A Lightweight Certificate-Based Aggregate Signature Scheme Providing Key Insulation

Recently,with the advancement of Information and Communications Technology(ICT),Internet of Things(IoT)has been connected to the cloud and used in industrial sectors,medical environments,and smart grids.However,if data is transmitted in plain text when collecting data in an IoTcloud environment,it can be exposed to various security threats such as replay attacks and data forgery.Thus,digital signatures are required.Data integrity is ensured when a user(or a device)transmits data using a signature.In addition,the concept of data aggregation is important to efficiently collect data transmitted from multiple users(or a devices)in an industrial IoT environment.However,signatures based on pairing during aggregation compromise efficiency as the number of signatories increases.Aggregate signature methods(e.g.,identity-based and certificateless cryptography)have been studied.Both methods pose key escrow and key distribution problems.In order to solve these problems,the use of aggregate signatures in certificate-based cryptography is being studied,and studies to satisfy the prevention of forgery of signatures and other security problems are being conducted.In this paper,we propose a new lightweight signature scheme that uses a certificate-based aggregate signature and can generate and verify signed messages from IoT devices in an IoT-cloud environment.In this proposed method,by providing key insulation,security threats that occur when keys are exposed due to physical attacks such as side channels can be solved.This can be applied to create an environment in which data is collected safely and efficiently in IoT-cloud is environments.

An Efficient Certificateless Aggregate Signature Scheme Designed for VANET

The Vehicular Ad-hoc Network(VANET)is the fundamental of smart transportation system in the future,but the security of the communication between vehicles and vehicles,between vehicles and roadside infrastructures have become increasingly prominent.Certificateless aggregate signature protocol is used to address this security issue,but the existing schemes still have many drawbacks in terms of security and efficiency:First,many schemes are not secure,and signatures can be forged by the attacker;Second,even if some scheme are secure,many schemes use a large number of bilinear pairing operation,and the computation overhead is large.At the same time,the length of the aggregated signature also increases linearly with the increase of user numbers,resulting in a large communication overhead.In order to overcome the above challenges,we propose a new certificateless aggregate signature scheme for VANET,and prove the security of the scheme under the random oracle model.The new scheme uses pseudonym to realize the conditional privacy protection of the vehicle’s information.The new scheme does not use bilinear pairing operation,and the calculation efficiency is high.At the same time,the length of the aggregate signature of the new scheme is constant,thereby greatly reducing the communication and storage overhead.The analysis results demonstrate that the new scheme is not only safer,but also superior in performance to the recent related schemes in computation overhead and communication cost.

Trusted Blockchain Oracle Scheme Based on Aggregate Signature

With the development of blockchain technology, more and more applications need out-of-chain data. Thus, blockchain oracles have become an important bridge for transferring data on and off the chain. This paper studies the mainstream blockchain oracles scheme, summarizes the shortcomings of the existing schemes and proposes a new blockchain oracle scheme based on BLS (Bohen-Lynn-Shacham) aggregation signature to ensure that off-chain data can be transferred into the blockchain in a trusted and reliable way. Specifically, the scheme uses multiple blockchain oracles to avoid the single point of failure or even a small number of malicious oracles, and improve the credibility of data. At the same time, it not only uses BLS aggregate signature to reduce the storage cost and communication overhead, but also uses commitment mechanisms to ensure the reliability and authenticity of the data. Besides, the simulation results show that the scheme can meet the practical application requirements.

Code-based Sequential Aggregate Signature Scheme

This paper proposes the first code-based quantum immune sequential aggregate signature(SAS)scheme and proves the security of the proposed scheme in the random oracle model.Aggregate signature(AS)schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively,and all the signatures of those users on those messages can be aggregated into a single signature such that the size of the aggregate signature is much smaller than the total size of all individual signatures.Because of the aggregation of many signatures into a single short signature,AS and SAS schemes can reduce bandwidth and save storage;moreover,when a SAS is verified,not only the valid but also the order in which each signer signed can be verified.AS and SAS schemes can be applied to traffic control,banking transaction and military applications.Most of the existing AS and SAS schemes are based either on pairing or Rivest-Shamir-Adleman(RSA),and hence,can be broken by Shor’s quantum algorithm for Integer Factoring Problem(IFP)and Discrete Logarithm Problem(DLP).There are no quantum algorithms to solve syndrome decoding problems.Hence,code-based cryptography is seen as one of the promising candidates for post-quantum cryptography.This paper shows how to construct quantum immune sequential aggregate signatures based on coding theory.Specifically,we construct our scheme with the first code based signature scheme proposed by Courtois,Finiasz and Sendrier(CFS).Compared to the CFS signature scheme without aggregation,the proposed sequential aggregate signature scheme can save about 90%storage when the number of signers is asymptotically large.

APPLICATION OF ID-BASED AGGREGATE SIGNATURE IN MANETS

Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (MANETs) very much. Jumin Song, et al. presented an ID-based aggregate signature, applied it to MANETs and proposed a secure routing scheme. In this work, we analyze Jumin Song, et al.’s aggregate signature scheme and find some limitations on its batch verification. In addition, in this work, we apply Craig Gentry, et al.’s ID-based aggregate signature to on-demand routing pro-tocol to present a secure routing scheme. Our scheme not only provides sound authentication and a secure routing protocol in ad hoc networks, but also meets the nature of MANETs.

EIAS:An Efficient Identity-Based Aggregate Signature Scheme for WSNs Against Coalition Attack

Wireless sensor networks(WSNs)are the major contributors to big data acquisition.The authenticity and integrity of the data are two most important basic requirements for various services based on big data.Data aggregation is a promising method to decrease operation cost for resource-constrained WSNs.However,the process of data acquisitions in WSNs are in open environments,data aggregation is vulnerable to more special security attacks with hiding feature and subjective fraudulence,such as coalition attack.Aimed to provide data authenticity and integrity protection for WSNs,an efficient and secure identity-based aggregate signature scheme(EIAS)is proposed in this paper.Rigorous security proof shows that our proposed scheme can be secure against all kinds of attacks.The performance comparisons shows EIAS has clear advantages in term of computation cost and communication cost when compared with similar data aggregation scheme for WSNs.

Design of improved PBFT algorithm based on aggregate signature and node reputation

The alliance chain system is a distributed ledger system based on blockchain technology,which can realize data sharing and collaboration among multiple parties while ensuring data security and reliability.The Practical Byzantine Fault Tolerance(PBFT)consensus algorithm is the most popular consensus protocol in the alliance chain,but the algorithm has problems such as high complexity and too simple election of the master node,which will make PBFT unable to be applied in scenarios with too many nodes.At the same time,there are certain security issues.In order to solve these problems,this paper proposes an improved Byzantine consensus algorithm,Polymerization Signature and Reputation Value PBFT(P-V PBFT).Firstly,the consistency protocol process is improved based on the aggregate signature technology.The simulation results show that the P-V PBFT algorithm can effectively reduce the overhead of network transmission,and the time complexity of the algorithm decreases exponentially,which improves the efficiency of the consensus process.Secondly,the node reputation election mechanism is introduced to elect the primary node,and the security analysis is carried out to verify the fairness and security of the primary node election of the P-V PBFT algorithm.Therefore,as a feasible improvement of the blockchain consensus protocol,the P-V PBFT algorithm can provide more efficient and secure guarantee for the blockchain system in practical application.

Attack on an Efficient Certificateless Aggregate Signature without Pairing

A Certificateless Aggregate Signature(CLAS) scheme was proposed by Qu and Mu recently, which was published in "Int J. Electronic Security and Digital Forensics, 2018, 10(2)". They used discrete logarithm to ensure the scheme's security. However,we show by formulating an attack that their CLAS scheme cannot defend against Type I adversary. Furthermore, we point out an error that exists in the signature simulation of their security proof.After that we give a correct signature simulation for the security proof. Finally, to resist the Type I attack, we present two methods for improving Qu et al's CLAS scheme. Moreover, the second improving method can elevate the trust level of Qu et al's CLAS scheme to the highest trust level: Level 3.

A Verifiable Credentials System with Privacy-Preserving Based on Blockchain

Decentralized identity authentication is generally based on blockchain, with the protection of user privacy as the core appeal. But traditional decentralized credential system requires users to show all the information of the entire credential to the verifier, resulting in unnecessary overexposure of personal information. From the perspective of user privacy, this paper proposed a verifiable credential scheme with selective disclosure based on BLS (Bohen- Lynn-Shacham) aggregate signature. Instead of signing the credentials, we sign the claims in the credentials. When the user needs to present the credential to verifier, the user can select a part of but not all claims to be presented. To reduce the number of signatures of claims after selective disclosure, BLS aggregate signature is achieved to aggregate signatures of claims into one signature. In addition, our scheme also supports the aggregation of credentials from different users. As a result, verifier only needs to verify one signature in the credential to achieve the purpose of batch verification of credentials. We analyze the security of our aggregate signature scheme, which can effectively resist aggregate signature forgery attack and credential theft attack. The simulation results show that our selective disclosure scheme based on BLS aggregate signature is acceptable in terms of verification efficiency, and can reduce the storage cost and communication overhead. As a result, our scheme is suitable for blockchain, which is strict on bandwidth and storage overhead.

Consensus algorithm for medical data storage and sharing based on master–slave multi-chain of alliance chain

The safe storage and sharing of medical data have promoted the development of the public medical field.At the same time,blockchain technology guarantees the safe storage and sharing of medical data.However,the consensus algorithm in the current medical blockchain cannot meet the requirements of low delay and high throughput in the large-scale network,and the identity of the primary node is exposed and vulnerable to attack.Therefore,this paper proposes an efficient consensus algorithm for medical data storage and sharing based on a master–slave multi-chain of alliance chain(ECA_MDSS).Firstly,institutional nodes in the healthcare alliance chain are clustered according to geographical location and medical system structure to form a multi-zones network.The system adopts master–slave multi-chain architecture to ensure security,and each zone processes transactions in parallel to improve consensus efficiency.Secondly,the aggregation signature is used to improve the practical Byzantine fault-tolerant(PBFT)consensus to reduce the communication interaction of consensus in each zone.Finally,an efficient ring signature is used to ensure the anonymity and privacy of the primary node in each zone and to prevent adaptive attacks.Meanwhile,a trust model is introduced to evaluate the trust degree of the node to reduce the evil done by malicious nodes.The experimental results show that ECA_MDSS can effectively reduce communication overhead and consensus delay,improve transaction throughput,and enhance system scalability.

NaEPASC:a novel and efficient public auditing scheme for cloud data

Cloud computing is deemed the next-generation information technology(IT) platform, in which a data center is crucial for providing a large amount of computing and storage resources for various service applications with high quality guaranteed. However, cloud users no longer possess their data in a local data storage infrastructure,which would result in auditing for the integrity of outsourced data being a challenging problem, especially for users with constrained computing resources. Therefore, how to help the users complete the verification of the integrity of the outsourced data has become a key issue. Public verification is a critical technique to solve this problem, from which the users can resort to a third-party auditor(TPA) to check the integrity of outsourced data. Moreover,an identity-based(ID-based) public key cryptosystem would be an efficient key management scheme for certificatebased public key setting. In this paper, we combine ID-based aggregate signature and public verification to construct the protocol of provable data integrity. With the proposed mechanism, the TPA not only verifies the integrity of outsourced data on behalf of cloud users, but also alleviates the burden of checking tasks with the help of users' identity. Compared to previous research, the proposed scheme greatly reduces the time of auditing a single task on the TPA side. Security analysis and performance evaluation results show the high efficiency and security of the proposed scheme.

Authentication scheme for industrial Internet of things based on DAG blockchain

Internet of things(IoT) can provide the function of product traceability for industrial systems. Emerging blockchain technology can solve the problem that the current industrial Internet of things(IIoT) system lacks unified product data sharing services. Blockchain technology based on the directed acyclic graph(DAG) structure is more suitable for high concurrency environments. But due to its distributed architecture foundation, direct storage of product data will cause authentication problems in data management. In response, IIoT based on DAG blockchain is proposed in this paper, which can provide efficient data management for product data stored on DAG blockchain, and an authentication scheme suitable for this structure is given. The security of the scheme is based on a discrete-logarithm-based assumption put forth by Lysyanskaya, Rivest, Sahai and Wolf(LRSW) who also show that it holds for generic groups. The sequential aggregation signature scheme is more secure and efficient, and the new scheme is safe in theory and it is more efficient in engineering.

Adrestus:Secure,scalable blockchain technology in a decentralized ledger via zones

Nowadays,an increasing number of blockchain architectures provide well-promising protocols for pseudonymous online payments via proposed cryptocurrencies.Most of them suffer from a number of extensibility and scalability issues,as their capacity regarding the number of transactions they are capable of processing per second is limited.Security is also a challenge for this kind of architectures.This paper presents the design and implementation of the Adrestus system,a blockchain-based transaction system with a novel consensus mechanism that is able to tolerate Byzantine faults and is designed to scale without compromising system security.One of the main components of the Adrestus design is a consistent hashing mechanism for the efficient assignment of transactions on parallel regions,called zones,and for solving load balancing problems.We claim that the Adrestus blockchain system scales linearly without compromising system security and achieves its goals without introducing the unnecessary overhead and by eliminating energy and computational waste.Preliminary theoretical simulations and results reflect that Adrestus exceeds the average throughput of the most well-known cryptocurrencies like Bitcoin,and thus,it achieves a higher performance.In this paper,we present this proposed approach along with simulation results and examine the conditions for the proposed fault-tolerant system to meet safety and liveness.