Identity-based Signature Research Articles

Fully secure and hierarchical identity based signature for automatic dependent surveillance broadcast systems

Automatic dependent surveillance broadcast (ADS-B) system is a multi-parameter surveillance system that can improve important aspects of air traffic. Although ADS-B has adopted many security measures, it also faces some security risks such as eavesdropping, message deletion, message injection, and denial of service. Identity based signature is one of the important technologies in solving this problem. The paper proposes a hierarchical and identity-based signature algorithm which may resist the private key’s continual leakage. This proposed scheme not only has the performance of resisting private key leakage, but also has the performance of hierarchical delegation for the private key. Our scheme is proved to be fully secure under the standard model. The scheme can tolerate a leakage rate of nearly 1/3 for private keys. The proposed construction has three characteristics. Firstly, our scheme achieves full security under standard model, which means that its security is independent of the number of inquiries from the attacker. Secondly, this scheme has a delegation function, which may remarkably reduce the burden on the root private key generation center, making it very suitable for systems with limited computing resources and high real-time requirements. Thirdly, through periodic private key updates, our proposal will resist continual leakage attacks for private key, as long as the leakage between two consecutive key updates does not exceed the given limit.

Cocoon: certificateless blockchain wallet supporting both stealth address and revocation

The breaches of the blockchain wallet keys greatly harm the security of blockchain transactions. To protect the secret keys, the known solutions, such as hierarchical deterministic wallets proposed in BIP32 or stealth addresses adopted in Monero, have been extensively researched. However, most of the existing works assume the key is safe, in the sense that it cannot be stolen or damaged, which is not true in practice. Moreover, current key revocation mechanisms either rely on centralized authorities, compromising decentralization, or require economic incentives to ensure nodes remain consistantly online. In this paper, we introduce Cocoon, the first blockchain wallet scheme that supports stealth addresses and provides a wallet revocation mechanism without the need for certificates. Cocoon not only ensures the privacy of wallet secret keys but also can individually revoke compromised keys with high performance. Our contributions are three-fold: First, we present the formal model and the related security definitions. Next, we give a generic construction based on the hierarchical identity-based signature, identity-based key encapsulation mechanism and non-interactive zero-knowledge proof. We then extend the scheme to the hierarchical setting for diverse scenarios. Finally, we give the implementation, and the results show that the scheme is practical.

Comparative evaluation of pseudonym-based anonymisation techniques for connected autonomous vehicles (CAVs)

The technical requirements for securing safety-related applications in connected autonomous vehicles (CAVs) include security (e.g., authentication, integrity, non-repudiation depending on the specific applications), privacy (e.g., anonymity and unlinkability) and computing efficiency of the solutions designed to address security and privacy aspects. Several cryptographic techniques have been considered in the literature to meet these technical requirements. A notable category of these techniques is often referred to as pseudonym schemes in the context of CAVs, which aim to address security and privacy simultaneously. This paper provides an overview of the state-of-the-art research on pseudonym techniques for CAVs, including a comparative evaluation of their performance in the context of two representative safety-related CAV applications: Cooperative positioning and intersection collision avoidance. This study aims to guide the effective adoption of such schemes for various applications in CAVs. In this paper, three main categories of pseudonym schemes are considered: public key schemes, identity-based signatures, and group signatures. We compare these schemes with respect to security and privacy requirements as identified for several CAV applications. We also implement several representative pseudonym schemes in each category to evaluate their processing efficiency for signing and verifying messages used in CAV applications to provide insight into their applicability for CAV applications.

A Trustworthy and Untraceable Centralised Payment Protocol for Mobile Payment

Current mobile payment schemes gather detailed information about purchases customers make. This data can then be used to infer a customer’s spending behaviour, potentially violating their privacy. To tackle this problem, we propose an untraceable mobile payment scheme that strikes a better balance, preserving user privacy while allowing the Third-Party Service Provider (TPSP) to collect necessary information such as card details and transaction amount for regulatory compliance. Our scheme offers untraceability for legitimate users from malicious adversaries and curious TPSPs using cryptographic primitives such as partially blind signatures, zero-knowledge proofs, and identity-based signatures. It also guarantees that only authorised TPSPs can issue valid payment tokens, and even with limited data, the TPSP can still prevent dishonest customers/merchants from double-spending a payment token. We also propose a comprehensive evaluation framework to assess the untraceable payment schemes against seven key criteria such as untraceability, exculpability—merchant double-spending, exculpability—customer double-spending, unforgeability, confidentiality, message authenticity, efficiency, and regulatory compliance. We rigorously benchmark the security and privacy of our proposed payment scheme against this framework and other established schemes. Furthermore, we formally verify these properties using complexity-based analysis and Proverif modelling.

An experimentally validated feasible quantum protocol for identity-based signature

An experimentally validated feasible quantum protocol for identity-based signature

Implementing Identity-based Signature Schemes for Secure Data Transfer in Cloud Computing Environments

In this paper, we present the implementation of the Cha-Cheon Identity-Based Signature (IBS) scheme to enhance secure data transfer in cloud computing environments. Cloud computing rely on traditional Public Key Infrastructure (PKI) systems, which is burdened by certificate management infrastructure. The primary focus of this research to simplify key and certificate management by leveraging identity-based elliptic curve cryptography (ECC) within the Cha-Cheon IBS framework. We show that the proposed IBS solution integrates seamlessly with Amazon Web Services (AWS), utilizing services like S3 for secure data storage and KMS for key management. By applying ECC, the Cha-Cheon scheme achieves efficient cryptographic operations with smaller key sizes, resulting in reduced computational overhead, faster key generation, signature creation, and verification times compared to RSA-based systems. We conducted extensive performance evaluations to compare the Cha-Cheon IBS scheme with traditional PKI-based systems. The results demonstrate that our implementation significantly outperforms RSA in terms of key generation, encryption, and signature verification times, especially under increased user loads and data sizes. Moreover, the security analysis confirms the robustness of the Cha-Cheon IBS against key compromise, offering strong resistance to unauthorized access and key revocation issues. The scheme also scales efficiently as the number of users increases, making it ideal for large-scale cloud infrastructures. This research highlights the potential of IBS as a viable alternative to PKI systems, providing a more streamlined and efficient approach to secure data transfers in cloud environments.

MQIBS: An Efficient Post-Quantum Identity-based Signature from Multivariate Polynomials

MQIBS: An Efficient Post-Quantum Identity-based Signature from Multivariate Polynomials

Protecting unauthenticated messages in LTE/5G mobile networks: A two-level Hierarchical Identity-Based Signature (HIBS) solution

Protecting unauthenticated messages in LTE/5G mobile networks: A two-level Hierarchical Identity-Based Signature (HIBS) solution

Cryptanalysis of a quantum identity-based signature and its improvement

Cryptanalysis of a quantum identity-based signature and its improvement

A Secure and Effective Hierarchical Identity-Based Signature Scheme for ADS-B Systems

A Secure and Effective Hierarchical Identity-Based Signature Scheme for ADS-B Systems

Post-Quantum Secure Identity-Based Signature Scheme with Lattice Assumption for Internet of Things Networks.

The Internet of Things (IoT) plays an essential role in people's daily lives, such as healthcare, home, traffic, industry, and so on. With the increase in IoT devices, there emerge many security issues of data loss, privacy leakage, and information temper in IoT network applications. Even with the development of quantum computing, most current information systems are weak to quantum attacks with traditional cryptographic algorithms. This paper first establishes a general security model for these IoT network applications, which comprises the blockchain and a post-quantum secure identity-based signature (PQ-IDS) scheme. This model divides these IoT networks into three layers: perceptual, network, and application, which can protect data security and user privacy in the whole data-sharing process. The proposed PQ-IDS scheme is based on lattice cryptography. Bimodal Gaussian distribution and the discrete Gaussian sample algorithm are applied to construct the fundamental difficulty problem of lattice assumption. This assumption can help resist the quantum attack for information exchange among IoT devices. Meanwhile, the signature mechanism with IoT devices' identity can guarantee non-repudiation of information signatures. Then, the security proof shows that the proposed PQ-IDS can obtain the security properties of unforgeability, non-repudiation, and non-transferability. The efficiency comparisons and performance evaluations show that the proposed PQ-IDS has good efficiency and practice in IoT network applications.

Identity-based chameleon hash from lattices

Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Multidimensional Epidemiological Survey Data Aggregation Scheme Based on Personalized Local Differential Privacy

In recent years, with the rapid development of intelligent technology, information security and privacy issues have become increasingly prominent. Epidemiological survey data (ESD) research plays a vital role in understanding the laws and trends of disease transmission. However, epidemiological investigations (EI) involve a large amount of privacy-sensitive data which, once leaked, will cause serious harm to individuals and society. Collecting EI data is also a huge task. To solve these problems and meet personalized privacy protection requirements in EIs, we improve the uOUE protocol based on utility-optimized local differential privacy to improve the efficiency and accuracy of data coding. At the same time, aiming at the collection and processing of ESD, a multidimensional epidemiological survey data aggregation scheme based on uOUE is designed. By using Paillier homomorphic encryption and an identity-based signature scheme to further prevent differential attacks and achieve multidimensional data aggregation, the safe, efficient, and accurate aggregation processing of ESD is executed. Through security proof and performance comparison, it is verified that our algorithm meets the requirements of local differential privacy and unbiased estimation. The experimental evaluation results on two data sets show that the algorithm has good practicability and accuracy in ESD collection and provides reliable and effective privacy protection.

Efficient Blockchain-Assisted Distributed Identity-Based Signature Scheme for Integrating Consumer Electronics in Metaverse

Efficient Blockchain-Assisted Distributed Identity-Based Signature Scheme for Integrating Consumer Electronics in Metaverse

Comment on “An efficient identity-based signature scheme with provable security”

Comment on “An efficient identity-based signature scheme with provable security”

System-widely and fine-grained forward secure identity-based signature scheme

System-widely and fine-grained forward secure identity-based signature scheme

Lightweight and Verifiable Secure Aggregation for Multi-dimensional Data in Edge-enhanced IoT

Lightweight and Verifiable Secure Aggregation for Multi-dimensional Data in Edge-enhanced IoT

An efficient identity-based signature protocol over lattices for the smart grid

An efficient identity-based signature protocol over lattices for the smart grid

IdenMultiSig: Identity-Based Decentralized Multi-Signature in Internet of Things

Most devices in the Internet of Things (IoT) work on unsafe networks and are constrained by limited computing, power, and storage resources. Since the existing centralized signature schemes cannot address the challenges to security and efficiency in IoT identification, this article proposes IdenMultiSig, a decentralized multi-signature protocol that combines identity-based signature (IBS) with Schnorr scheme under discrete logarithms on elliptic curves. First, to solve the problem of offline or faulty devices under unstable networks, we introduce a novel improvement of the existing Schnorr scheme by introducing a threshold Merkle tree for the verification with only <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$m$</tex-math> </inline-formula> valid signatures among <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$n$</tex-math> </inline-formula> participants ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$m$</tex-math> </inline-formula> – <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$n$</tex-math> </inline-formula> tree), while hiding the real identity to protect the data security and privacy of IoT nodes. Furthermore, to prevent dishonest or malicious behavior of the private key generator (PKG), a consortium blockchain is innovatively applied to replace the traditional PKG as a decentralized and trusted private key issuer. Finally, the proposed scheme is proven to be unforgeable against forgery signature attacks in the random oracle model (ROM) under the elliptic curve discrete logarithm (ECDL) assumption. Theoretical analysis and experimental results show that our scheme matches or outperforms existing research studies in privacy protection, offline device support, decentralized PKG, and provable security.

BTAA: Blockchain and TEE-Assisted Authentication for IoT Systems

In recent years, Internet of Things (IoT) technology has gained a lot of attention. With the development of IoT technology, it comes the need for devices with different trust domains to interact and collaborate. In order to protect the security and reliability of the communication between devices in different trust domains, it raises the concerns about the the technology of cross-domain authentication. Traditional cross-domain authentication methods may lead to heavy key management overhead or depend on trusted third parties, while existing blockchain-based cross-domain authentication schemes do not prevent the possibility of mischief by malicious domain managers. In this paper, we design an efficient Blockchain and TEE assisted secure device authentication scheme for cross-domain IoT system, called BTAA. Our solution solves the problem that managers are not fully trusted, which in turns protect the security and reliability in the blockchain-based cross-domain communication. Specifically, blockchain is introduced to build trust between different domains, the identity-based signatures are used to verify the identity information of devices and the TEE is introduced to prevent the possibility of mischief by domain managers. Finally, our experiments show that the introduction of TEE has greatly improved system security with a low efficiency reduction, which proves that our scheme can achieve highly secure distributed IoT authentication..