The Industrial Internet of Things(IIoT)consists of massive devices in different management domains,and the lack of trust among cross-domain entities leads to risks of data security and privacy leakage during informati...The Industrial Internet of Things(IIoT)consists of massive devices in different management domains,and the lack of trust among cross-domain entities leads to risks of data security and privacy leakage during information exchange.To address the above challenges,a viable solution that combines Certificateless Public Key Cryptography(CL-PKC)with blockchain technology can be utilized.However,as many existing schemes rely on a single Key Generation Center(KGC),they are prone to problems such as single points of failure and high computational overhead.In this case,this paper proposes a novel blockchain-based certificateless cross-domain authentication scheme,that integrates the threshold secret sharing mechanism without a trusted center,meanwhile,adopts blockchain technology to enable cross-domain entities to authenticate with each other and to negotiate session keys securely.This scheme also supports the dynamic joining and removing of multiple KGCs,ensuring secure and efficient cross-domain authentication and key negotiation.Comparative analysiswith other protocols demonstrates that the proposed cross-domain authentication protocol can achieve high security with relatively lowcomputational overhead.Moreover,this paper evaluates the scheme based on Hyperledger Fabric blockchain environment and simulates the performance of the certificateless scheme under different threshold parameters,and the simulation results show that the scheme has high performance.展开更多
The carbon tradingmarket can promote“carbon peaking”and“carbon neutrality”at low cost,but carbon emission quotas face attacks such as data forgery,tampering,counterfeiting,and replay in the electricity trading mar...The carbon tradingmarket can promote“carbon peaking”and“carbon neutrality”at low cost,but carbon emission quotas face attacks such as data forgery,tampering,counterfeiting,and replay in the electricity trading market.Certificateless signatures are a new cryptographic technology that can address traditional cryptography’s general essential certificate requirements and avoid the problem of crucial escrowbased on identity cryptography.However,most certificateless signatures still suffer fromvarious security flaws.We present a secure and efficient certificateless signing scheme by examining the security of existing certificateless signature schemes.To ensure the integrity and verifiability of electricity carbon quota trading,we propose an electricity carbon quota trading scheme based on a certificateless signature and blockchain.Our scheme utilizes certificateless signatures to ensure the validity and nonrepudiation of transactions and adopts blockchain technology to achieve immutability and traceability in electricity carbon quota transactions.In addition,validating electricity carbon quota transactions does not require time-consuming bilinear pairing operations.The results of the analysis indicate that our scheme meets existential unforgeability under adaptive selective message attacks,offers conditional identity privacy protection,resists replay attacks,and demonstrates high computing and communication performance.展开更多
Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
Certificateless public key cryptography is a new paradigm introduced by Al-Riyami and Paterson.It eliminates the need of the certificates in traditional public key cryptosystems and the key escrow problem in IDentity-...Certificateless public key cryptography is a new paradigm introduced by Al-Riyami and Paterson.It eliminates the need of the certificates in traditional public key cryptosystems and the key escrow problem in IDentity-based Public Key Cryptography(ID-PKC).Due to the advantages of the certificateless public key cryptography,a new efficient certificateless pairing-based signature scheme is presented,which has some advantages over previous constructions in computational cost.Based on this new signature scheme,a certificateless blind signature scheme is proposed.The security of our schemes is proven based on the hardness of computational Diffie-Hellman problem.展开更多
In ubiquitous computing, data should be able to be accessed from any location, and the correctness of data becomes vital during the communication. Suppose that many users sign different messages respectively, before f...In ubiquitous computing, data should be able to be accessed from any location, and the correctness of data becomes vital during the communication. Suppose that many users sign different messages respectively, before forwarding or sending these messages, then the verifier must spend a lot of computing time to verify their signatures. Consequently, the aggregate signature scheme is an effective method of improving efficiency in this kind of systems, which provides the convenience for the verifier. In this paper, we propose a new certificateless aggregate signature scheme which is efficient in generating a signature and verification. This scheme is provably secure under the extended computational Diffie-Hellman assumption.展开更多
In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. M...Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Many certificateless public key encryption and signature schemes have been proposed. However, the key agreement in CL-PKE is seldom discussed. In this paper, we present a new certificateless two party authentication key agreement protocol and prove its security attributes. Compared with the existing protocol, our protocol is more efficient.展开更多
Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inhere...Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inherent key escrow problem.In this paper a new certificateless ring signcryption scheme from pairings is presented.It is escrow free in that no KGC is able to decrypt ciphertexts itself.We then formally prove the security of the new scheme in the random oracle model IND-CCA2 and EUF-CMA.展开更多
Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes ...Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.展开更多
Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present ...Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.展开更多
Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to enc...Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.展开更多
Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
The Vehicular Ad-hoc Network(VANET)is the fundamental of smart transportation system in the future,but the security of the communication between vehicles and vehicles,between vehicles and roadside infrastructures have...The Vehicular Ad-hoc Network(VANET)is the fundamental of smart transportation system in the future,but the security of the communication between vehicles and vehicles,between vehicles and roadside infrastructures have become increasingly prominent.Certificateless aggregate signature protocol is used to address this security issue,but the existing schemes still have many drawbacks in terms of security and efficiency:First,many schemes are not secure,and signatures can be forged by the attacker;Second,even if some scheme are secure,many schemes use a large number of bilinear pairing operation,and the computation overhead is large.At the same time,the length of the aggregated signature also increases linearly with the increase of user numbers,resulting in a large communication overhead.In order to overcome the above challenges,we propose a new certificateless aggregate signature scheme for VANET,and prove the security of the scheme under the random oracle model.The new scheme uses pseudonym to realize the conditional privacy protection of the vehicle’s information.The new scheme does not use bilinear pairing operation,and the calculation efficiency is high.At the same time,the length of the aggregate signature of the new scheme is constant,thereby greatly reducing the communication and storage overhead.The analysis results demonstrate that the new scheme is not only safer,but also superior in performance to the recent related schemes in computation overhead and communication cost.展开更多
Digital signature,as an important cryptographic primitive,has been widely used in many application scenarios,such as e-commerce,authentication,cloud computing,and so on.Certificateless Public Key Cryptography(PKC)can ...Digital signature,as an important cryptographic primitive,has been widely used in many application scenarios,such as e-commerce,authentication,cloud computing,and so on.Certificateless Public Key Cryptography(PKC)can get rid of the certificate management problem in the traditional Public Key Infrastructure(PKI)and eliminate the key-escrow problem in the identity-based PKC.Lately,a new Certificateless Signature(CLS)scheme has been proposed by Kyung-Ah Shim(IEEE SYSTEMS JOURNAL,2018,13(2)),which claimed to achieve provable security in the standard model.Unfortunately,we present a concrete attack to demonstrate that the scheme cannot defend against the Type I adversary.In this type of attack,the adversary can replace the public key of the signer,and then he plays the role of the signer to forge a legal certificateless signature on any message.Furthermore,we give an improved CLS scheme to resist such an attack.In terms of the efficiency and the signature length,the improved CLS is preferable to the original scheme and some recently proposed CLS schemes in the case of precomputation.展开更多
Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unn...Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-relatedprocesses to attain more profits. However, such IoT based smart industriesneed internet connectivity and interoperability which makes them susceptibleto numerous cyber-attacks due to the scarcity of computational resourcesof IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoTenvironment. In this paper, we propose a hyperelliptic curve cryptography(HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with theaim of improving security while lowering computational and communicationoverhead in IIoT environment. HECC with 80-bit smaller key and parameterssizes offers similar security as elliptic curve cryptography (ECC) with 160-bitlong key and parameters sizes. We assessed the IIoT-CS scheme security byapplying formal and informal security evaluation techniques. We used Realor Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formalsecurity analysis and proved that the IIoT-CS scheme provides resistance tovarious attacks. Our proposed IIoT-CS scheme is relatively less expensivecompared to the current state-of-the-art in terms of computational cost andcommunication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively, compared to the most recent protocol.展开更多
Certificateless encryption attracts a lot of attention so far by eliminating the key escrow problem in identity-based encryption and public key certificates in the traditional public key cryptography. By considering t...Certificateless encryption attracts a lot of attention so far by eliminating the key escrow problem in identity-based encryption and public key certificates in the traditional public key cryptography. By considering the threat from the key exposure, it is desirable to incorporate the idea of key-insulated cryptosystem into the certificateless encryption. In this paper, we have designed an efficient certificateless keyinsulated encryption(CL-KIE) scheme to achieve this goal. By our approach, the computational performance of our scheme has been improved significantly in terms of reduction on running time and storage. We also gave the security proof of the new CL-KIE scheme against the chosen plaintext attacks(CPAs) in the random oracle, considering the assumption of the computational Diffie-Hellman(CDH) problem.展开更多
To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signatu...To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signature scheme in this paper. Our construction is inspired by some efficient ID-based ring signature schemes, and uses bilinear pairings as a basic tool. Using a reasonable security model, the unforgeability of the proposed scheme is proven based on the intractability of the computational Diffie-Hellman (CDH) problem. The signature length of the new scheme is only |G2|+n|G1| (|Gi| is the bit length of an element in group Gi, i =1, 2). Compared with other existing certificateless ring signature schemes, the newly proposed scheme has a shorter signature length and is more efficient and practical.展开更多
Security protocols are the basis of many mobile communication systems,thus it is important to ensure protocol property correct. Using Protocol Composition Logic (PCL),this paper proves a Mobile IP (MIP) registration p...Security protocols are the basis of many mobile communication systems,thus it is important to ensure protocol property correct. Using Protocol Composition Logic (PCL),this paper proves a Mobile IP (MIP) registration protocol that is based on certificateless public key signature without pairing between home agent and foreign agent,which minimizes the registration time and cost as well as improves the security compared with the identity-based and certificate-based registration protocol. Analysis and proof shows that the proposed protocol provides users security and authentications,moreover,the anonymity property is proved correct.展开更多
Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to sce...Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.展开更多
基金supported in part by the Fundamental Research Funds for the Central Universities(Nos.3282024052,3282024058)the“Advanced and Sophisticated”Discipline Construction Project of Universities in Beijing(No.20210013Z0401).
文摘The Industrial Internet of Things(IIoT)consists of massive devices in different management domains,and the lack of trust among cross-domain entities leads to risks of data security and privacy leakage during information exchange.To address the above challenges,a viable solution that combines Certificateless Public Key Cryptography(CL-PKC)with blockchain technology can be utilized.However,as many existing schemes rely on a single Key Generation Center(KGC),they are prone to problems such as single points of failure and high computational overhead.In this case,this paper proposes a novel blockchain-based certificateless cross-domain authentication scheme,that integrates the threshold secret sharing mechanism without a trusted center,meanwhile,adopts blockchain technology to enable cross-domain entities to authenticate with each other and to negotiate session keys securely.This scheme also supports the dynamic joining and removing of multiple KGCs,ensuring secure and efficient cross-domain authentication and key negotiation.Comparative analysiswith other protocols demonstrates that the proposed cross-domain authentication protocol can achieve high security with relatively lowcomputational overhead.Moreover,this paper evaluates the scheme based on Hyperledger Fabric blockchain environment and simulates the performance of the certificateless scheme under different threshold parameters,and the simulation results show that the scheme has high performance.
基金the National Fund Project No.62172337National Natural Science Foundation of China(No.61662069)China Postdoctoral Science Foundation(No.2017M610817).
文摘The carbon tradingmarket can promote“carbon peaking”and“carbon neutrality”at low cost,but carbon emission quotas face attacks such as data forgery,tampering,counterfeiting,and replay in the electricity trading market.Certificateless signatures are a new cryptographic technology that can address traditional cryptography’s general essential certificate requirements and avoid the problem of crucial escrowbased on identity cryptography.However,most certificateless signatures still suffer fromvarious security flaws.We present a secure and efficient certificateless signing scheme by examining the security of existing certificateless signature schemes.To ensure the integrity and verifiability of electricity carbon quota trading,we propose an electricity carbon quota trading scheme based on a certificateless signature and blockchain.Our scheme utilizes certificateless signatures to ensure the validity and nonrepudiation of transactions and adopts blockchain technology to achieve immutability and traceability in electricity carbon quota transactions.In addition,validating electricity carbon quota transactions does not require time-consuming bilinear pairing operations.The results of the analysis indicate that our scheme meets existential unforgeability under adaptive selective message attacks,offers conditional identity privacy protection,resists replay attacks,and demonstrates high computing and communication performance.
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
基金the National Natural Science Foundation of China (No.60673070)the Natural Science Foundation of Jiangsu Province (No.BK2006217)the Open Project of the Key Lab. on Computer Networks and Information Security (Xidian University) of Ministry of Education of China(No.20040105)
文摘Certificateless public key cryptography is a new paradigm introduced by Al-Riyami and Paterson.It eliminates the need of the certificates in traditional public key cryptosystems and the key escrow problem in IDentity-based Public Key Cryptography(ID-PKC).Due to the advantages of the certificateless public key cryptography,a new efficient certificateless pairing-based signature scheme is presented,which has some advantages over previous constructions in computational cost.Based on this new signature scheme,a certificateless blind signature scheme is proposed.The security of our schemes is proven based on the hardness of computational Diffie-Hellman problem.
基金supported by the National Science Council under Grant No. NSC100-2221-E-005-062 and NSC 100-2221-E-468-014
文摘In ubiquitous computing, data should be able to be accessed from any location, and the correctness of data becomes vital during the communication. Suppose that many users sign different messages respectively, before forwarding or sending these messages, then the verifier must spend a lot of computing time to verify their signatures. Consequently, the aggregate signature scheme is an effective method of improving efficiency in this kind of systems, which provides the convenience for the verifier. In this paper, we propose a new certificateless aggregate signature scheme which is efficient in generating a signature and verification. This scheme is provably secure under the extended computational Diffie-Hellman assumption.
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
基金Supported by the National Natural Science Foundation of China (19501032)
文摘Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Many certificateless public key encryption and signature schemes have been proposed. However, the key agreement in CL-PKE is seldom discussed. In this paper, we present a new certificateless two party authentication key agreement protocol and prove its security attributes. Compared with the existing protocol, our protocol is more efficient.
基金supported by National Key Basic Research Program of China(973 program) under Grant No. 2011CB302903National Natural Science Foundation of China under Grant No.60873231,No.61073188+1 种基金China Postdoctoral Science Foundation under Grant No.20100471355Natural Science Foundation of Jiangsu Province under Grant No. BK2009426
文摘Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inherent key escrow problem.In this paper a new certificateless ring signcryption scheme from pairings is presented.It is escrow free in that no KGC is able to decrypt ciphertexts itself.We then formally prove the security of the new scheme in the random oracle model IND-CCA2 and EUF-CMA.
基金This research was supported by the National Science Foundation of China for Funding Projects (61173089,61472298) and National Statistical Science Program of China(2013LZ46).
文摘Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.
基金Supported by the National Natural Science Foundation of China (90204012, 60573035, 60573036) and the University IT Research Center Project of Korea
文摘Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.
基金supported by the National Natural Science Foundation of China under Grant Nos. 61772009 and U1736112the Natural Science Foundation of Jiangsu Province under Grant Nos. BK20161511 and BK20181304
文摘Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
基金This work was supported by the National Science Foundation of China(No.61872448)the Natural Science Basic Research Plan in Shanxi Province of China(No.2018JM6017).
文摘The Vehicular Ad-hoc Network(VANET)is the fundamental of smart transportation system in the future,but the security of the communication between vehicles and vehicles,between vehicles and roadside infrastructures have become increasingly prominent.Certificateless aggregate signature protocol is used to address this security issue,but the existing schemes still have many drawbacks in terms of security and efficiency:First,many schemes are not secure,and signatures can be forged by the attacker;Second,even if some scheme are secure,many schemes use a large number of bilinear pairing operation,and the computation overhead is large.At the same time,the length of the aggregated signature also increases linearly with the increase of user numbers,resulting in a large communication overhead.In order to overcome the above challenges,we propose a new certificateless aggregate signature scheme for VANET,and prove the security of the scheme under the random oracle model.The new scheme uses pseudonym to realize the conditional privacy protection of the vehicle’s information.The new scheme does not use bilinear pairing operation,and the calculation efficiency is high.At the same time,the length of the aggregate signature of the new scheme is constant,thereby greatly reducing the communication and storage overhead.The analysis results demonstrate that the new scheme is not only safer,but also superior in performance to the recent related schemes in computation overhead and communication cost.
基金The work was partially supported by the National Natural Science Foundation of China under grant Nos.61872060 and 61772292the National Key R&D Program of China under grant No.2017YFB0802000+3 种基金Key Laboratory of Financial Mathematics of Fujian Province University(Putian University)under grant Nos.JR201806 and JR201901by the Natural Science Foundation of Fujian Province under grant Nos.2019J01752 and 2020J01905by the Program for Innovative Research Team in Science and Technology in Fujian Province University under grant No.2018-049by the Educational Research Projects of Young and Middle-aged Teachers in Fujian Education Department(JAT200514).
文摘Digital signature,as an important cryptographic primitive,has been widely used in many application scenarios,such as e-commerce,authentication,cloud computing,and so on.Certificateless Public Key Cryptography(PKC)can get rid of the certificate management problem in the traditional Public Key Infrastructure(PKI)and eliminate the key-escrow problem in the identity-based PKC.Lately,a new Certificateless Signature(CLS)scheme has been proposed by Kyung-Ah Shim(IEEE SYSTEMS JOURNAL,2018,13(2)),which claimed to achieve provable security in the standard model.Unfortunately,we present a concrete attack to demonstrate that the scheme cannot defend against the Type I adversary.In this type of attack,the adversary can replace the public key of the signer,and then he plays the role of the signer to forge a legal certificateless signature on any message.Furthermore,we give an improved CLS scheme to resist such an attack.In terms of the efficiency and the signature length,the improved CLS is preferable to the original scheme and some recently proposed CLS schemes in the case of precomputation.
基金This work is supported by the University of Malaya IIRG Grant(IIRG008A-19IISSN),Ministry of Education FRGS Grant(FP055-2019A)This work was also supported by Grant System of University of Zilina No.1/2020.(Project No.7962)partially supported by the Slovak Grant Agency for Science(VEGA)under Grant Number 1/0157/21.The authors are grateful to the Taif University Researchers Supporting Project(Number TURSP-2020/36),Taif University,Taif,Saudi Arabia.
文摘Industrial internet of things (IIoT) is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing andcommunicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-relatedprocesses to attain more profits. However, such IoT based smart industriesneed internet connectivity and interoperability which makes them susceptibleto numerous cyber-attacks due to the scarcity of computational resourcesof IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoTenvironment. In this paper, we propose a hyperelliptic curve cryptography(HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with theaim of improving security while lowering computational and communicationoverhead in IIoT environment. HECC with 80-bit smaller key and parameterssizes offers similar security as elliptic curve cryptography (ECC) with 160-bitlong key and parameters sizes. We assessed the IIoT-CS scheme security byapplying formal and informal security evaluation techniques. We used Realor Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formalsecurity analysis and proved that the IIoT-CS scheme provides resistance tovarious attacks. Our proposed IIoT-CS scheme is relatively less expensivecompared to the current state-of-the-art in terms of computational cost andcommunication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively, compared to the most recent protocol.
基金in part by the National Natural Science Foundation of China under Grants No.61003230,No.61370026,No.61300191,and No.61202445
文摘Certificateless encryption attracts a lot of attention so far by eliminating the key escrow problem in identity-based encryption and public key certificates in the traditional public key cryptography. By considering the threat from the key exposure, it is desirable to incorporate the idea of key-insulated cryptosystem into the certificateless encryption. In this paper, we have designed an efficient certificateless keyinsulated encryption(CL-KIE) scheme to achieve this goal. By our approach, the computational performance of our scheme has been improved significantly in terms of reduction on running time and storage. We also gave the security proof of the new CL-KIE scheme against the chosen plaintext attacks(CPAs) in the random oracle, considering the assumption of the computational Diffie-Hellman(CDH) problem.
基金the National Natural Science Foundation of China (60673070)the Natural Science Foundation of Jiangsu Province (BK2006217)
文摘To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signature scheme in this paper. Our construction is inspired by some efficient ID-based ring signature schemes, and uses bilinear pairings as a basic tool. Using a reasonable security model, the unforgeability of the proposed scheme is proven based on the intractability of the computational Diffie-Hellman (CDH) problem. The signature length of the new scheme is only |G2|+n|G1| (|Gi| is the bit length of an element in group Gi, i =1, 2). Compared with other existing certificateless ring signature schemes, the newly proposed scheme has a shorter signature length and is more efficient and practical.
基金Supported by the National Natural Science Foundation of China (No.60572147)State Key Laboratory Specific Foundation (ISN090307)the 111 Project (B08038)
文摘Security protocols are the basis of many mobile communication systems,thus it is important to ensure protocol property correct. Using Protocol Composition Logic (PCL),this paper proves a Mobile IP (MIP) registration protocol that is based on certificateless public key signature without pairing between home agent and foreign agent,which minimizes the registration time and cost as well as improves the security compared with the identity-based and certificate-based registration protocol. Analysis and proof shows that the proposed protocol provides users security and authentications,moreover,the anonymity property is proved correct.
基金This work was supported by the National Natural Science Foundation of China(NSFC)under Grant(61902049,31960119)Joint Special Fund for Basic Research of Local Undergraduate Universities(Parts)in Yunnan Province under Grant(2018FH001-063,2018FH001-106)Dali University Innovation Team Project(ZKLX2020308).
文摘Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.