Adaptive Chosen Message Attack Research Articles

A Lattice-Based Redactable Signature Scheme using Cryptographic Accumulators for Trees

Abstract Redactable signatures allow the signature holder to remove admissible data blocks in the signed data while generating valid signatures about different redacted data without communicating with the primary signer. Now, this sort of signature has attracted widespread attention due to its many application scenarios such as electronic medical records, smart grids and XML files. However, there are rarely redactable signature schemes that can resist quantum attacks so far. In the wake of quantum calculation era, it is essential to blossom more quantum-resistant redactable signatures for different data structures. Moreover, it is popular to use accumulators to design redactable signature schemes. Unfortunately, the existing accumulators do not support tree data structures. Therefore, this paper first gives the definition of accumulator schemes for trees, and designs a lattice-based accumulator scheme for trees. Our accumulator scheme features shorter accumulator values and a faster witness generation algorithm than existing lattice trapdoor accumulators. Second, this paper resorts to approximate trapdoors and the preimage sampleable technique, and presents a lattice-based redactable signature scheme for trees using our accumulator scheme. Meanwhile, this scheme fulfills unforgeability, transparency and privacy under adaptive chosen-message attacks. Furthermore, the experiment results show that the redactable signature scheme meets actual revision requirements well.

Certificateless multi-source signcryption with lattice

Network coding can improve network transmission performance and reduce data transmission delay. However, the nodes in network are vulnerable to pollution attacks. Previous network coding schemes are based on difficult problems in number theory and cannot resist the quantum computing attacks. Hence, certificateless multi-source signcryption with lattice (LCL-MSSC) is devised for network coding, it uses common public key to verify the combination ciphertext from different source node users. Based on learning with errors and inhomogeneous small integer solution problems, LCL-MSSC is unforgeable under the adaptive chosen-message attacks and indistinguishable under the adaptive chosen-ciphertext attacks; in addition, it can resist the pollution attacks and quantum computing attacks. Efficient LCL-MSSC has broad application prospect in UAV wireless communication network, mobile wireless network, wireless sensor network or cyberspace security.

Elliptic curve threshold signature scheme for blockchain

Smart contract execution requires the triggering condition. Triggering condition of smart contract is the information outside the blockchain, and thus an oracle is required to provide the data services. For the security of user funds in on-chain aggregation model, each oracle must pay the gas fees to transmit off-chain data to the blockchain and trigger the smart contract, but this way easily causes the network congestion. In view of this, we propose an elliptic curve threshold signature scheme for blockchain (BC-ECTSS) to overcome the above issue. In the random oracle (RO) model, we detailedly show BC-ECTSS satisfies the existential unforgeability against the adaptive chosen-message attacks; in addition, it has the anonymity and its computation cost is relatively low.

A designated verifier multi-signature scheme in multi-clouds

Multi-cloud computing provides services by used different clouds simultaneously multi-signature can be used as the interactive technology between multi-cloud and users. However, the limited resources of some terminal devices make multi-signature, which based on bilinear map, is not suitable for multi-cloud computing environment. In addition, the signers are disclosure in multi-signature so there is the risk of attack. To solve this issues, this paper proposes a certificateless designated verifier multi-signature scheme based on multivariable public key cryptography (MPKC). Firstly, the formalized definition and security model of the proposed scheme are given. Secondly, it is proved that the proposed scheme is against adaptive chosen-message attacks. Finally, the analysis shows that the proposed scheme is more efficiency and suitable for multi-cloud. Moreover, the proposed scheme can hidding signature source to achieve privacy protection.

An efficient reusable attribute-based signature scheme for mobile services with multi access policies in fog computing

Fog computing is an emergent computing paradigm that supports the mobility and geographic distribution of Internet of Things (IoT) nodes and delivers context-aware applications with low latency to end-users. In fog computing, the critical obstacle restricting widespread deployment is security and privacy, especially how to build a lightweight fine-grained message authentication scheme in fog computing. In this paper, we first propose and give the formalization definition to a new variant of the attribute-based signature primitive (ABS), which we called Verifier-Policy Attribute-based Signature (VP-ABS). Distinct from the traditional ABS, in our VP-ABS primitive, the signature generated by the signer is decoupled with the access policy, which means the signer can generate a signature associated with some of his own attributes. Therefore, our VP-ABS can be reusable for multiple access policies. Then we also give a concrete VP-ABS construction over Type-3 pairing under Linear Secret Sharing Scheme (LSSS) policy which supports both AND and OR access gates. In addition, we rigorously prove our VP-ABS scheme is existentially unforgeable in the selective policy model under the adaptive chosen message attack (sP-EUF-CMA). Next, we give the feature comparison and theoretical analysis to our VP-ABS scheme as well as some other representative attribute authentication schemes to show the comprehensiveness of our scheme. To prove the correctness of the theoretical analysis and test the actual performance, we also do simulation experiments. Finally, we use our VP-ABS scheme to build an attribute-based fine-grained message authentication scheme for fog nodes in mobile microservices architecture with multiple access policies.

Certificateless Homomorphism Network Coding Signature Scheme

As an information transmission technology, network coding can reduce the transmission delay and improve the transmission efficiency with network performance. However, the nodes in network are vulnerable to the pollution and forgery attacks. Until now, most of network coding schemes are from pairing. Under the requirement of low computation complexity, we construct certificateless homomorphism network coding signature scheme (CL-HNCSS). In CL-HNCSS, certificateless technology avoids key management and key escrow for multi-source nodes, the homomorphism and scalar multiplication are used to reduce the computation cost. CL-HNCSS satisfies the unforgeability under the adaptive chosen-message attacks and can resist the pollution attacks. In addition, CL-HNCSS has very high communication and computation efficiency.

Certificateless Elliptic Curve Aggregate Signcryption Scheme

Driven by new situation of “Internet +,” Internet has achieved the integrated development with all walks of life. Among them, the fifth generation is a key technology to promote the deep integration of Internet-of-Things equipment, cloud computing, blockchain and other trades. Hence, it is necessary for IoTs to consider the cost and efficiency of authentication and confidentiality of the communication. For effectively solving the above problems, we devise certificateless elliptic curve aggregate signcryption (CL-ECASC) scheme for IoTs that can improve the authentication efficiency, realize data confidentiality, and avoid the problems of complex certificate management and key escrow. Under the hardness of discrete logarithm and computational DiffieHellman problems on elliptic curve, CL-ECASC is proved to has the IND-CCA2 security (indistinguishability under the adaptive chosen-ciphertext attacks) and UF-CMA security (existentially unforgeable under the adaptive chosen-message attacks). CL-ECASC has relatively faster computation efficiency and lower communication cost, and so it is suitable for secure transmission of the information in the previously mentioned environments.

Identity-Based Designated-Verifier Proxy Signature Scheme with Information Recovery in Telemedicine System

With the promotion of Remote Medical Treatment, the sharing of big telemedicine data becomes more and more popular. Telemedicine based on wireless sensor networks collects blood pressure, pH value, pulse, and other medical information from the telemedicine healthcare terminal. The medical information is sent to the hospital or medical server for processing. The security protection of patient medical data, such as confidentiality and authenticity, has gradually become a critical problem to be solved in the development of cloud medical service platform. A provably secure identity-based designated-verifier proxy signature scheme with information recovery for cloud medical diagnosis network is proposed. The scheme is on the basis of computational Diffie-Hellman difficult problem and existential unforgeable against adaptive chosen message attacks in the random oracle model. The performance analysis shows that the scheme is appropriate to the remote medical diagnosis system.

ECCHSC: Computationally and Bandwidth Efficient ECC-Based Hybrid Signcryption Protocol for Secure Heterogeneous Vehicle-to-Infrastructure Communications

Vehicular ad hoc networks (VANETs), an application of the Internet of Things (IoT) providing a better intelligent transportation system (ITS), has received substantial attention from both industry and academia. Heterogeneous vehicular communications in VANETs occur when both vehicles and the infrastructure use different cryptographic technologies to exchange safety messages. However, the safety messages between vehicles and the infrastructure are communicated wirelessly; therefore, security issues are a serious concern in this domain. The existing schemes secure the transmission of safety messages with respect to confidentiality, authentication, and nonrepudiation. However, they are inappropriate with respect to efficiency. They cause computational overhead on the receiver and bandwidth overhead in the communications. To cope with this, we propose an elliptic curve cryptosystem-based hybrid signcryption (ECCHSC) protocol that satisfies the security requirements (i.e., message confidentiality, message’s source authentication, message integrity, nonrepudiation, and identity–anonymity) for heterogeneous vehicle-to-infrastructure (V2I) communications in a single logical step. This protocol allows secure transmission of a safety message from a vehicle using identity-based cryptography (IDC) to a roadside unit (RSU) using public-key infrastructure (PKI). In addition, the ECCHSC protocol enables the RSU to receive multiple ciphertexts, aggregate them, and de-signcrypt them simultaneously through the batch de-signcryption method, which further improves the performance. The ECCHSC protocol has indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptive chosen message attacks (EUF-CMAs) in the random oracle model (ROM). The performance analysis of our protocol demonstrates a significant reduction in computational overhead and in communication/storage overhead as compared to the state-of-the-art schemes.

A Secure Pseudonym-Based Conditional Privacy-Preservation Authentication Scheme in Vehicular Ad Hoc Networks.

Existing identity-based schemes utilized in Vehicular Ad hoc Networks (VANETs) rely on roadside units to offer conditional privacy-preservation authentication and are vulnerable to insider attacks. Achieving rapid message signing and verification for authentication is challenging due to complex operations, such as bilinear pairs. This paper proposes a secure pseudonym-based conditional privacy-persevering authentication scheme for communication security in VANETs. The Elliptic Curve Cryptography (ECC) and secure hash cryptographic function were used in the proposed scheme for signing and verifying messages. After a vehicle receives a significant amount of pseudo-IDs and the corresponding signature key from the Trusted Authority (TA), it uses them to sign a message during the broadcasting process. Thus, the proposed scheme requires each vehicle to check all the broadcasting messages received. Besides, in the proposed scheme, the TA can revoke misbehaving vehicles from continuously broadcasting signed messages, thus preventing insider attacks. The security analysis proved that the proposed scheme fulfilled the security requirements, including identity privacy-preservation, message integrity and authenticity, unlinkability, and traceability. The proposed scheme also withstood common security attacks such as man-in-the-middle, impersonation, modification, and replay attacks. Besides, our scheme was resistant against an adaptive chosen-message attack under the random oracle model. Furthermore, our scheme did not employ bilinear pairing operations; therefore, the performance analysis and comparison showed a lower resulting overhead than other identity-based schemes. The computation costs of the message signing, individual signature authentication, and batch signature authentication were reduced by 49%, 33.3%, and 90.2%, respectively.

Password-Guessing Attack-Aware Authentication Scheme Based on Chinese Remainder Theorem for 5G-Enabled Vehicular Networks

The new fifth-generation (5G) cellular networks dramatically improve the speed of message transmissions. Most existing authentication schemes that secure 5G communication rely heavily on the vehicle’s tamper-proof device (TPD) and roadside units (RSUs) to store the system’s master key. However, it only takes a single compromised TPD to render the whole system insecure. We propose a password-guessing attack-aware authentication scheme based on the Chinese Remainder Theorem (CRT) to secure inter-vehicle communication on 5G-enabled vehicular networks to address this issue. The trusted authorities (TAs) in the proposed scheme generate and broadcast new group keys to the vehicles assisted by CRT. Moreover, since the system’s master key does not need to be preloaded, the proposed scheme only requires realistic TPDs. The proposed scheme overcomes password-guessing attacks and guarantees top-level security for entire 5G-enabled vehicular networks. The security analysis indicates that the proposed scheme is secure against adaptive chosen-message attacks under the random oracle model and meets the security requirements of a 5G-enabled vehicular network. Since cryptographic operations based on elliptic curve cryptography are employed, the performance evaluation shows that the proposed scheme outperforms the eight existing schemes in terms of computation and communication costs.

Cost-Effective Proxy Signcryption Scheme for Internet of Things

The Internet of things (IoT) has emerged into a revolutionary technology that enables a wide range of features and applications given the proliferation of sensors and actuators embedded in everyday objects, as well as the ubiquitous availability of high-speed Internet. When nearly everything is connected to the Internet, security and privacy concerns will become more significant. Furthermore, owing to the resource-constrained nature of IoT devices, they are unable to perform standard cryptographic computations. As a result, there is a critical need for efficient and secure lightweight cryptographic scheme that can meet the demands of resource-constrained IoT devices. In this study, we propose a lightweight proxy in which a person/party can delegate its signing authority to a proxy agent. Existing proxy signcryption security approaches are computationally costly and rely on RSA, bilinear pairing, and elliptic curves cryptography (ECC). The hyperelliptic curve cryptosystem (HECC), on the other hand, employs a smaller key size while maintaining the same level of security. When assessed using the random oracle model (ROM), the proposed scheme provides resilience against indistinguishable under adaptive chosen ciphertext attacks (IND-CCA) and unforgeable under adaptive chosen message attacks (UU-ACMA). To demonstrate the viability of the proposed scheme, security analyses and comparisons with existing schemes are performed. The findings show that the proposed scheme provides high security while reducing computational and communication costs.

Bilinear Pairing-Based Hybrid Signcryption for Secure Heterogeneous Vehicular Communications

Vehicular ad-hoc networks (VANETs) enable vehicles to exchange safety information with the surrounding vehicles and infrastructure in order to ensure safety and efficiency in traffic management. Recently however, vehicles come from different manufacturers and therefore use different protocols for the transmission of messages. As a result, communication among vehicles become heterogeneous. Because of this, VANETs face problems related to security and performance. To address this, some heterogeneous vehicular communication-based schemes have been proposed. However, they do not perform well because of an increase in computational overhead. In order to resolve this, we propose a certificateless cryptosystem (CLC) and public key infrastructure (PKI)-based conditional privacy-preserving hybrid signcryption (CP-CPPHSC) scheme. This scheme utilizes bilinear pairings and provides security requirements in a single logical step. Through the CP-CPPHSC scheme, a message is transmitted by a vehicle using the CLC to a vehicle using the PKI. Additionally, the CP-CPPHSC scheme supports the batch unsigncryption method which helps a vehicle to unsigncrypt more than one messages simultaneously. In the random oracle model (ROM), our scheme ensures existential unforgeability against adaptive chosen message attack (EUF-CMA) with respect to a hardness assumption of q-strong Diffie-Hellman (q-SDH) and modified inverse computational Diffie-Hellman (mICDH) problems and indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) with respect to a hardness assumption of q-bilinear Diffie-Hellman inversion (q-BDHI) problem. Our scheme effectively reduces computational cost when compared to state-of-the-art schemes without an increase in the communication cost.

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

In t , n threshold signature schemes, any subset of t participants out of n can produce a valid signature, but any fewer than t participants cannot. Meanwhile, a threshold signature scheme should remain robust and unforgeable against up to t − 1 corrupted participants. This nonforgeability property is that even an adversary breaking into up to t − 1 participants should be unable to generate signatures on its own. Existential unforgeability against adaptive chosen message attacks is widely considered as a standard security notion for digital signature, and threshold signature should also follow this accordingly. However, there are two special attack models in a threshold signature scheme: one is the static corruption attack and the other is the adaptive corruption attack. Since the adaptive corruption model appears to better capture real threats, designing and proving threshold signature schemes secure in the adaptive corruption model has been focused on in recent years. If a threshold signature is secure under adaptive chosen message attack and adaptive corruption attack, we say it is fully adaptively secure. In this paper, based on the dual pairing vector spaces technology, we construct a threshold signature scheme and use Gerbush et al.’s dual-form signatures technology to prove our scheme, which is fully adaptively secure in the standard model, and then compare it to other schemes in terms of the efficiency and computation.

Efficient Certificateless Signcryption Scheme for Wireless Sensor Networks in Ubiquitous Healthcare Systems

With the current developments in wireless networks, the use of Wireless sensor networks (WSNs) in the medical field has attracted a lot of attention. WSNs are being used to collect and transmit patient physiological information in ubiquitous healthcare systems. One of the major challenges in healthcare systems is security and privacy of patients’ vital data. By its very nature, a wireless sensor network provides a resource constrained environment and sensor nodes used in WSNs are limited in terms resource usage. Keeping data secure in a resource constraint environment is an important and challenging task. Hence, the need for secure and more efficient cryptosystems. In this paper, we are proposing a secure pairing-free certificateless signcryption scheme for use in ubiquitous healthcare systems. We compare the efficiency of our proposed scheme with other related signcryption schemes. A formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack for our scheme is presented in random oracle model.

Digital signature with cryptographic reverse firewalls

Abstract The Snowden’s Prism incident warned people great threats from internal adversaries. Cryptographic Reverse Firewalls (CRFs), one mean to resolve the problem, are increasingly popular on account of its simplicity and convenience. The current related CRFs solutions are applied to encryption or key agreement. However, CRFs have extremely high requirements for re-randomization. Due to the irreversible hash function in the digital signature, it is difficult for signature to apply CRFs. Undoubtedly, as an important field in cryptography, digital signature cannot resist similar internal attacks, hence it is useful to find a way to build CRFs for signature. Therefore, we propose two signature schemes with CRFs. One is based on traditional signature and CRF is built for the signer, the other is based on identity-based signature (IBS) and CRFs are built for the signer and the public key generator (PKG). We also prove that these two schemes can resist exfiltration. One is against existence forgery under passive attacks. The other is against existence forgery under adaptive chosen message attack. Moreover, we use pypbc library to implement our schemes. Compared with signature schemes without CRFs, our schemes can not only use almost similar computational cost but also have advantages in resisting exfiltration.

SecAuth-SaaS: a hierarchical certificateless aggregate signature for secure collaborative SaaS authentication in cloud computing

Collaborative cloud business models enable a new dimension of business by giving option to the third party software vendors to deploy their software in the cloud for offering software as a service (SaaS) to the users. However, the secure provisioning of resources requires scalable architecture with efficient authentication for configuring the collaborative software services in the cloud. In this paper, we propose a novel hierarchical certificateless aggregate signature to provide a scalable authentication model for SaaS in cloud computing. Our proposed scheme is secure under the adaptive chosen-message attack in the random oracle model with the hardness assumption of Computational Diffie–Hellman (CDH) problem and Decisional Diffie–Hellman (DDH) problem. Furthermore, our proposed scheme is highly efficient regarding low overhead on computation and communication cost.

A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT)

Recently, the Industrial Internet of Things (IIoT) has become increasingly important for applications in the industry. IIoT has essentially become a prime security focus for implementing secure communication. Among the available cryptographic tools, identity-based signcryption provide a sound solution to fulfill the security requirement of IIoT. On the other hand a generalized proxy signcryption can work adaptively as proxy signature and proxy signcryption using a single algorithm. In order to accomplish effective and on-time communication whenever the manager of the company went out for a usual business trip or an IIoT device which has lack of resources, then it must need to delegate her/his signcryption rights to their subordinates (proxy agents/device). For this purpose, to make the delegation procedure more efficient and reliable, we proposed a lightweight identity-based generalized proxy signcryption (IBGPS) scheme for IIoT. The IBGPS scheme is provably secure in terms of indistinguishability against adaptive chosen ciphertext attack (IND − IBGPS − CCA) and existential unforgeable against a possible adaptive chosen message attack (EUF − IBGPS − CMA) under Hyperelliptic Curve Decisional Diffie-Hellman problem (HEDHP) and Hyperelliptic Curve Discrete Logarithm problem (HECDLP) in the random oracle model. Furthermore the performance evaluation in terms of computation and communication costs shows that the IBGPS scheme is more effective than the existing schemes.

Certificateless‐Based Anonymous Authentication and Aggregate Signature Scheme for Vehicular Ad Hoc Networks

Development of Internet of Vehicles (IoV) has aroused extensive attention in recent years. The IoV requires an efficient communication mode when the application scenarios are complicated. To reduce the verifying time and cut the length of signature, certificateless aggregate signature (CL‐AS) is used to achieve improved performance in resource‐constrained environments like vehicular ad hoc networks (VANETs), which is able to make it effective in environments constrained by bandwidth and storage. However, in the real application scenarios, messages should be kept untamed, unleashed, and authentic. In addition, most of the proposed schemes tend to be easy to attack by signers or malicious entities which can be called coalition attack. In this paper, we present an improved certificateless‐based authentication and aggregate signature scheme, which can properly solve the coalition attack. Moreover, the proposed scheme not only uses pseudonyms in communications to prevent vehicles from revealing their identity but also achieves considerable efficiency compared with state‐of‐the‐art work, certificateless signature (CLS), and CL‐AS schemes. Furthermore, it demonstrates that when focused on the existential forgery on adaptive chosen message attack and coalition attack, the proposed schemes can be proved secure. Also, we show that our scheme exceeds existing certification schemes in both computing and communication costs.

Polymerized RingCT: An Efficient Linkable Ring Signature for Ring Confidential Transactions in Blockchain

In this work, we study and refer the privacy protection protocol used in the blockchain, in particular, the Ring Confidential Transaction protocol in current popular anonymous cryptocurrency Monero. Based on our observations on the underlying linkable ring signature and homomorphic commitment schemes, we design a new efficient RingCT protocol for protecting user’s transaction information. Our scheme is built on the Schnorr ring signature, the well-known Pedersen commitment and signature of knowledge. We show that the signature algorithm used in our scheme satisfies the security requirements under random oracle model and adaptive chosen message attack. Moreover, compared with other ring confidential transactions protocols, our scheme can significantly save the cost of operation and interaction linearly under multi-account operation, that is, unlike other schemes, the cost of its underlying signature algorithm doesn't grow linearly as the spender’s accounts grow.