Certificateless Aggregate Signature Scheme Research Articles

A new certificateless signature with enhanced security and aggregation version

SummaryTo satisfy the applications in certificateless environment, many researchers have been investigating certificateless aggregate signature schemes. Several schemes that are independent with the aggregated numbers are proposed to reduce the computation overhead. In these schemes, the pairing computations that in verification procedure needs are a constant value. Recently, Hou et al. proposed an improved certificateless aggregate signature scheme. They demonstrated the scheme is provably secure in the random oracle model. However, we find that their scheme is insecure in their security model by giving a concrete attack. Then, we propose an improved certificateless signature scheme and use it to construct a new certificateless signature scheme with enhanced security and aggregation. Furthermore, we provide formal security proof of our new scheme. Compared with other four schemes, our enhanced protocol is more suitable for realistic applications. Copyright © 2015 John Wiley & Sons, Ltd.

An efficient certificateless aggregate signature scheme for vehicular ad-hoc networks

Distributed Computing and Networking The state-of-the-art telecommunication technologies have widely been adapted for sensing the traffic related information and collection of it. Vehicular Ad-Hoc Networks (VANETs) have emerged as a novel technology for revolutionizing the driving experiences of human. The most effective and widely recognized way for mutual authentication among entities in VANETs is digital signature scheme. The new and attractive paradigm which eliminates the use of certificates in public key cryptography and solves the key escrow problem in identity based cryptography is certificateless cryptography. A new certificateless aggregate signature scheme is proposed in the paper for VANETs with constant pairing computations. Assuming the hardness of computational Diffie-Hellman Problem, the scheme is proved to be existentially unforgeable in the random oracle model against adaptive chosen-message attacks.

An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks

Certificateless public key cryptography was introduced to solve the complicated certificate management problem in traditional public key cryptography and the key escrow problem in identity-based cryptography. The aggregate signature concept is useful in special areas where the signatures on many different messages generated by many different users need to be compressed. This feature is very attractive for authentication in a resource constrained environment because it allows large bandwidth and computation time savings. This paper proposes a new certificateless signature scheme. A new certificateless aggregate signature scheme for vehicle-to-infrastructure communication in vehicular ad hoc networks based on the new certificateless signature scheme is presented. We demonstrate that the proposed certificateless aggregate signature scheme can also achieve conditional privacy preservation, in which each traffic message launched by a vehicle is mapped to a distinct pseudo identity. A legal authority can retrieve the real identity from any pseudo identity for any dispute event. In addition, the proposed scheme is provably secure against existential forgery on adaptively chosen message attack in the random oracle model assuming the computational Diffie–Hellman problem is hard. Furthermore, the proposed scheme presents efficient computational overhead with the existing well-known schemes and is suitable for practical use.

Comment on New Construction of Efficient Certificateless Aggregate Signatures

Aggregate signature can combine n signatures on n messages from n users into single signature, and the verifier should be convinced by the aggregate signature that n users indeed sign n messages. Since aggregate signature can greatly reduce the length of total signature and the cost of verification, it is widely used in environments with low bandwidth communication, low storage and low computability. Recently, Liu et al. [H Liu, S Wang, M Liang and Y Chen, “New Construction of Efficient Certificateless Aggregate Signatures”, International Journal of Security and Its Applications Vol.8, No.1 (2014), pp. 411-422] proposed an efficient certificateless aggregate signature scheme which is proven existentially unforgeable against adaptive chosen-message attacks. Unfortunately, Liu et al.’s new certificateless signature scheme is insecure. In this paper, giving concrete and simple attacks, we demonstrate that type II adversary key generation center can make ordinary-passive attack and malicious-active attack to forge legal certificateless signatures and certificateless aggregate signatures on any messages. Furthermore, we analyze possible reasons why key generation center succeeds in ordinary-passive attack and malicious-active attack.

Certificateless Aggregate Signature Schemes with Improved Security

Certificateless Aggregate Signature Schemes with Improved Security

Cryptanalysis and improvement of a certificateless aggregate signature scheme

Aggregate signature can combine n signatures on n messages from n users into a single short signature, and the resulting signature can convince the verifier that the n users indeed signed the n corresponding messages. This feature makes aggregate signature very useful especially in environments with low band width communication, low storage and low computability since it greatly reduces the total signature length and verification cost. Recently, Xiong et al. presented an efficient certificateless aggregate signature scheme. They claimed that their scheme was provably secure in a strengthened security model, where the “malicious-but-passive” KGC attack was considered. In this paper, we show that Xiong et al.’s certificateless aggregate signature scheme is insecure even against “honest-but-curious” KGC attack, an improved scheme which is really secure against “malicious-but-passive” KGC attack in the random oracle model. Performance analysis shows that our new scheme is more efficient than the other secure certificateless aggregate signature schemes.

Notes on the security of certificateless aggregate signature schemes

Secure aggregate signature schemes are very useful tools in special areas where the signatures on many different messages generated by many different users need to be compressed. Quite recently, an efficient certificateless aggregate signature scheme was presented by Xiong et al. (2013). Although they proved its security in the random oracle model under the standard computational Diffie–Hellman assumption, we find that their conclusion is wrong. In this paper, we give security analysis to their scheme by showing four kinds of concrete attacks. The first two kinds of attacks come from an honest-but-curious KGC and a malicious-but-passive KGC respectively. While the last two are from the collusion of inside signers or the collusion of an insider signer with a malicious-but-passive KGC. Our analysis indicates coalition attacks, especially those from the collusion of an inside signer with a malicious KGC are practical and destructive, and hence should be prevented in the design of CLAS schemes. We also put forward a secure certificateless aggregate signature scheme. Our new aggregate signature scheme results in a short aggregate signature that is valid if and only if every individual signature involved in the aggregation is valid.

New Construction of Efficient Certificateless Aggregate Signatures

This paper proposes a novel construction of efficient certificateless aggregate signature (CLAS) scheme. On basis of the computational Diffie-Hellman (CDH) assumption, the proposed scheme can be proven existentially unforgeable against adaptive chosen-message attacks. The new scheme also requires small constant pairing computations for aggregate verification, which is independent of the number of signers. Most importantly, a certain synchronization for aggregating randomness can be avoided by the proposed scheme. All the signers don’t need to share the same synchronized clock to generate the aggregate signature, which greatly decreases the implementation complexity in many application scenarios.

Reattack of a Certificateless Aggregate Signature Scheme with Constant Pairing Computations

A new attack against a novel certificateless aggregate signature scheme with constant pairing computations is presented. To enhance security, a new certificateless signature scheme is proposed first. Then a new certificateless aggregate signature scheme with constant pairing computations based on the new certificateless signature scheme is presented. Security analysis shows that the proposed certificateless aggregate signature scheme is provably secured in the random oracle.

Insecurity of an efficient certificateless aggregate signature with constant pairing computations

Recently, Xiong et al. [H. Xiong, Z. Guan, Z. Chen, F. Li, An efficient certificateless aggregate signature with constant pairing computations, Information Science 219 (2013) 225–235] proposed a certificateless signature (CLS) scheme and used it to construct a certificateless aggregate signature (CLAS) scheme with constant pairing computations. They demonstrated that both of their schemes are provably secure in the random oracle model under the computational Diffie–Hellman assumption. Unfortunately, by giving concrete attack, we demonstrate that their schemes are not secure against the Type II adversary, i.e. a Type II adversary could forge a legal signature of any message.

Cryptanalysis of a certificateless aggregate signature scheme for mobile computation

Recently, Xiong et al. proposed an efficient certificateless aggregate s ignature (CLAS) scheme for mobile computation. They demonstrated that their scheme is provably secure in the random oracle model. Unfortunately, by giving a concrete attack, in this paper, we point out that Xiong et al.'s scheme is not secure at all and an adversary without the partial private key and the secret value could forge a legal message. Hence, Xiong et al.'s scheme is not fea sible for practical applications.

An efficient certificateless aggregate signature with constant pairing computations

An aggregate signature scheme enables an algorithm to aggregate n signatures of n distinct messages from n users into a single short signature. This primitive is useful in resource-constrained environment since they allow bandwidth and computational savings. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we present an efficient certificateless aggregate signature scheme with constant pairing computations. The security of the proposed scheme can be proved to be equivalent to the standard computational Diffie–Hellman problem in the random oracle with a tight reduction. Furthermore, our scheme does not require synchronization for aggregating randomness, which makes it more suitable for ad hoc networks.

On the Security of a Certificateless Aggregate Signature Scheme

Certificateless cryptography eliminates the need of certificates in public key cryptosystems and solves the inherent key escrow problem in identity-based cryptosystems. An aggregate signature scheme is a signature scheme which allows to aggregate n signatures on n distinct messages from n distinct users into a single signature. Recently, Zhang and Zhang proposed a certificateless aggregate signature scheme provably secure in the random oracle model under the Computational Diffie-Hellman assumption. In this paper, we propose a novel fundamental security requirement for certificateless aggregate signature schemes, called coalition resistance, by presenting coalition attacks on Zhang-Zhang's scheme.

Efficient many-to-one authentication with certificateless aggregate signatures

Aggregate signatures allow an efficient algorithm to aggregate n signatures of n distinct messages from n different users into one single signature. The resulting aggregate signature can convince a verifier that the n users did indeed sign the n messages. This feature is very attractive for authentications in bandwidth-limited applications such as reverse multicasts and senor networks. Certificateless public key cryptography enables a similar functionality of public key infrastructure (PKI) and identity (ID) based cryptography without suffering from complicated certificate management in PKI or secret key escrow problem in ID-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme which has the advantages of both aggregate signatures and certificateless cryptography. The scheme is proven existentially unforgeable against adaptive chosen-message attacks under the standard computational Diffie-Hellman assumption. Our scheme is also very efficient in both communication and computation and the proposal is practical for many-to-one authentication.

A new certificateless aggregate signature scheme

Aggregate signatures are useful in special areas where the signatures on many different messages generated by many different users need to be compressed. In this paper, we study aggregate signatures in certificateless public key settings. We first present the notion and security model of certificateless aggregate signature schemes. Then we give an efficient certificateless aggregate signature scheme. Our scheme is existentially unforgeable under adaptive chosen-message attacks assuming the computational Diffie–Hellman problem is hard.