-Designated Verifier Signature Schemes in which the two designated verifiers may not know each other. The security and the computational efficiency of the schemes are also analyzed.
Efficient ID-based Signature Without Trusted PKG
Jingwei Liu, Rong Sun, Weidong Kou, Xinmei Wang
Public-key cryptography
In this paper, we introduce the exact concept of ID-based signature without trusted Private Key Generator (PKG), which solves the key escrow problem through binding two partially public keys with a same identity. In this scheme, PKG is prevented from forging a legal user’s signature because he only generates the partially private key. Using Gap Diffie-Hellman (GDH) groups, we construct an efficient ID-based signature scheme without trusted PKG, which security relies on the hardness of the...
An Interesting Member ID-based Group Signature
Sujing Zhou, Dongdai Lin
Public-key cryptography
We propose an interesting efficient member ID-based group
signatures, i.e., verification of output from algorithm OPEN run by
the group manager does not have to refer to a registration table
(acting as certification list).
The proposal is free of GM-frameability, i.e., secret key of member
is not escrowed to GM, which is unique among all known member
ID-based group signatures as far as we know.
The proposal also has two distinguished extra features, one is that
the group manager does not...
Security Arguments for a Class of ID-based Signatures
jin zhou, ya-juan zhang, yue-fei zhu
Public-key cryptography
Provable security based on complexity theory provides an efficient way for providing the convincing evidences of security. In this paper, we present a definition of generic ID-based signature schemes (GIBSS) by extending the definition of generic signature schemes, and prove the Forking lemma for GIBSS. That is, we provide the Forking lemma for ID-based signature schemes. The theoretical result can be viewed as an extension of the Forking Lemma due to Pointcheval and Stern for ID-based...
One-Round ID-Based Blind Signature Scheme without ROS Assumption
Wei Gao, Xueli Wang, Guilin Wang, Fei Li
Public-key cryptography
In this paper, we propose a new ID-based blind signature scheme based
on bilinear pairings from scratch (i.e. without using existing ID-based signature schemes, and without using existing computational assumptions). First, the round complexity of our ID-based blind signature scheme is optimal. Namely, each interactive signature generation requires the requesting user and the signer to transmit only one message each. Second, the proposed scheme is provably secure against generic parallel...
Identity Based Strong Designated Verifier Proxy Signature Schemes
Sunder Lal, Vandani Verma
Public-key cryptography
The paper proposes four new ID based strong designated verifier proxy signature (SDVPS) scheme. The schemes are formed by introducing proxy in ID based SDVS, ID based in SDVPS and ID based proxy in SDVS. We have also analyzed the security of the schemes and their computation aspects.
Generic Construction of (Identity-based) Perfect Concurrent Signatures
Sherman S. M. Chow, Willy Susilo
Public-key cryptography
The notion of concurrent signatures was recently introduced by Chen, Kudla and Paterson. In concurrent signature schemes, two entities can produce two signatures that are not binding, until an extra piece of information (namely the keystone) is released by one of the parties. Subsequently, it was noted that the concurrent signature scheme proposed in the seminal paper cannot provide perfect ambiguity. Then, the notion of perfect concurrent signatures was introduced. In this paper, we define...
Analysis and Improvements of Two Identity-Based Perfect Concurrent Signature Schemes
Zhenjie Huang, Kefei Chen, Yumin Wang
Public-key cryptography
The notion of concurrent signatures was introduced by Chen, Kudla
and Paterson in their seminal paper in Eurocrypt 2004. In concurrent
signature schemes, two entities can produce two signatures that are
not binding, until an extra piece of information (namely the
keystone) is released by one of the parties. Upon release of the
keystone, both signatures become binding to their true signers
concurrently. In ICICS 2005, two identity-based perfect concurrent
signature schemes were proposed by...
Efficient ID-based Threshold Signature Schemes without Pairings
Jun Shao, Zhenfu Cao, Licheng Wang
Public-key cryptography
The focus of this paper is to design an efficient and secure
solution addressing the key escrow problem in ID-based signature
schemes, i.e., the Private Key Generator (PKG) knows the user's
private key, which damages the essential
requirement--``non-repudiation" property of signature schemes. In
this paper, we proposed two ID-based threshold signature schemes,
which both reach Girault's trusted level 3, and in which there
exists only one PKG in our ID-based threshold signature schemes....
Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security
Shidi Xu, Yi Mu, Willy Susilo, Xiaofeng Chen, Xinyi Huang, Fangguo Zhang
Applications
Efficient authentication is one of important security requirements in mobile ad hoc network (MANET) routing systems. The techniques of digital signatures are generally considered as the best candidates to achieve strong authentication. However, using normal digital signature schemes is too costly to MANET due to the computation
overheads. Considering the feasibility of incorporating digital signatures in MANET, we incorporate the notion of online/offline signatures, where the computational...
2006/205
Last updated: 2007-11-02
ID-Based Ring Signature Scheme secure in the Standard Model
Man Ho Au, Joseph K. Liu, Y. H. Yuen, Duncan S. Wong
The only known construction of ID-based ring signature schemes which
maybe secure in the standard model is to attach certificates to
non-ID-based ring signatures. This method leads to schemes that are
somewhat inefficient and it is an open problem to find more
efficient and direct constructions. In this paper, we propose two
such constructions. Our first scheme, with signature size linear in
the cardinality of the ring, is secure in the standard model under
the computational Diffie-Hellman...
An Efficient ID-based Digital Signature with Message Recovery Based on Pairing
Raylin Tso, Chunxiang Gu, Takeshi Okamoto, Eiji Okamoto
Public-key cryptography
Signature schemes with message recovery have been wildly investigated
a decade ago in the literature, but the first ID-based signature with message recovery goes out into the world until 2005. In this paper, we first point out and revise one little but important problem
which occurs in the previous ID-based signature with message recovery scheme. Then, by completely different setting, we propose a new ID-based signature scheme with message recovery. Our scheme is much more efficient than the...
An Efficient ID-based Proxy Signature Scheme from Pairings
Chunxiang Gu, Yuefei Zhu
Public-key cryptography
This paper proposes a new ID-based proxy signature scheme based on the bilinear pairings. The number of paring operation involved in the verification procedure of our scheme is only one, so our scheme is more efficient comparatively. The new scheme can be proved secure
with the hardness assumption of the k-Bilinear Diffie-Hellman Inverse
problem, in the random oracle model.
2006/060
Last updated: 2006-03-14
An Efficient ID-based Signature Scheme from Pairings
Chunxiang Gu, Yuefei Zhu, Xiaoyu Pan
Public-key cryptography
In this paper, we propose an efficient ID-based signature scheme based on pairing. The number of paring operation involved in the verification procedure is one. Our scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the hardness assumption of computational Diffie-Hellman problem, in the random oracle model.
2005/423
Last updated: 2005-12-13
ID-based signature and Key-insulated threshold signature
Jin Li, Fangguo Zhang
Public-key cryptography
Identity-based (simply ID-based) cryptosystem was proposed in
order to simplify key management procedures of certificate-based
public key infrastructures. In 2003 Sakai and Kasahara proposed a
new ID-based encryption scheme (SK-IBE). In our paper, it is
intended to build a new ID-based signature (IBS) scheme which
shares the same system parameters with SK-IBE. SK-IBE and our
signature scheme yield a new complete ID-based public key
cryptosystem. The proposed signature scheme is provably...
Cryptanalysis of Two ID-based Authenticated Key Agreement Protocols from Pairings
Kyung-Ah Shim
Cryptographic protocols
Recently, a number of ID-based two-party
authenticated key agreement protocols which make of bilinear
pairings have been proposed \cite {CJL,MB,Sh,S,X}. In this paper, we
show that the Xie's protocol \cite {X} does not provide implicit key
authentication and key-compromise impersonation resilience. Also, we
point out the vulnerability of the Choi {\it et al}'s protocol \cite
{CJL} against signature forgery attacks.
A Suite of Non-Pairing ID-Based Threshold Ring Signature Schemes with Different Levels of Anonymity
Patrick P. Tsang, Man Ho Au, Joseph K. Liu, Willy Susilo, Duncan S. Wong
Public-key cryptography
Since the introduction of Identity-based (ID-based) cryptography
by Shamir in 1984, numerous ID-based signature schemes have been
proposed. In 2001, Rivest et al. introduced ring signature that
provides irrevocable signer anonymity and spontaneous group
formation. In recent years, ID-based ring signature schemes have
been proposed and all of them are based on bilinear pairings. In
this paper, we propose the first ID-based threshold ring signature
scheme that is not based on bilinear...
ID-based Restrictive Partially Blind Signatures and Applications
Xiaofeng Chen, Fangguo Zhang, Shengli Liu
Restrictive blind signatures allow a recipient to receive a blind
signature on a message not known to the signer but the choice of
message is restricted and must conform to certain rules. Partially
blind signatures allow a signer to explicitly include necessary
information (expiration date, collateral conditions, or whatever)
in the resulting signatures under some agreement with receiver.
Restrictive partially blind signatures incorporate the advantages
of these two blind signatures. The...
Adaptable Group-Oriented Signature
Chunbo Ma, Jun Ao, Dake He
Public-key cryptography
A new type of signature is presented in this paper, named adaptable group-oriented signature. In contrast with traditional group-oriented signature, the new one laid a strong emphasis on how to improve the signer¡¯s efficiency. In fact, this new type of group-oriented signature can be seen as a type of designated verifier signature. In contrast with the ordinary designated verifier signature, it does not designate one member but several members to independently verify the signature. The...
Accumulators from Bilinear Pairings and Applications to ID-based Ring Signatures and Group Membership Revocation
Lan Nguyen
Public-key cryptography
We propose a dynamic accumulator scheme from bilinear
pairings, whose security is based on the Strong Diffie-Hellman
assumption. We show applications of this accumulator in
constructing an identity-based (ID-based) ring signature scheme
with constant-size signatures and its interactive counterpart, and
providing membership revocation to group signature, traceable
signature and identity escrow schemes and anonymous credential
systems. The ID-based ring signature scheme and the group
signature...
A Survey on ID-Based Cryptographic Primitives
M. Choudary Gorantla, Raju Gangishetti, Ashutosh Saxena
Public-key cryptography
ID-based cryptosystem has been, for a few years, the most active
area of research and currently is of great interest to the
cryptographic society. In this work we survey three fundamental
ID-based cryptographic primitives Digital Signature, Encryption and Key Agreement, which are based on the mathematical concepts Integer Factorization, Quadratic Residues and Bilinear Pairings. We review several schemes along with their efficiency and security considerations. The survey helps in...
New Distributed Ring Signatures for General Families of Signing Subsets
Javier Herranz, Germán Sáez
Cryptographic protocols
In a distributed ring signature scheme, a subset of users
cooperate to compute a distributed anonymous signature on a
message, on behalf of a family of possible signing subsets. The
receiver can verify that the signature comes from a subset of the
ring, but he cannot know which subset has actually signed.
In this work we use the concept of dual access structures to
construct a distributed ring signature scheme which works with
general families of possible signing subsets. The length of...
Efficient Identity Based Ring Signature
Sherman S. M. Chow, S. M. Yiu, Lucas C. K. Hui
Public-key cryptography
Identity-based (ID-based) cryptosystems eliminate the need for validity checking of the certificates and the need for registering for a certificate before getting the public key. These two features are desirable especially for the efficiency and the real spontaneity of ring signature, where a user can anonymously sign a message on behalf of a group of spontaneously conscripted users including the actual signer.
In this paper, we propose a novel construction of ID-based ring signature which...
Separable and Anonymous Identity-Based Key Issuing
Ai-fen Sui, Sherman S. M. Chow, Lucas C. K. Hui, S. M. Yiu, K. P. Chow, W. W. Tsang, C. F. Chong, K. H. Pun, H. W. Chan
Public-key cryptography
In identity-based (ID-based) cryptosystems, a local registration authority (LRA) is responsible for authentication of users while the key generation center (KGC) is responsible for computing and sending the private keys to users and therefore, a secure channel is required. For privacy-oriented applications, it is important to keep in secret whether the private key corresponding to a certain identity has been requested. All of the existing ID-based key issuing schemes have not addressed this...
2004/288
Last updated: 2005-07-25
A New Designated Confirmer Signature Variant with Intended Recipient
Yong Li, Dingyi Pei
Public-key cryptography
Previous designated confirmer signature schemes were less
efficient because complex zero-knowledge proof employed in
confirmation and disavowal protocol. In this paper, we propose a
new efficient signature scheme which is recipient-specific and
confirmer-specific. The new scheme is transformed from ID-based
chameleon signature and inherits its advantage in simplicity and
efficiency. The scheme's security relies on the underlying secure
chameleon signature and public key encryption scheme. We...
Identity Based Threshold Proxy Signature
Jing Xu, Zhenfeng Zhang, Dengguo Feng
Public-key cryptography
Identity-based (ID-based) public key cryptosystem can be a good
alternative for certificate-based public key setting, especially
when efficient key management and moderate security are required.
In a $(t,n)$ threshold proxy signature scheme, the original signer
delegates the power of signing messages to a designated proxy
group of $n$ members. Any $t$ or more proxy signers of the group
can cooperatively issue a proxy signature on behalf of the
original signer, but $t-1$ or less proxy signers...
ID-Based Proxy Signature Using Bilinear Pairings
Jing Xu, Zhenfeng Zhang, Dengguo Feng
Identity-based (ID-based) public key cryptosystem can be a good
alternative for certificate-based public key setting, especially
when efficient key management and moderate security are required.
A proxy signature scheme permits an entity to delegate its signing
rights to another entity. But to date, no ID-based proxy signature
schemes with provable security have been proposed. In this paper,
we formalize a notion of security for ID-based proxy signature
schemes and propose a scheme based on...
ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings
Amit K Awasthi, Sunder Lal
Cryptographic protocols
n 2001, Rivest et al. firstly introduced the concept of ring signatures. A ring signature is a simplified group signature without any manager. It protects the anonymity of a signer. The first scheme proposed by Rivest et al. was based on RSA cryptosystem and certificate based public key setting. The first ring signature scheme based on DLP was proposed by Abe, Ohkubo, and Suzuki. Their scheme is also based on the general certificate-based public key setting too. In 2002, Zhang and Kim...
Identity Based Threshold Ring Signature
Sherman S. M. Chow, Lucas C. K. Hui, S. M. Yiu
Public-key cryptography
In threshold ring signature schemes, any group of $t$ entities spontaneously conscripting arbitrarily $n-t$ entities to generate a publicly verifiable $t$-out-of-$n$ signature on behalf of the whole group, yet the actual signers remain anonymous. The spontaneity of these schemes is desirable for ad-hoc groups such as mobile ad-hoc networks. In this paper, we present an identity based (ID-based) threshold ring signature scheme. The scheme is provably secure in the
random oracle model and...
ID-based Cryptography from Composite Degree Residuosity
Man Ho Au, Victor K. Wei
We present identity-based identification (resp. encryption, signature, blind signature,ring signature) from composite degree residuosity (CDR). Constructions of identifications and signatures
motivated by several existing CDR-based bandwidth-efficient
encryption schemes are presented. Their securities are proven equivalent to famous hard problems, in the random oracle model.
Motivated by Cocks,we construct an identity-based encryption from CDR. Its security is proven equivalent to a new...
A New ID-based Signature with Batch Verification
Jung Hee Cheon, Yongdae Kim, Hyo Jin Yoon
Cryptographic protocols
An identity (ID)-based signature scheme allows any pair of
users to communicate securely and to verify each other's
signatures without exchanging public key certificates. We have
several ID-based signatures based on the discrete logarithm
problem. While they have an advantage that the system secret can
be shared by several parties through threshold schemes, they have
a critical disadvantage in efficiency. To enhance the efficiency
of verification, we propose a new ID-based signature
scheme...
Two Improved Partially Blind Signature Schemes from Bilinear Pairings
Sherman S. M. Chow, Lucas C. K. Hui, S. M. Yiu, K. P. Chow
Public-key cryptography
A blind signature scheme is a protocol for obtaining a digital signature from a signer, but the signer can neither learn the messages he/she sign nor the signatures the recipients obtain afterwards. Partially blind signature is a variant such that part of the message contains pre-agreed information (agreed by the signer and the signature requester) in unblinded form, while threshold blind signature distributes the signing power to a group of signers such that a signature can only be...
The Exact Security of an Identity Based Signature and its Applications
Benoît Libert, Jean-Jacques Quisquater
This paper first positively answers the previously open question
of whether it was possible to obtain an optimal security reduction
for an identity based signature (IBS) under a reasonable
computational assumption. We revisit the Sakai-Ogishi-Kasahara IBS
that was recently proven secure by Bellare, Namprempre and Neven
through a general framework applying to a large family of schemes.
We show that their modified SOK-IBS scheme can be viewed as a
one-level instantiation of Gentry and...
A Provably Secure Nyberg-Rueppel Signature Variant with Applications
Giuseppe Ateniese, Breno de Medeiros
This paper analyzes the modified Nyberg-Rueppel
signature scheme (mNR), proving it secure in the Generic Group Model (GM).
We also show that the security of the mNR signature is equivalent (in the standard model)
to that of a twin signature, while achieving
computational and bandwidth improvements.
As a provably secure signature scheme, mNR is very efficient. We demonstrate its
practical relevance by providing an application to the
construction of a provably secure,...
A Secure Modified ID-Based Undeniable Signature Scheme
Sherman S. M. Chow, Lucas C. K. Hui, S. M. Yiu, K. P. Chow
Public-key cryptography
Verifiable Pairing and its Applications. In Chae Hoon Lim and Moti Yung, editors, Information Security Applications: 5th International Workshop, WISA 2004, Jeju Island, Korea, August 23-25, 2004, Revised Selected Papers, volume 3325 of Lecture Notes in Computer Science, pp. 170-187. (http://www.springerlink.com/index/C4QB7C13NL0EY5VN)
which contains an improved and generalized result of this paper.
A provably secure ID-based ring signature scheme
Javier Herranz, Germán Sáez
Public-key cryptography
Identity-based (ID) cryptosystems avoid the necessity of certificates to authenticate public keys
in a digital communications system. This is desirable, specially for these applications which
involve a large number of public keys in each execution. For example, any computation and
verification of a ring signature scheme, where a user anonymously signs a message on behalf of a
set of users including himself, requires to authenticate the public keys of all the members of the
set.
We use...
ID-based Authenticated Two Round Multi-Party Key Agreement
Xinjun Du, Ying Wang, Jianhua Ge, Yumin Wang
Cryptographic protocols
This paper proposes an ID-based authenticated two round multi-party key agreement among n parties. Several ID-based two-party and tripartite key agreement schemes were proposed recently. Our two round multi-party key agreement scheme utilizes the idea of the two-round group key exchange protocol of Burmester and Desmedt. The authenticity of the protocol is assured by a special signature scheme, so the messages carrying the information of ephemeral key can be broadcasted authentically by an...
Chameleon Signature from Bilinear Pairing
Xinjun Du, Ying Wang, Jianhua Ge, Yumin Wang
Cryptographic protocols
Chameleon signatures are non-interactive signatures based on a hash-and-sign paradigm, and similar in efficiency to regular signatures. The distinguishing characteristic of chameleon signatures is that there are non-transferable, with only the designated recipient capable of asserting its validity. In this paper, we introduce a new ID-based chameleon hash function based on bilinear pairing and build the ID-based chameleon signature scheme. Compared with the conventional chameleon hashing...
ID-Based Chameleon Hashes from Bilinear Pairings
Fangguo Zhang, Reihaneh Safavi-Naini, Willy Susilo
Public-key cryptography
Chameleon hash function is a trapdoor one-way hash function. The
ID-based chameleon hash function was first introduced by Ateniese
and Medeiros \cite{AM03}. As discussed by \cite{AM03}, the general
advantages of ID-based cryptography over conventional cryptography
with respect to key distribution are even more pronounced in a
chameleon hashing scheme, because the owner of a public key does
not necessarily need to retrieve the associated secret key. In
this paper, we propose two new ID-based...
Identity Based Undeniable Signatures
Benoît Libert, Jean-Jacques Quisquater
Public-key cryptography
In this paper, we give a first example of identity based
undeniable signature using pairings over elliptic curves. We
extend to the identity based setting the security model for the
notions of invisibility and anonymity given by Galbraith and Mao
in 2003 and we prove that our scheme is existentially unforgeable
under the Bilinear Diffie-Hellman assumption in the random oracle
model. We also prove that it has the invisibility property under
the Decisional Bilinear Diffie-Hellman assumption...
Cryptanalysis of B.Lee-S.Kim-K.Kim Proxy Signature
Zheng Dong, Shengli Liu, kefei Chen
Public-key cryptography
Blind signature is the concept to ensure anonymity of e-cion. Untracebility and unlinkability are two main properties of real coin, which require mimicking electronically. Proxy signature schemes allow a proxy signer to generate a proxy signature on behalf of an original signer.All the previous proxy signature schemes are based on ElGamal-type schemes.In this paper, we propose a new proxy blind signature scheme based on an ID-based signature scheme, which uses bilinear pairings of elliptic...
Universal Designated-Verifier Signatures
Ron Steinfeld, Laurence Bull, Huaxiong Wang, Josef Pieprzyk
Motivated by privacy issues associated with dissemination of signed digital certificates, we define a new type of signature scheme called a ‘Universal Designated-Verifier Signature’ (UDVS). A UDVS scheme can function as a standard publicly-verifiable digital signature but has additional functionality which allows any holder of a signature (not necessarily the signer) to designate the signature to any desired designated-verifier (using the verifier’s public key). Given the...
Identity-based Chameleon Hash and Applications
Giuseppe Ateniese, Breno de Medeiros
Chameleon signatures are non-interactive signatures based on a hash-and-sign para\-digm, and similar in efficiency to regular signatures. The distinguishing characteristic of chameleon signatures is that their are non-transferable, with only the designated recipient capable of asserting its validity. In
this paper, we introduce the first identity-based chameleon hash function.
The general advantages of identity-based cryptography over conventional schemes
relative to key distribution are...
Multipurpose Identity-Based Signcryption : A Swiss Army Knife for Identity-Based Cryptography
Xavier Boyen
Public-key cryptography
A combined Identity-Based Signature/Encryption system with multiple security properties is presented. The scheme allows Alice to sign a message and encrypt it for Bob ("confidentiality") in such a way that the ciphertext does not reveal anything about their identities ("anonymity"); upon receipt, Bob is convinced that he is Alice's intended addressee ("authentication") but is unable to prove this to a third party ("unlinkability"); nevertheless, the decrypted message bears a signature by...
ID-based tripartite key agreement with signatures
Divya Nalla
Cryptographic protocols
This paper proposes a new identity based tripartite key agreement protocol which is more efficient than the existing ID-based tripartite protocol. This protocol is based on the Joux's protocol for key agreement, and introduces signature along with key agreement to overcome man-in-the-middle attacks and to provide authentication. The new protocol resists existential forgeries against adaptively chosen message attacks under the random oracle model.
Attack on Han et al.'s ID-based Confirmer (Undeniable) Signature at ACM-EC'03
Fangguo Zhang, Reihaneh Safavi-Naini, Willy Susilo
At the fourth ACM conference on electronic commerce
(EC'03), S. Han, K.Y. Yeung and J. Wang proposed an ID-based
confirmer signature scheme using pairings (actually, this is an
ID-based undeniable signature scheme). However, in this paper, we
will show that this signature scheme is not secure. The signer can
deny any signature, even this signature is his valid signature and
any one can forge a valid confirmer signature of a signer with
identity ID on an arbitrary message and confirm this...
A New ID-based Group Signature Scheme from Bilinear Pairings
Xiaofeng Chen, Fangguo Zhang, Kwangjo Kim
We argue that traditional ID-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we propose new ID-based public key systems without trustful KGC from bilinear pairings. In our new ID-based systems, if dishonest KGC impersonates an honest user to
communicate with others, the user can provide a proof of treachery of the KGC afterwards, which is similar to CA-based systems. Furthermore, we propose a group signature...
Cryptanalysis of ID-based Tripartite Authenticated Key Agreement Protocols
Kyungah Shim
Cryptographic protocols
In this paper, we show that the Nalla-Reddy's one round ID-based tripartite authenticated key agreement protocols are still insecure against the man-in-the-middle attacks. We also break the Nalla's ID-based tripartite authenticated key agreement protocol with signatures.
New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairing
Fangguo Zhang, Reihaneh Safavi-Naini, Chih-Yin Lin
Proxy signatures are very useful tools when one needs to delegate
his/her signing capability to other party. After Mambo $et\ al.$'s
first scheme was announced, many proxy signature schemes and
various types of proxy signature schemes have been proposed. Due
to the various applications of the bilinear pairings in
cryptography, there are many ID-based signature schemes have been
proposed. In this paper, we address that it is easy to design
proxy signature and proxy blind signature from the...
Signcryption scheme for Identity-based Cryptosystems
Divya Nalla, K. C. Reddy
Cryptographic protocols
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-then-encryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme...
ID based Cryptosystems with Pairing on Elliptic Curve
Ryuichi SAKAI, Masao KASAHARA
Public-key cryptography
The pairings on elliptic curves have been applied for realizing the
secure ID based cryptosystems that can be invulnerable to the collusion
attacks. The computation of the pairing are necessary for the
cryptosystems, though the computation of the pairing requires high cost
compared with the computation cost for the power operation over the
finite fields or on the elliptic curve when the parameters are securely
to be provided.
In this paper we propose an efficient method for a class of ID...
2003/044
Last updated: 2003-04-04
Signcryption scheme for Identity-based Cryptosystems
Divya Nalla, K. C. Reddy
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-then-encryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme...
ID-Based One Round Authenticated Tripartite Key Agreement Protocol with Pairings
Fangguo Zhang, Shengli Liu, Kwangjo Kim
Cryptographic protocols
With positive applications of Weil pairing (Tate pairing) to
cryptography, ID-based encryption schemes, digital signature
schemes, blind signature scheme, two-party authenticated key
agreement schemes, and tripartite key agreement scheme were
proposed recently, all of them using bilinear pairing (Weil or
Tate pairing). In this paper, we propose an ID-based one round
authenticated tripartite key agreement protocol. The authenticity
of the protocol is assured by a special signature scheme,...
How to convert any ID-based Signature Schemes
Claude Castelluccia
Cryptographic protocols
This paper describes how any Identity Based Signature schemes
can be used to implement a Group Signature scheme.
The performance of the generated Group Signature scheme is similar to
the performance of the underlying ID-based Signature scheme.
This makes our proposal very attractive since
most of existing group signature schemes that have been proposed so far
are grossly inefficient. In contrast, ID-based signature schemes can be
very efficient especially if they use elliptic curves and pairing.
Hierarchical ID-Based Cryptography
Craig Gentry, Alice Silverberg
We present hierarchical identity-based encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear Diffie-Hellman problem.
A Universal Forgery of Hess's Second ID-based Signature against the Known-message Attack
Jung Hee Cheon
Public-key cryptography
In this paper we propose a universal forgery attack of Hess's second
ID-based signature scheme against the known-message attack.
An Identity-Based Signature from Gap Diffie-Hellman Groups
Jae Choon Cha, Jung Hee Cheon
In this paper we propose an identity(ID)-based signature scheme using gap Diffie-Hellman (GDH) groups. Our scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model. Using GDH groups obtained from bilinear pairings, as a special case of our scheme, we obtain an ID-based signature scheme that shares the same system parameters and the same private/public key pairs with the ID-based encryption scheme (BF-IBE) by Boneh and...
ID-based Signatures from Pairings on Elliptic Curves
Kenneth G. Paterson
Public-key cryptography
We present an efficient identity-based signature scheme which makes
use of bilinear pairings on elliptic curves. Our scheme is similar to
the generalized ElGamal signature scheme. We consider the security of
our scheme.
We design and implement a novel post-quantum signature scheme based on the Legendre PRF, named Loquat. Prior to this work, efficient approaches for constructing post-quantum signatures with comparable security assumptions mainly used the MPC-in-the-head paradigm or hash trees. Our method departs from these paradigms and, notably, is SNARK-friendly, a feature not commonly found in earlier designs. Loquat requires significantly fewer computational operations for verification than other...
Ring signatures and ID-based cryptography are considered promising in terms of application. A ring signature authenticates messages while the author of the message remains anonymous. ID-based cryptographic primitives suppress the need for certificates in public key infrastructures (PKI). In this work, we propose a generic construction for post-quantum ID-based ring signatures (IDRS) based on symmetric-key primitives from which we derive the first two constructions of IDRS. The first...
Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties....
A trapdoor over NTRU lattice proposed by Ducas, Lyubashevsky and Prest~(ASIACRYPT 2014) has been widely used in various crytographic primitives such as identity-based encryption~(IBE) and digital signature, due to its high efficiency compared to previous lattice trapdoors. However, the most of applications use this trapdoor with the power-of-two cyclotomic rings, and hence to obtain higher security level one should double the ring dimension which results in a huge loss of efficiency. In...
Multi-proxy multi-signature schemes are useful in distributed networks, where a group of users cooperatively could delegate their administrative rights to the users of another group, who are authorized to generate the proxy signatures cooperatively on behalf of the original signers. In this paper, we aim to propose an ID-based lattice-based multi-proxy multi-signature (ILMPMS) scheme, which enjoys security against quantum computers and efficiency due to ID-based framework, linear operations...
ID based generalized signcryption can adaptively work as a signature scheme, an encryption scheme or a signcryption scheme and avoid weighty and complicated certificate management like Public Key Infrastructure. It has application in emerging paradigm big data security. Recently,Wei et al proposed a new ID based generalized signcryption scheme to obtain con…dentiality or/and authenticity in big data, and claimed that their scheme is provably secure in standard model. Unfortunately, by...
In a classic digital signature scheme, the global community is capable of verifying a signature. In a designated verifier scheme (DVS), only the designated verifier has this capability. In a classic DVS scheme the signer themselves ``designates'' the entity that will have the capability of verifying their signature. In a pure identity-based signature scheme a Trusted Authority is introduced, and is responsible for issuing secret signing keys to all participants. In our proposed scheme it is...
A constrained pseudorandom function (CPRF) $F \colon {\cal K} \times {\cal X} \to {\cal Y}$ for a family ${\cal T}$ of subsets of $\cal X$ is a function where for any key $k \in {\cal K}$ and set $S \in {\cal T}$ one can efficiently compute a short constrained key $k_S$, which allows to evaluate $F(k,\cdot)$ on all inputs $x \in S$, while the outputs on all inputs $x \notin S$ look random even given $k_S$. Abusalah et al. recently constructed the first constrained PRF for inputs of...
One of the most important benefits of public cloud storage is outsourcing of management and maintenance with easy accessibility and retrievability over the internet. However, outsourcing data on the cloud brings new challenges such as integrity verification and privacy of data. More concretely, once the users outsource their data on the cloud they have no longer physical control over the data and this leads to the integrity protection issue. Hence, it is crucial to guarantee proof of data...
Designing an ID based signcryption scheme in the standard model is among the most interesting and important problems in cryptography. However, all the existing systems in the ID based setting, in the standard model, do not have either the unforgeability property or the indistinguishability property or both of them. In this paper, we present the first provably secure ID based signcryption scheme in the standard model with both these properties. The unforgeability property of this scheme is...
There are many useful cryptographic schemes, such as ID-based encryption, short signature, keyword searchable encryption, attribute-based encryption, functional encryption, that use a bilinear pairing. It is important to estimate the security of such pairing-based cryptosystems in cryptography. The most essential number-theoretic problem in pairing-based cryptosystems is the discrete logarithm problem (DLP) because pairing-based cryptosystems are no longer secure once the underlining DLP is...
A signcryption scheme is secure only if it satisfies both the confidentiality and the unforgeability properties. All the ID based signcryption schemes presented in the standard model till now do not have either the confidentiality or the unforgeability or both of these properties. Cryptanalysis of some of the schemes have been proposed already. In this work, we present the security attacks on `Secure ID based signcryption in the standard model' proposed by Li-Takagi and `Further improvement...
Generalized signcryption(GSC) can adaptively work as an encryption scheme, a signature scheme or a signcryption scheme with only one algorithm. In this paper, the formal definition and security notions of multi-receiver identity-based generalized signcryption (MID-GSC) are defined. A concrete scheme is also proposed and proved to be confidential under the Bilinear Diffie-Hellman (BDH) assumption and existential unforgeable under the Computational Diffie-Hellman(CDH) assumption in the random...
To avoid the inherent key escrow problem in ID-based public key cryptosystem, Al-Riyami and Paterson introduced a new approach called certificateless public key cryptography. Recently, several short certificateless signature schemes are presented to improve the performance. In this paper, we propose an efficient short certificateless signature scheme which is secure against the super adversary. Compared with the related scheme, our scheme has the best performance in both sign algorithm and...
The Fiat-Shamir (FS) transform is a popular tool to produce particularly efficient digital signature schemes out of identification protocols. It is known that the resulting signature scheme is secure (in the random oracle model) if and only if the identification protocol is secure against passive impersonators. A similar results holds for constructing ID-based signature schemes out of ID-based identification protocols. The transformation had also been applied to identification protocols...
Certificateless cryptography eliminates the need of certificates in the PKI and solves the inherent key escrow problem in the ID-based cryptography. Recently, Du and Wen proposed a short certi¯cateless signature scheme without MapToPoint hash function, and the signature size is short enough with only half of the DSA signature. In this paper, after the detailing the formal of certificateless signature scheme, we show that the Du and Wen's short certificateless signature scheme is insecure...
A directed signature scheme allows a designated verifier to directly verify a signature issued to him, and a third party to check the signature validity with the help of the signer or the designated verifier as well. Directed signatures are applicable where the signed message is sensitive to the signature receiver. Due to its merits, directed signature schemes are suitable for applications such as bill of tax and bill of health. In this paper, we proposed an efficient identity based directed...
Recently, Chen et al. and Juang et al. each proposed one and two e-cash payment systems respectively. They claimed that their schemes are secure. However, in this paper, we will present the shortcomings of their schemes and then propose a novel one from pairings. After security analysis and comparison, we conclude that our scheme not only is more secure but also possesses more functions that a secure electronic cash system should encompass than all of the proposed protocols.
This paper presents an efficient and provable secure identity based generalized signcryption scheme based on [1] which can work as signcryption scheme, encryption scheme and signature scheme as per need. Its security is proved under the difficulty of q-BDHIP. A generalized signcryption scheme in multiple PKGs environment is also proposed.
RSA-FDH and many other schemes secure in the Random-Oracle Model (ROM) require a hash function with output size larger than standard sizes. We show that the random-oracle instantiations proposed in the literature for such cases are weaker than a random oracle, including the proposals by Bellare and Rogaway from 1993 and 1996, and the ones implicit in IEEE P1363 and PKCS standards: for instance, there is a practical $2^{30}$ preimage attack on BR93 for 1024-bit digests. Next, we study the...
Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes[12],[26] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this...
A ring signature allows a user from a set of possible signers to convince the verifier that the author of the signature belongs to the set but identity of the author is not disclosed. It protects the anonymity of a signer since the verifier knows only that the signature comes from a member of a ring, but doesn't know exactly who the signer is. This paper proposes a new ID-based ring signature scheme based on the bilinear pairings. The new scheme provides signatures with constant-size without...
In this paper, we construct a strongly unforgeable ID-based signature scheme without random oracles. The signature size of our scheme is smaller than that of other schemes based on varieties of the Diffie-Hellman problem or the discrete logarithm problem. The security of the scheme relies on the difficulty to solve three problems related to the Diffie-Hellman problem and a one-way isomorphism.
A blind signature is a cryptographic premitive in which a user can obtain a signature from the signer without revealing any information about message signature pair.Blind signatures are used in electronic payment systems, electronic voting machines etc.The anonymity can be misused by criminals by money laundering or by dubious money.To prevent these crimes, the idea of fair blind signature scheme was given by stadler et al.In fair blind signature scheme, there is a trusted third party judge...
Generalized signcryption is a new cryptographic primitive in which a signcryption scheme can work as an encryption scheme as well as a signature scheme. This paper presents an identity based generalized signcryption scheme based on bilinear pairing and discusses its security for message confidentiality non repudiation and ciphertext authentication.
Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an ``honest but curious'' server, intend to establish a common secret key (i.e., a group key) with the help of the server. In this setting, the key established is known to the clients only and no one else,...
To construct a suitable and secure proxy re-signature scheme is not an easy job, up to now, there exist only three schemes, one is proposed by Blaze et al. at EUROCRYPT 1998, and the others are proposed by Ateniese and Hohenbergerat ACM CCS 2005. However, none of these schemes is proved in the standard model (i.e., do not rely on the random oracle heuristic). In this paper, based on Waters' approach, we first propose a multi-use bidirectional proxy re-signature scheme, denoted as $S_{mb}$,...
Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of {\bf unforgeability} as claimed. More precisely, a user can forge a valid message-signature pair $(ID, msg, {\bf info'},...
The problem of generalization of (single) designated verifier schemes to several designated verifiers was proposed by Desmedt in 2003. The paper proposes eight new Identity Based Strong Bi-Designated Verifier Signature Schemes in which the two designated verifiers may not know each other. The security and the computational efficiency of the schemes are also analyzed.
In this paper, we introduce the exact concept of ID-based signature without trusted Private Key Generator (PKG), which solves the key escrow problem through binding two partially public keys with a same identity. In this scheme, PKG is prevented from forging a legal user’s signature because he only generates the partially private key. Using Gap Diffie-Hellman (GDH) groups, we construct an efficient ID-based signature scheme without trusted PKG, which security relies on the hardness of the...
We propose an interesting efficient member ID-based group signatures, i.e., verification of output from algorithm OPEN run by the group manager does not have to refer to a registration table (acting as certification list). The proposal is free of GM-frameability, i.e., secret key of member is not escrowed to GM, which is unique among all known member ID-based group signatures as far as we know. The proposal also has two distinguished extra features, one is that the group manager does not...
Provable security based on complexity theory provides an efficient way for providing the convincing evidences of security. In this paper, we present a definition of generic ID-based signature schemes (GIBSS) by extending the definition of generic signature schemes, and prove the Forking lemma for GIBSS. That is, we provide the Forking lemma for ID-based signature schemes. The theoretical result can be viewed as an extension of the Forking Lemma due to Pointcheval and Stern for ID-based...
In this paper, we propose a new ID-based blind signature scheme based on bilinear pairings from scratch (i.e. without using existing ID-based signature schemes, and without using existing computational assumptions). First, the round complexity of our ID-based blind signature scheme is optimal. Namely, each interactive signature generation requires the requesting user and the signer to transmit only one message each. Second, the proposed scheme is provably secure against generic parallel...
The paper proposes four new ID based strong designated verifier proxy signature (SDVPS) scheme. The schemes are formed by introducing proxy in ID based SDVS, ID based in SDVPS and ID based proxy in SDVS. We have also analyzed the security of the schemes and their computation aspects.
The notion of concurrent signatures was recently introduced by Chen, Kudla and Paterson. In concurrent signature schemes, two entities can produce two signatures that are not binding, until an extra piece of information (namely the keystone) is released by one of the parties. Subsequently, it was noted that the concurrent signature scheme proposed in the seminal paper cannot provide perfect ambiguity. Then, the notion of perfect concurrent signatures was introduced. In this paper, we define...
The notion of concurrent signatures was introduced by Chen, Kudla and Paterson in their seminal paper in Eurocrypt 2004. In concurrent signature schemes, two entities can produce two signatures that are not binding, until an extra piece of information (namely the keystone) is released by one of the parties. Upon release of the keystone, both signatures become binding to their true signers concurrently. In ICICS 2005, two identity-based perfect concurrent signature schemes were proposed by...
The focus of this paper is to design an efficient and secure solution addressing the key escrow problem in ID-based signature schemes, i.e., the Private Key Generator (PKG) knows the user's private key, which damages the essential requirement--``non-repudiation" property of signature schemes. In this paper, we proposed two ID-based threshold signature schemes, which both reach Girault's trusted level 3, and in which there exists only one PKG in our ID-based threshold signature schemes....
Efficient authentication is one of important security requirements in mobile ad hoc network (MANET) routing systems. The techniques of digital signatures are generally considered as the best candidates to achieve strong authentication. However, using normal digital signature schemes is too costly to MANET due to the computation overheads. Considering the feasibility of incorporating digital signatures in MANET, we incorporate the notion of online/offline signatures, where the computational...
The only known construction of ID-based ring signature schemes which maybe secure in the standard model is to attach certificates to non-ID-based ring signatures. This method leads to schemes that are somewhat inefficient and it is an open problem to find more efficient and direct constructions. In this paper, we propose two such constructions. Our first scheme, with signature size linear in the cardinality of the ring, is secure in the standard model under the computational Diffie-Hellman...
Signature schemes with message recovery have been wildly investigated a decade ago in the literature, but the first ID-based signature with message recovery goes out into the world until 2005. In this paper, we first point out and revise one little but important problem which occurs in the previous ID-based signature with message recovery scheme. Then, by completely different setting, we propose a new ID-based signature scheme with message recovery. Our scheme is much more efficient than the...
This paper proposes a new ID-based proxy signature scheme based on the bilinear pairings. The number of paring operation involved in the verification procedure of our scheme is only one, so our scheme is more efficient comparatively. The new scheme can be proved secure with the hardness assumption of the k-Bilinear Diffie-Hellman Inverse problem, in the random oracle model.
In this paper, we propose an efficient ID-based signature scheme based on pairing. The number of paring operation involved in the verification procedure is one. Our scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the hardness assumption of computational Diffie-Hellman problem, in the random oracle model.
Identity-based (simply ID-based) cryptosystem was proposed in order to simplify key management procedures of certificate-based public key infrastructures. In 2003 Sakai and Kasahara proposed a new ID-based encryption scheme (SK-IBE). In our paper, it is intended to build a new ID-based signature (IBS) scheme which shares the same system parameters with SK-IBE. SK-IBE and our signature scheme yield a new complete ID-based public key cryptosystem. The proposed signature scheme is provably...
Recently, a number of ID-based two-party authenticated key agreement protocols which make of bilinear pairings have been proposed \cite {CJL,MB,Sh,S,X}. In this paper, we show that the Xie's protocol \cite {X} does not provide implicit key authentication and key-compromise impersonation resilience. Also, we point out the vulnerability of the Choi {\it et al}'s protocol \cite {CJL} against signature forgery attacks.
Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, numerous ID-based signature schemes have been proposed. In 2001, Rivest et al. introduced ring signature that provides irrevocable signer anonymity and spontaneous group formation. In recent years, ID-based ring signature schemes have been proposed and all of them are based on bilinear pairings. In this paper, we propose the first ID-based threshold ring signature scheme that is not based on bilinear...
Restrictive blind signatures allow a recipient to receive a blind signature on a message not known to the signer but the choice of message is restricted and must conform to certain rules. Partially blind signatures allow a signer to explicitly include necessary information (expiration date, collateral conditions, or whatever) in the resulting signatures under some agreement with receiver. Restrictive partially blind signatures incorporate the advantages of these two blind signatures. The...
A new type of signature is presented in this paper, named adaptable group-oriented signature. In contrast with traditional group-oriented signature, the new one laid a strong emphasis on how to improve the signer¡¯s efficiency. In fact, this new type of group-oriented signature can be seen as a type of designated verifier signature. In contrast with the ordinary designated verifier signature, it does not designate one member but several members to independently verify the signature. The...
We propose a dynamic accumulator scheme from bilinear pairings, whose security is based on the Strong Diffie-Hellman assumption. We show applications of this accumulator in constructing an identity-based (ID-based) ring signature scheme with constant-size signatures and its interactive counterpart, and providing membership revocation to group signature, traceable signature and identity escrow schemes and anonymous credential systems. The ID-based ring signature scheme and the group signature...
ID-based cryptosystem has been, for a few years, the most active area of research and currently is of great interest to the cryptographic society. In this work we survey three fundamental ID-based cryptographic primitives Digital Signature, Encryption and Key Agreement, which are based on the mathematical concepts Integer Factorization, Quadratic Residues and Bilinear Pairings. We review several schemes along with their efficiency and security considerations. The survey helps in...
In a distributed ring signature scheme, a subset of users cooperate to compute a distributed anonymous signature on a message, on behalf of a family of possible signing subsets. The receiver can verify that the signature comes from a subset of the ring, but he cannot know which subset has actually signed. In this work we use the concept of dual access structures to construct a distributed ring signature scheme which works with general families of possible signing subsets. The length of...
Identity-based (ID-based) cryptosystems eliminate the need for validity checking of the certificates and the need for registering for a certificate before getting the public key. These two features are desirable especially for the efficiency and the real spontaneity of ring signature, where a user can anonymously sign a message on behalf of a group of spontaneously conscripted users including the actual signer. In this paper, we propose a novel construction of ID-based ring signature which...
In identity-based (ID-based) cryptosystems, a local registration authority (LRA) is responsible for authentication of users while the key generation center (KGC) is responsible for computing and sending the private keys to users and therefore, a secure channel is required. For privacy-oriented applications, it is important to keep in secret whether the private key corresponding to a certain identity has been requested. All of the existing ID-based key issuing schemes have not addressed this...
Previous designated confirmer signature schemes were less efficient because complex zero-knowledge proof employed in confirmation and disavowal protocol. In this paper, we propose a new efficient signature scheme which is recipient-specific and confirmer-specific. The new scheme is transformed from ID-based chameleon signature and inherits its advantage in simplicity and efficiency. The scheme's security relies on the underlying secure chameleon signature and public key encryption scheme. We...
Identity-based (ID-based) public key cryptosystem can be a good alternative for certificate-based public key setting, especially when efficient key management and moderate security are required. In a $(t,n)$ threshold proxy signature scheme, the original signer delegates the power of signing messages to a designated proxy group of $n$ members. Any $t$ or more proxy signers of the group can cooperatively issue a proxy signature on behalf of the original signer, but $t-1$ or less proxy signers...
Identity-based (ID-based) public key cryptosystem can be a good alternative for certificate-based public key setting, especially when efficient key management and moderate security are required. A proxy signature scheme permits an entity to delegate its signing rights to another entity. But to date, no ID-based proxy signature schemes with provable security have been proposed. In this paper, we formalize a notion of security for ID-based proxy signature schemes and propose a scheme based on...
n 2001, Rivest et al. firstly introduced the concept of ring signatures. A ring signature is a simplified group signature without any manager. It protects the anonymity of a signer. The first scheme proposed by Rivest et al. was based on RSA cryptosystem and certificate based public key setting. The first ring signature scheme based on DLP was proposed by Abe, Ohkubo, and Suzuki. Their scheme is also based on the general certificate-based public key setting too. In 2002, Zhang and Kim...
In threshold ring signature schemes, any group of $t$ entities spontaneously conscripting arbitrarily $n-t$ entities to generate a publicly verifiable $t$-out-of-$n$ signature on behalf of the whole group, yet the actual signers remain anonymous. The spontaneity of these schemes is desirable for ad-hoc groups such as mobile ad-hoc networks. In this paper, we present an identity based (ID-based) threshold ring signature scheme. The scheme is provably secure in the random oracle model and...
We present identity-based identification (resp. encryption, signature, blind signature,ring signature) from composite degree residuosity (CDR). Constructions of identifications and signatures motivated by several existing CDR-based bandwidth-efficient encryption schemes are presented. Their securities are proven equivalent to famous hard problems, in the random oracle model. Motivated by Cocks,we construct an identity-based encryption from CDR. Its security is proven equivalent to a new...
An identity (ID)-based signature scheme allows any pair of users to communicate securely and to verify each other's signatures without exchanging public key certificates. We have several ID-based signatures based on the discrete logarithm problem. While they have an advantage that the system secret can be shared by several parties through threshold schemes, they have a critical disadvantage in efficiency. To enhance the efficiency of verification, we propose a new ID-based signature scheme...
A blind signature scheme is a protocol for obtaining a digital signature from a signer, but the signer can neither learn the messages he/she sign nor the signatures the recipients obtain afterwards. Partially blind signature is a variant such that part of the message contains pre-agreed information (agreed by the signer and the signature requester) in unblinded form, while threshold blind signature distributes the signing power to a group of signers such that a signature can only be...
This paper first positively answers the previously open question of whether it was possible to obtain an optimal security reduction for an identity based signature (IBS) under a reasonable computational assumption. We revisit the Sakai-Ogishi-Kasahara IBS that was recently proven secure by Bellare, Namprempre and Neven through a general framework applying to a large family of schemes. We show that their modified SOK-IBS scheme can be viewed as a one-level instantiation of Gentry and...
This paper analyzes the modified Nyberg-Rueppel signature scheme (mNR), proving it secure in the Generic Group Model (GM). We also show that the security of the mNR signature is equivalent (in the standard model) to that of a twin signature, while achieving computational and bandwidth improvements. As a provably secure signature scheme, mNR is very efficient. We demonstrate its practical relevance by providing an application to the construction of a provably secure,...
Verifiable Pairing and its Applications. In Chae Hoon Lim and Moti Yung, editors, Information Security Applications: 5th International Workshop, WISA 2004, Jeju Island, Korea, August 23-25, 2004, Revised Selected Papers, volume 3325 of Lecture Notes in Computer Science, pp. 170-187. (http://www.springerlink.com/index/C4QB7C13NL0EY5VN) which contains an improved and generalized result of this paper.
Identity-based (ID) cryptosystems avoid the necessity of certificates to authenticate public keys in a digital communications system. This is desirable, specially for these applications which involve a large number of public keys in each execution. For example, any computation and verification of a ring signature scheme, where a user anonymously signs a message on behalf of a set of users including himself, requires to authenticate the public keys of all the members of the set. We use...
This paper proposes an ID-based authenticated two round multi-party key agreement among n parties. Several ID-based two-party and tripartite key agreement schemes were proposed recently. Our two round multi-party key agreement scheme utilizes the idea of the two-round group key exchange protocol of Burmester and Desmedt. The authenticity of the protocol is assured by a special signature scheme, so the messages carrying the information of ephemeral key can be broadcasted authentically by an...
Chameleon signatures are non-interactive signatures based on a hash-and-sign paradigm, and similar in efficiency to regular signatures. The distinguishing characteristic of chameleon signatures is that there are non-transferable, with only the designated recipient capable of asserting its validity. In this paper, we introduce a new ID-based chameleon hash function based on bilinear pairing and build the ID-based chameleon signature scheme. Compared with the conventional chameleon hashing...
Chameleon hash function is a trapdoor one-way hash function. The ID-based chameleon hash function was first introduced by Ateniese and Medeiros \cite{AM03}. As discussed by \cite{AM03}, the general advantages of ID-based cryptography over conventional cryptography with respect to key distribution are even more pronounced in a chameleon hashing scheme, because the owner of a public key does not necessarily need to retrieve the associated secret key. In this paper, we propose two new ID-based...
In this paper, we give a first example of identity based undeniable signature using pairings over elliptic curves. We extend to the identity based setting the security model for the notions of invisibility and anonymity given by Galbraith and Mao in 2003 and we prove that our scheme is existentially unforgeable under the Bilinear Diffie-Hellman assumption in the random oracle model. We also prove that it has the invisibility property under the Decisional Bilinear Diffie-Hellman assumption...
Blind signature is the concept to ensure anonymity of e-cion. Untracebility and unlinkability are two main properties of real coin, which require mimicking electronically. Proxy signature schemes allow a proxy signer to generate a proxy signature on behalf of an original signer.All the previous proxy signature schemes are based on ElGamal-type schemes.In this paper, we propose a new proxy blind signature scheme based on an ID-based signature scheme, which uses bilinear pairings of elliptic...
Motivated by privacy issues associated with dissemination of signed digital certificates, we define a new type of signature scheme called a ‘Universal Designated-Verifier Signature’ (UDVS). A UDVS scheme can function as a standard publicly-verifiable digital signature but has additional functionality which allows any holder of a signature (not necessarily the signer) to designate the signature to any desired designated-verifier (using the verifier’s public key). Given the...
Chameleon signatures are non-interactive signatures based on a hash-and-sign para\-digm, and similar in efficiency to regular signatures. The distinguishing characteristic of chameleon signatures is that their are non-transferable, with only the designated recipient capable of asserting its validity. In this paper, we introduce the first identity-based chameleon hash function. The general advantages of identity-based cryptography over conventional schemes relative to key distribution are...
A combined Identity-Based Signature/Encryption system with multiple security properties is presented. The scheme allows Alice to sign a message and encrypt it for Bob ("confidentiality") in such a way that the ciphertext does not reveal anything about their identities ("anonymity"); upon receipt, Bob is convinced that he is Alice's intended addressee ("authentication") but is unable to prove this to a third party ("unlinkability"); nevertheless, the decrypted message bears a signature by...
This paper proposes a new identity based tripartite key agreement protocol which is more efficient than the existing ID-based tripartite protocol. This protocol is based on the Joux's protocol for key agreement, and introduces signature along with key agreement to overcome man-in-the-middle attacks and to provide authentication. The new protocol resists existential forgeries against adaptively chosen message attacks under the random oracle model.
At the fourth ACM conference on electronic commerce (EC'03), S. Han, K.Y. Yeung and J. Wang proposed an ID-based confirmer signature scheme using pairings (actually, this is an ID-based undeniable signature scheme). However, in this paper, we will show that this signature scheme is not secure. The signer can deny any signature, even this signature is his valid signature and any one can forge a valid confirmer signature of a signer with identity ID on an arbitrary message and confirm this...
We argue that traditional ID-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we propose new ID-based public key systems without trustful KGC from bilinear pairings. In our new ID-based systems, if dishonest KGC impersonates an honest user to communicate with others, the user can provide a proof of treachery of the KGC afterwards, which is similar to CA-based systems. Furthermore, we propose a group signature...
In this paper, we show that the Nalla-Reddy's one round ID-based tripartite authenticated key agreement protocols are still insecure against the man-in-the-middle attacks. We also break the Nalla's ID-based tripartite authenticated key agreement protocol with signatures.
Proxy signatures are very useful tools when one needs to delegate his/her signing capability to other party. After Mambo $et\ al.$'s first scheme was announced, many proxy signature schemes and various types of proxy signature schemes have been proposed. Due to the various applications of the bilinear pairings in cryptography, there are many ID-based signature schemes have been proposed. In this paper, we address that it is easy to design proxy signature and proxy blind signature from the...
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-then-encryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme...
The pairings on elliptic curves have been applied for realizing the secure ID based cryptosystems that can be invulnerable to the collusion attacks. The computation of the pairing are necessary for the cryptosystems, though the computation of the pairing requires high cost compared with the computation cost for the power operation over the finite fields or on the elliptic curve when the parameters are securely to be provided. In this paper we propose an efficient method for a class of ID...
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-then-encryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme...
With positive applications of Weil pairing (Tate pairing) to cryptography, ID-based encryption schemes, digital signature schemes, blind signature scheme, two-party authenticated key agreement schemes, and tripartite key agreement scheme were proposed recently, all of them using bilinear pairing (Weil or Tate pairing). In this paper, we propose an ID-based one round authenticated tripartite key agreement protocol. The authenticity of the protocol is assured by a special signature scheme,...
This paper describes how any Identity Based Signature schemes can be used to implement a Group Signature scheme. The performance of the generated Group Signature scheme is similar to the performance of the underlying ID-based Signature scheme. This makes our proposal very attractive since most of existing group signature schemes that have been proposed so far are grossly inefficient. In contrast, ID-based signature schemes can be very efficient especially if they use elliptic curves and pairing.
We present hierarchical identity-based encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear Diffie-Hellman problem.
In this paper we propose a universal forgery attack of Hess's second ID-based signature scheme against the known-message attack.
In this paper we propose an identity(ID)-based signature scheme using gap Diffie-Hellman (GDH) groups. Our scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model. Using GDH groups obtained from bilinear pairings, as a special case of our scheme, we obtain an ID-based signature scheme that shares the same system parameters and the same private/public key pairs with the ID-based encryption scheme (BF-IBE) by Boneh and...
We present an efficient identity-based signature scheme which makes use of bilinear pairings on elliptic curves. Our scheme is similar to the generalized ElGamal signature scheme. We consider the security of our scheme.