Certificateless Aggregate Signature Research Articles

Forgery attacks on two provably secure certificateless signature schemes

Recently, Hashimoto and Ogata proposed a constant-size certificateless aggregate signature scheme based on bilinear pairings. Karati et al. constructed a new certificateless signature scheme without bilinear pairings. The schemes were proven secure against both Type I and Type II adversaries in the random oracle model under the hardness assumptions of the Elliptic Curve discrete logarithm problem and the Computational Diffie–Hellman problem. In this paper, we first show that Hashimoto and Ogata is insecure against a Super-Type I adversary who knows the user secret key associated to the replaced public key and suggest its improvement to prevent our attack. We also show that Karati et al.’s scheme is entirely broken: anyone can forge certificateless signatures on any messages for any identities from only publicly known information without using any secret information. Thus, the scheme is trivially insecure against the Type I adversary who can replace user public keys and the Type II adversary who knows the master secret key. The attack shows that their security proofs against the Type I and Type II adversaries are flawed since these forgery attacks are never reflected in the proofs. Thus, it should be proposed security models that cover various forgery attacks due to algebraic relations in the underlying groups.

Cryptanalysis of Two Signature Schemes for IoT-Based Mobile Payments and Healthcare Wireless Medical Sensor Networks

Certificateless cryptography does not require any certificate for the public key authentication and users' public keys are transmitted with ciphertext/signatures or by making them available in the IoT-based public directory in a proper way. Due to these features, certificateless cryptosystems are considered as fundamental cryptographic buildingblocks to provide authenticity, integrity and non-repudiation suitable for IoT applications. Yeh proposed a transaction scheme based on a certificateless signature scheme for IoT-based mobile payments implementing on Android Pay. He showed that the CLS scheme was unforgeable against Type I and Type II adversaries under the intractability of the mathematical problem. Despite the security proofs, we show that Yeh's scheme is still insecure against both Type I and Type II adversaries. Recently, Gayathri et al. constructed a compact certificateless aggregate signature scheme for Healthcare Wireless Medical Sensor Networks. Their aggregate signatures are constant-size independent of the number of signers. In this paper, we show that anyone can forge certificateless aggregate signatures of their scheme on any sets of messages and identities from only publicly known information, i.e. their scheme is entirely broken. We then discuss some improvements.

Security Vulnerabilities of Four Signature Schemes From NTRU Lattices and Pairings

Certificateless cryptography solves the certificate management problem in public-key cryptography and the key-escrow problem in identity-based cryptography. Xie et al. proposed a certificateless signature scheme using NTRU lattices. They proved that their scheme was existential unforgeable for Type I and Type II adversaries under the intractability of the Small Integer Solution (SIS) problem on NTRU lattices in the random oracle model. Subsequently, Hung et al. proposed a revocable certificateless signature scheme on NTRU lattices that gave a revocation method via public channels to revoke illegal or compromised users. They also proved that their scheme was existential unforgeable for Type I, Type II and Type III adversaries under the intractability of the SIS problem. Recently, Wang et al. proposed a certificateless aggregate signature scheme from bilinear pairings and Rezaeibagha et al. proposed a new lightweight certificateless scheme for Industrial Internet of Things from bilinear pairings. The security of their schemes was proven for Type I and Type II adversaries under the intractability of some mathematical problems. In this paper, we show that the two schemes on NTRU lattices are insecure against Type I or Type II adversaries. We also point out invalidity of Wang et al. ’s scheme and vulnerability of Rezaeibagha et al. ’s scheme against Type I attacks. We then suggest some improvements to prevent our attacks.

Certificateless aggregate signature scheme secure against fully chosen-key attacks

Certificateless aggregate signature (CLAS) schemes enjoy the benefits of both certificateless cryptography and aggregate signature features. Specifically, it not only simplifies the certificate management without introducing the key escrow problem but also transforms many signatures into one aggregate signature to save communication and computation cost.CLAS is a powerful cryptographic tool, yet its security should be thoroughly analyzed before being implemented. In this paper, we give a new insight into the security of CLAS schemes. We introduce a potential and realistic attack called fully chosen-key attacks that has not been considered in the traditional security models and define the security model against fully chosen-key attacks. In contrast to the traditional models, the adversary is allowed to hold all the signers’ private keys and its goal is not to forge an aggregate signature but to output invalid single signatures that can be aggregated into a valid aggregate signature. We find there is no CLAS scheme secure in traditional security models that is secure against fully chosen-key attacks and then demonstrate how to reinforce the security of an existing scheme to withstand such an attack.

Secure and efficient certificateless aggregate signature scheme from bilinear pairings

ABSTRACTThe most important contribution of modern cryptography is the invention of digital signatures. To deal with specific application scenarios, digital signature schemes have been evolved with different variants. One of such variants is the aggregate signature scheme, which allows aggregation of different signatures by different users on different messages, to achieve computational and communication efficiency. Such schemes are useful in the design of Wireless Sensor Networks, Mobile Ad-hoc Networks, and Vehicular Ad-hoc Networks, where storage, bandwidth, and computational complexity are major constraints. In order to improve the computational and communicational efficiency along with security, in this paper, we propose a novel Certificateless Aggregate Signature (CLAS) scheme and extended it to achieve full aggregation. The proposed CLAS scheme uses bilinear pairings over elliptic curves and is proven secure in the Random Oracle Model under the assumption that Computational Diffie–Hellman Problem is hard. The security of the proposed CLAS scheme is proven without using forking lemma to achieve tight security. We compared our scheme with well-known existing schemes. Efficiency analysis shows that our scheme is much efficient than existing schemes in terms of communication and computational costs.

An Efficient and Secure Certificateless Aggregate Signature From Bilinear Maps

Certificateless signature schemes are a very intriguing aspect in information security because of its capability of removing the well-known key escrow problem predominately in ID-based cryptography. He et al. proposed an efficient certificateless aggregate signature scheme and proved that their scheme is secure against all possible types of security attacks. However, the authors still managed to find loopholes in the form of insecurities against ‘honest but curious' and ‘malicious but passive' attacks during cryptanalysis of He et al.'s scheme. The authors propose an efficient certificateless aggregate signature scheme which fills the security gaps in He et al.'s scheme and demonstrate the security in their scheme via a mathematical proof, and reinforce the fact that their scheme is much more efficient in a thorough performance comparison of their scheme against the previous schemes.

Efficient and Secure Pairing-Free Certificateless Aggregate Signature Scheme for Healthcare Wireless Medical Sensor Networks

Recent advancements in wireless communication technologies have led to the development of practical applications, such as infrastructure monitoring, earthquake monitoring, environment monitoring, remote healthcare monitoring, etc. In these applications, we may integrate the wireless sensor networks (WSNs) with Internet of Things (IoT), where sensor nodes join the Internet dynamically and use it to collaborate and accomplish their tasks. In e-healthcare system, wireless medical sensor nodes continuously monitor and collect the physiological information and transmit the same to healthcare professionals through IoT terminals. To overcome the limitations in communication and computational capabilities in sensors and to attain privacy in healthcare wireless medical sensor networks (HWMSNs), few signature schemes were proposed in the literature. However, most of these schemes are insecure against various attacks. Hence to ensure privacy and security in medical data, in this paper, we proposed an efficient pairing-free aggregate signature scheme for HWMSNs in certificateless system. We exploit aggregation technique in certificateless system without using pairings to reduce computational complexity and transmission overhead in transferring the data. Our scheme achieves full aggregation to improve communicational efficiency and performance analysis shows that the proposed scheme is more efficient.

A big data anonymous batch verification scheme with conditional privacy preservation for power injection over vehicular network and 5G smart grid slice

Abstract Internet of Things (IoT) is a new paradigm that has changed the way we live in our society by providing many intelligent applications such as smart healthcare, precision agriculture, smart city, smart supply chain, smart home, smart grid, and intelligent transportation. As an integration of smart grid and intelligent transportation, vehicle-to-grid (V2G) technology can make the power grid to communicate with the plugin electric vehicles (EVs), allowing the EVs to store greenpower energy from renewable energy sources and inject overplus power back to the power grid during the peak demand hours for financial gains. Nevertheless, security of transmitted information and users’ privacy preservation are very crucial to ensure fairness in the energy market and enhance users’ acceptability of this propitious technology. For instance, there is need to expeditiously authenticate massive power bids injected by EVs without exposing the owners’ private information. Therefore, a big data anonymous batch verification for injection of power over vehicular network and 5G smart grid slice based on a new ultraefficient certificateless aggregate signature (CL-AS) algorithm is proposed. The proposed scheme achieves batch-verifiable authentication of all the injected bids in an anonymous manner without compromising the privacy of participants. Moreover, we prove that the scheme is secure, assuming the Discrete Logarithm Problem (DLP) is intractable. The performance evaluation demonstrates its superiority in terms of efficiency over the related schemes.

A lightweight CLAS scheme with complete aggregation for healthcare mobile crowdsensing

The vast increase in the deployment of smart devices and the ubiquity of the Internet have evolved a new technology referred to as mobile crowdsensing (MCS). In healthcare MCS (HMCS), mobile devices can collect and upload medical data to the cloud server where authorized healthcare providers can access the relevant data for proper diagnosis and treatments. However, since this process is directly connected with patient’s sensitive health information, any unauthorized disclosure may have serious consequences on the patient’s wellbeing, hence privacy and security are serious issues in HMCS. To achieve data privacy and integrity, some certificateless aggregate signature (CLAS) schemes have been proposed. Very recently, four independent CLAS schemes were proposed for healthcare application. The authors claimed that their schemes were semantically secure in the security model. In this work, we analyze these schemes and find them to be insecure since there exists an adversary who can always forge a valid signature. Afterwards, we put forward a new CLAS scheme for HMCS application based on Elliptic Curve Cryptography (ECC) and hash function. In the proposed scheme, an aggregator can perform complete aggregation of certificateless signatures, resulting in improved performance. The proposed scheme satisfies all the security and privacy requirements of HMCS and can prevent possible attacks. Moreover, we show that the scheme is semantically secure with the assumption that the Discrete Logarithm Problem (DLP) is intractable. Extensive performance analysis and comparison show that the scheme is much more efficient than the state-of-the-art schemes.

An efficient certificateless aggregate signature scheme for the Internet of Vehicles

AbstractIn recent years, the research of Internet of vehicles (IoV) has received extensive attention. In IoV, vehicles can make intelligent decisions by exchanging the real‐time traffic information between other vehicles and IoV infrastructures, thereby reducing the probability of traffic jams and accidents. Although IoV has many advantages, it is necessary to ensure that the data are not edited, forged, or disclosed during the transmission. Also, the certificateless signature (CLS) seems to be the solution to this problem. While in the high‐intensity data transmission environment, the CLS scheme is inefficient for application. To improve the efficiency, the function of aggregation was introduced into the CLS. The certificateless aggregate signature (CL‐AS) can aggregate multiple signatures into a brief signature, reducing the computational cost and the size of signature. Nevertheless, most of the recent proposed CL‐AS schemes have problems of security or efficiency. In this paper, we presented an advanced efficient CL‐AS scheme with elliptic curve cryptography for the IoV environment. In addition, the proposed scheme uses pseudonyms in communications to prevent vehicles from revealing their identity. We proved the security of our proposal in the random oracle based on computational Diffie‐Hellman assumption. Also, the efficiency analysis and simulation show the superiority of our scheme.

Cryptanalysis of a Certificateless Aggregate Signature Scheme for Healthcare Wireless Sensor Network

Certificateless aggregate signatures aggregate n signatures from n different users into one signature. Therefore, a verifier can judge whether all signatures are valid by verifying once. With this advantage, certificateless aggregate signatures are widely used in the environment of limited computing resources. Recently, a novel certificateless aggregate signature scheme was proposed by Kumar et al. This scheme’s security was claimed to be secure against two types of attackers under the random oracle model. In this paper, we indicate that their scheme is unable to achieve this security goal. We show an attack algorithm that the second type of attacker could forge a valid signature under an identity without the private key of the target user. Moreover, we demonstrate that the second type of attacker could forge a valid aggregate signature.

Provably secure certificateless aggregate signature scheme with designated verifier in an improved security model

An aggregate signature (AS) scheme combines multiple signatures which is generated by many different users into a single one. This feature is very beneficial for diminishing storage cost, bandwidth and verification cost. Many previous attempts have been made for designing AS schemes, while the former security models have not clearly addressed coalition attacks, and most of the existing AS schemes cannot resist these kinds of attacks. In this study, the authors provide a modified security model of certificateless AS (CLAS) schemes and then give a new CLAS scheme. The security of their present scheme can be rigorously proved based on the computational Diffie-Hellman assumption in the random oracle model. Furthermore, their scheme can resist such coalition attacks, i.e. an AS in their scheme is valid iff all single signatures used to generate the AS are valid.

A Large-Scale Concurrent Data Anonymous Batch Verification Scheme for Mobile Healthcare Crowd Sensing

Recently, with the rapid development of big data, Internet of Things (IoT) brings more and more intelligent and convenient services to people's daily lives. Mobile healthcare crowd sensing (MHCS), as a typical application of IoT, is becoming an effective approach to provide various medical and healthcare services to individual or organizations. However, MHCS still have to face to different security challenges in practice. For example, how to quickly and effectively authenticate masses of bio-information uploaded by IoT terminals without revealing the owners' sensitive information. Therefore, we propose a large-scale concurrent data anonymous batch verification scheme for MHCS based on an improved certificateless aggregate signature. The proposed scheme can authenticate all sensing bio-information at once in a privacy preserving way. The individual data generated by different users can be verified in batch, while the actual identity of participants is hidden. Moreover, assuming the intractability of CDHP, our scheme is proved to be secure. Finally, the performance evaluation shows that the proposed scheme is suitable for MHCS, due to its high efficiency.

Unrestricted and compact certificateless aggregate signature scheme

A certificateless aggregate signature (CLAS) scheme employing a reduced signature size eliminates the complexity of certificate management in a traditional public key cryptosystem. A compact aggregate signature, where the size does not depend on the aggregate number, is desirable when the objective is to reduce storage cost and bandwidth. However, in conventional compact CLAS schemes, aggregation of signatures is restricted. The state information is meant to be used only once for security; it is generally used to restrict aggregation to signatures generated with the same state information. This paper proposes the first unrestricted and compact CLAS scheme where the signature size is constant and any combination of signatures can be aggregated. Aside from convenient storage and communication costs, our scheme is also equipped with a secure system against realistic adversaries. Moreover, we evaluate the performance of our CLAS scheme and demonstrate its effectiveness. Finally, this paper reveals that it is not possible to construct an unrestricted and compact CLAS scheme for a widely used structure with constant pairing computation.

Certificateless Sequential Aggregate Signature Scheme on NTRU Lattice

Having the advantages of certificateless signature and the aggregate signature at the same time, certificateless aggregate signature has been widely applied in e-business, e-government and software security since it was proposed in 2007. Although a number of certificateless aggregate signature schemes have been proposed, all of them are based on the classic number theory problem, which are no longer secure in the quantum era. In this paper, a certificateless sequential aggregate signature over number theory research unit lattice is proposed, which is proven to be secure in random oracle model. Moreover, we extend the new scheme into an efficient certificatebased sequential aggregate signature which is also secure in quantum era.

Probably Secure and Efficient Certificateless Aggregate Signature Scheme

Probably Secure and Efficient Certificateless Aggregate Signature Scheme

Cryptanalysis and Improvement of an Anonymous Batch Verification Scheme for Mobile Healthcare Crowd Sensing

As an emerging application of smart healthcare, mobile healthcare crowd sensing (MHCS) has become a research hotspot. However, how to ensure the confidentiality and integrity of data and protect the privacy of user is still a challenge for MHCS. To handle these issues, an effective and secure privacy protection scheme is indispensable. Recently, a large-scale concurrent data anonymous batch verification scheme for mobile healthcare crowd sensing was proposed by Liu et al. Unfortunately, we demonstrate that their scheme is insecure. This paper presents an improved anonymous scheme based on certificateless aggregate signature (CL-AS) for MHCS. First, considering the efficiency and the characteristics of the MHCS, the technique of aggregate signature is adopted, which can achieve batch verification and greatly save the bandwidth and computation resources. Second, anonymous communication is carried out in this scheme to realize privacy preservation. Third, based on certificateless cryptography, the proposed scheme can simplify the complicated certificate management and eliminate the key escrow problem. In addition, our scheme is provably secure against the existential forgery on adaptively chosen message attack in the Random Oracle Model assuming the computational Diffie-Hellman problem is intractable. Furthermore, security and efficiency analysis shows that our scheme is secure and efficient.

Certificateless Short Aggregate Signature Scheme for Mobile Devices

Today, data is exploding. A large amount of data needs to be processed in a timely and an efficient manner. Aggregate signatures are an efficient and secure way to handle large numbers of digital signatures. In an aggregate signature scheme, $n$ signatures on $n$ messages from $n$ users can be combined into a single signature, which can make anyone believes that the $n$ messages were indeed signed by the $n$ corresponding users. In the recent decade, numerous certificateless aggregate signature (CLAS) schemes have been introduced. In most CLAS schemes currently known, the number of hash-to-point operations and the size of signature increase linearly with the number of signers, so they are not suitable for computing restricted devices, such as mobile devices. In this paper, a new CLAS scheme is constructed, which requires only two pairing operations and the signature contains only one point and state information. It is more efficient than the previous ones and suit for the mobile devices.

An Efficient Certificateless Aggregate Signature Scheme Without Pairings for Healthcare Wireless Sensor Network

Wireless sensor network (WSN) can be widely used in the field of health care since it has many advantages, such as low cost, high efficiency, low latency, and so on. In healthcare wireless sensor network (HWSN), the patients' health information needs to be transmitted to health professionals in real time through the Internet, so it is vital to ensure the integrity and privacy of medical information. Aggregate signature (AS) cannot only provide message integrity and authentication for multiple users but also drastically improve the efficiency of signature transmission and verification. Certificateless public key cryptography (CLPKC) is superior to traditional public key infrastructure and identity-based cryptography. We combine the advantages of CLPKC and AS and construct a certificateless aggregate signature (CLAS) scheme without using pairings. Our CLAS scheme realizes the protection of the privacy and integrity of healthcare information for multiple patients in HWSN for the first time. Under the assumption of elliptic curve discrete logarithm, the proposed CLAS scheme is existentially unforgettable against two types of adversaries. In addition, the scheme has better performance than other CLAS schemes as for the security, communication overhead, and computational costs. So it is more suitable for green HWSN.

An improved certificateless aggregate signature scheme without bilinear pairings for vehicular ad hoc networks

Certificateless aggregate signature (CL-AS) is a digital signature technique used to achieve improved performance in resource-constrained environments like vehicular ad hoc networks (VANETs) by eliminating the certificate issue in the traditional public key cryptography (PKC), addressing the key escrow problem in identity-based PKC, and utilizing the efficiency benefits of aggregate signature. Recently, an efficient CL-AS scheme for VANETs was proposed which the authors claimed to be existentially secure against forgery attacks in the random oracle model. In this paper, the scheme was analyzed and found to be insecure under existing security model. Consequently, we propose a new efficient certificateless aggregate signature scheme for VANETs applications based on elliptic curve cryptography. The proposed scheme does not only meet the privacy and security requirements for VANETs, but supports batch verification, autonomy, and conditional privacy preservation. In addition, the proposed scheme is provably secure against existential forgery on adaptive chosen message attack in the random oracle model based on the hardness assumption of the elliptic curve discrete logarithm problem. Extensive efficiency analysis demonstrates that the performance of the proposed scheme exceeds those of the recent related schemes in terms of computation cost and communication overhead.