Certificate-based Signature Scheme Research Articles

On the Security of Lightweight and Escrow-Free Certificate-Based Data Aggregation for Smart Grid

Recently, to eliminate complex certificate maintenance and key escrow issue, Verma <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed the first certificate-based(CB-based) data aggregation scheme for smart grids, in which a lightweight CB-based signature is proposed to ensure the integrity of the transmitted data. Although they claimed that the proposed certificate-based signature scheme is secure against attacks by a malicious certification authority (CA), unfortunately, by analyzing the security of Verma <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> 's scheme, we show that their scheme is insecure. It can not provide data integrity since a malicious CA can forge a message's signature in the name of any entity. After giving the corresponding attacks, we analyze the reasons for producing such attacks and provide the corresponding suggestions to overcome them.

Certificate-Based Signature Scheme for Industrial Internet of Things Using Hyperelliptic Curve Cryptography

The Industrial Internet of Things (IIoT) is a technology that uses the Internet of Things (IoT) infrastructure to sense, process, and communicate real-time events in the industrial system to cut down on unnecessary operating costs and to speed up industrial automation of internal and external working processes. Since the IIoT system inherits the same cyber-physical vulnerabilities that the IoT system already encounters, it requires additional work to address security concerns owing to its heterogeneous nature. As a result, an efficient security mechanism is essential to protect against various and unknown cyber-attacks. In this article, we propose a certificate-based signature scheme based on hyperelliptic curve cryptography (HECC), with the aim of improving security while reducing computational and communication costs in the IIoT environment. The proposed scheme outperforms existing schemes in terms of both computational and communication costs, as well as offering better security.

A Forward-Secure Certificate-Based Signature Scheme with Enhanced Security in the Standard Model

A Forward-Secure Certificate-Based Signature Scheme with Enhanced Security in the Standard Model

Efficient Certificate-Based Signature with Short Key and Signature Sizes from Lattices

Certificate-based cryptography (CB-PKC) is an attractive public key setting, which reduces the complexity of public key infrastructure in traditional public key settings and resolves the key escrow problem in ID-based public key settings. In the past, a large number of certificate-based signature and encryption schemes were proposed. Nevertheless, the security assumptions of these schemes are mainly relied on the difficulties of the discrete logarithm and factorization problems. Unfortunately, both problems will be resolved when quantum computers come true in the future. Public key cryptography from lattices is one of the important candidates for post-quantum cryptography. However, there is little work on certificate-based cryptography from lattices. In the paper, we propose a new and efficient certificate-based signature (CBS) scheme from lattices. Under the short integer solution (SIS) assumption from lattices, the proposed CBS scheme is shown to be existential unforgeability against adaptive chosen message attacks. Performance comparisons are made to demonstrate that the proposed CBS scheme from lattices is better than the previous lattice-based CBS scheme in terms of private key size and signature size.

Leakage-Resilient Certificate-Based Signature Resistant to Side-Channel Attacks

Certificate-based cryptography is an attractive public-key setting, and it not only simplifies certificate management in the traditional public-key cryptography but also eliminates the key escrow problem inherent in the identity-based cryptography. Recently, leakage-resilient cryptography resistant to side-channel attacks has received significant attention from cryptographic researchers. By side-channel attacks, adversaries could obtain partial information of secret and private keys involved in cryptographic algorithms by perceiving execution time or energy consumptions of each algorithm invocation. The certificate-based signature (CBS) is a class of important public-key signature. Up to date, there exists no leakage-resilient CBS (LR-CBS) scheme resistant to side-channel attacks. In this paper, the first LR-CBS scheme is proposed and it possesses overall unbounded leakage property, namely, it permits adversaries to continuously obtain partial information of secret or private keys involved in the associated algorithm invocations. The security analysis is given to prove that the proposed LR-CBS scheme is existential unforgeability against adaptive chosen-message attacks for adversaries in the generic bilinear group model.

Demonstrably Secure Signature Scheme Resistant to k-Traitor Collusion Attack

This paper presents the proposal of a new implicit and explicit certificate-based signature scheme (IE-CBS-kCAA scheme) using Sakai–Kasahara’s type keys. The scheme security depends on the computational difficulty of solving the modified collusion attack algorithm with ${k}$ traitors ( ${k}$ -mCAA problem), reducible in particular cases to the known ${k}$ -CAA problem. The originality of the scheme consists not only in the formulation and application of a new difficult computational problem but also in its design to meet the paradigm of public key cryptography based on implicit and explicit certificates. Due to such an approach, the proposed signature scheme can be used in the traditional public key infrastructure with the revocation of explicit certificates and in non-standard infrastructures without the revocation of implicit certificates. In this paper, the security model is formulated and it is shown that the IE-CBS-kCAA signature scheme is existentially unforgeable against adaptively chosen messages in the random oracle model. Moreover, it results from the comparison of the IE-CBS-kCAA scheme with other signature schemes based on implicit and/or explicit certificates that its computational efficiency is at a similar level. Computational tests have also shown that the scheme can be used in practice.

Certificate‐based signature scheme in the standard model

Certificate-based cryptosystem can eliminate the private key escrow problem inherent in the identity-based cryptosystem and can simplify the costly certificate management in the traditional public key cryptosystem. In 2016, Lu et al. raised an open problem of whether the certificate-based signature (CBS) scheme can be proved secure against the malicious-but-passive certifier attack. In this study, the authors try to solve this problem. They give an enhanced security model of the CBS scheme which can resist the malicious-but-passive certifier attack. Then they propose a concrete CBS scheme in the standard model by using bilinear pairings. They prove the scheme to be secure in the enhanced security model under the Squ-CDH assumption. In this way, the authors give an affirmative answer to the above open problem. Finally, the authors evaluate the efficiency of the scheme which shows it to be practical. In addition, they find that malicious-but-passive certifier security cannot coexist with super adversary security in a CBS scheme in the standard model.

Generic Construction of Certificate-Based Signature from Certificateless Signature with Provable Security

This paper studies the generic construction of certificate-based signature (CBS) from certificateless signature (CLS). This paper proposes a new generic conversion from CLS to CBS which is more intuitive, simpler, and provably secure without random oracles than the current one. To develop the security proof, we put forth one novel CLS security model which features a previously neglected but nontrivial attack and hence captures the CLS security notion more comprehensively. We show that many existing CLS schemes can be proved secure in the current model by slightly modifying its original security proof. Following this conversion, many provably secure CBS schemes can be constructed from the corresponding existing CLS schemes.

A Short Certificate-based Signature Scheme with Provable Security

Certificate-based signature (CBS) is an attractive paradigm since it simultaneously solves the certificate revocation problem in conventional signatures and the key escrow problem in ID-based signatures. In particular, short certificate-based signatures are useful in bandwidth reduction for communication due to their short signature lengths. However, it is still a challenging and open problem to design a secure short certificate-based signature (SCBS) scheme. Recently, to solve this problem, Li et al . proposed an efficient SCBS scheme. However, in this article, we will show that Li et al .’s scheme is insecure against Type I adversary (i.e. uncertified entity) under an accredited security model. Moreover, we propose a new SCBS scheme with provable security. Based on the computational Diffie–Hellman (CDH) assumption, we demonstrate that our SCBS scheme possesses existential unforgeability against adaptive chosen-message attacks under the same accredited security model. When compared with previous SCBS schemes, our scheme is the first provably secure SCBS scheme while retaining efficiency. DOI: http://dx.doi.org/10.5755/j01.itc.45.3.12814

Improved certificate‐based signature scheme without random oracles

Certificate-based cryptography is a useful primitive that combines traditional public key cryptography (PKC) and identity-based cryptography (IBC). It not only solves the key escrow problem inherent in IBC, but also simplifies the certificate problem in traditional PKC. So far, several certificate-based signature (CBS) schemes have been proposed in the literature. However, none of them consider the malicious certificate authority (CA) attack. Cryptanalysis shows that two previous CBS schemes without random oracles fail in achieving unforgeability under such attack. To overcome the security weakness in these schemes, the authors propose an improved CBS scheme that can withstand malicious CA attacks. They prove it to be existentially unforgeable against chosen message attacks under the computational Diffie–Hellman assumption in the standard model. Compared with the previous standard-model CBS schemes, the proposed scheme has obvious advantages in both the computation and communication efficiency.

A New Efficient Certificate‐Based Signature Scheme

Certificate-based cryptography is a newkind of public key algorithm, which combines the merits oftraditional Public key infrastructure (PKI) and identitybased cryptography. It removes the inherent key escrowproblem in the identity-based cryptography and eliminatesthe certificate revocation problem and third-party queriesin the traditional PKI. In this paper, we propose an efficient certificate-based signature scheme based on bilinearpairings. Under the strong security model of certificatebased signature scheme, we prove that our scheme is existentially unforgeable against adaptive chosen message andidentity attacks in the random oracle. In our scheme, onlytwo pairing operations are needed in the signing and verification processes. Compared with some certificate-basedsignature schemes from bilinear pairings, our scheme enjoys more advantage in computational cost and communicational cost.

A Pairing-free Key-insulated Certificate-based Signature Scheme with Provable Security

Certificate-based signature (CBS) combines the advantages of both public key-based signature and identity-based signature, while saving from the disadvantages of drawbacks in both PKS and IBS. The insecure deployment of CBS under the hostile circumstances usually causes the exposure of signing key to be inescapable. To resist the threat of key leakage, we present a pairing-free key insulated CBS scheme by incorporating the idea of key insulated mechanism and CBS. Our scheme eliminates the costly pairing operations and as a matter of fact outperforms the existing key insulated CBS schemes. It is more suitable for low-power devices. Furthermore, the unforgeability of our scheme has been formally proven to rest on the discrete logarithm assumption in the random oracle model.

The Trusted Two-dimensional Code System based on Certificate-based Signature Scheme

With the high capacity, fast recognition speed, as well as strong correction ability, two-dimensionalcode is widely used in many fields such as e-commerce. However, how to guarantee the authenticityof two-dimensional code becomes an urgent security demand. In this paper, we design and implementan authentic two-dimensional code system based on certificate-based signature scheme (CBS).The system includes trusted center module, authentic two-dimensional code generation module, andauthentic two-dimensional code verification module. The trusted center is in charge of initializingsystem parameters and issuing certificates. Two-dimensional code generation module achieves secretkey reading from USBKey and two-dimensional code generation functions. Two-dimensional codeverification module is responsible for two-dimensional code scanning and CBS signature verification.Bilinear pairing is adopted to implement the CBS algorithms. The web interface is built withJavaScript. Further productization of the prototype system will play an important role in promotingsecure application of two-dimensional code.

Efficient certificate-based verifiable encrypted signature scheme

Certificate-based public key cryptographic is a novel cryptographic primitive solving the heavy management problem in the conventional public key cryptographic. Verifiable encrypted signature is useful for many cryptographic protocols and often is used as to construct an optimistic fair exchange, it can convince a verifier that a given cipher text is an encryption of signature on a given message. In this paper, we propose an efficient certificate-based verifiable encrypted signature scheme by combining certificate-based public key cryptographic with a verifiable encrypted signature. We first give the formal definition of the certificate-based verifiable encrypted signature and its security goal, then we construct a secure certificate-based verifiable encrypted signature scheme, and gives the security analysis. The analysis shows that our scheme satisfies the security properties including validity, unforgeability, and opacity, and simplifies the certificate management process, solves the escrow problem, and there are fewer pairing operations and the least number of the total operations comparing with the other existing verifiable encrypted signature schemes.

A new certificate-based digital signature scheme in bilinear group

Certificate-based signature preserves advantages of implicit certification and no private key escrow as the certificate-based encryption scheme presented at Eurocrypt 2003 by Gentry. In this paper, we present a certificate-based signature scheme derived from bilinear pairings and prove its security in the random oracle model. The scheme is secure based on the traditional difficult problem defined in bilinear pairings. The efficiency is also presented to show the scheme is practical. Compared to earlier signatures with these properties, our scheme is efficient. Many other constructions could be derived by using this certificate-based signature in applications.

Efficient certificate-based signature scheme with strong designated verifier

Concerning the flaw that it needs a fully credible third party in ID-based strong designated verifier signature and the low efficiency of existing schemes,taking the advantage of Certificate Authority(CA)'s low trust level in certificate-based public key cryptography,a new strong designated verifier signature scheme was proposed in this paper.Furthermore,the formal security analysis under assumed Bilinear Diffie-Hellman(BDH) problem in the random oracle model was presented.Performance analysis shows the scheme meets all properties of strong designated verifier signature schemes and enjoys higher correspondence efficiency used in bandwidth limited environment since the signature length is just one of the group elements.

Provably secure certificate-based signature scheme without pairings

In order to simplify certificate management in traditional public key cryptography and solve the key escrow problem in identity-based cryptography, the notion of certificate-based cryptography was introduced. Recently, Ming and Wang proposed a certificate-based signature scheme without pairings. They claimed that the scheme was existentially unforgeable against adaptive chosen message and identity attacks in the random oracle. In this paper, we show that the scheme is insecure against a malicious certifier under existing security model. We also propose a new efficient certificate-based signature scheme without pairings, which is proven secure in the random oracle model. Compared with the existed certificate-based signature schemes without parings, our scheme enjoys shorter signature length and less operation cost.

A hybrid approach to secure hierarchical mobile IPv6 networks

Establishing secure access and communications in a hierarchical mobile IPv6 (HMIPv6) network, when a mobile node is roaming into a foreign network, is a challenging task and has so far received little attention. Existing solutions are mainly based on public key infrastructure (PKI) or identity-based cryptography (IBC). However, these solutions suffer from either efficiency or scalability problems. In this paper, we leverage the combination of PKI and certificate-based cryptography and propose a hierarchical security architecture for the HMIPv6 roaming service. Under this architecture, we present a mutual authentication protocol based on a novel cross-certificate and certificate-based signature scheme. Mutual authentication is achieved locally during the mobile node?s handover. In addition, we propose a key establishment scheme and integrate it into the authentication protocol which can be utilized to set up a secure channel for subsequent communications after authentication. As far as we know, our approach is the first addressing the security of HMIPv6 networks using such a hybrid approach. In comparison with PKI-based and IBCbased schemes, our solution has better overall performance in terms of authenticated handover latency.

A Certificate-based Signature Scheme for Mobile Ad Hoc Networks

In order to insure the security of communication in mobile Ad hoc networks, we proposed a new signature scheme which is based on bilinear pairing and certificate-based cryptography. The security of the scheme was proved under the Random Oracle Model. The scheme is also efficient, since the signing algorithm does not need the computation of the bilinear pairing and the verification algorithm needs that computation only once. Thus it is particularly useful in Ad hoc networks.

Provably Secure Certificate-based Signature Scheme for Ad Hoc Networks

Certificate-based cryptography proposed by Gentry in Eurocrypt 2003 combines the advantages of traditional public key cryptography (PKI) and identity-based cryptography, and removes the certificate management problem and the private key escrow security concern. Based on computational Diffie-Hellman assumption, a certificate-based signature scheme is constructed to insure the security of communication in mobile Ad hoc networks,. The security of the scheme is proved under the Random Oracle Model. The scheme is also efficient, since the signing algorithm does not need the computation of the bilinear pairing and the verification algorithm needs that computation only once. Thus it is particularly useful in Ad hoc networks.