Man Ho Au
Yi Mu
ABSTRACT
Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.
- S. S. Al-Riyami and K. G. Paterson. Certificateless public key cryptography. In Proc. ASIACRYPT 2003, pages 452--473. Springer-Verlag, 2003. LNCS 2894.Google Scholar
Cross Ref
- S. S. Al-Riyami and K. G. Paterson. CBE from CL-PKE: A generic construction and efficient schemes. In 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC 2005), pages 398--415. Springer, 2005. LNCS 3386. Google ScholarDigital Library
- J. Baek, R. Safavi-Naini, and W. Susilo. Certificateless public key encryption without pairing. In 8th Information Security Conference (ISC'05), pages 134--148. Springer, 2005. LNCS 3650. Google ScholarDigital Library
- M. Bellare, C. Namprempre, and G. Neven. Security proofs for identity-based identification and signature schemes. In Proc. EUROCRYPT 2004, pages 268--286. Springer-Verlag, 2004. LNCS 3027 (Full paper is available at Bellare's homepage URL: http://www-cse.ucsd.edu/users/mihir).Google ScholarCross Ref
- M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62--73, Fairfax, 1993. ACM. Google ScholarDigital Library
- K. Bentahar, P. Farshim, J. Malone-Lee, and N. P. Smart. Generic construction of identity-based and certificateless KEMs. Cryptology ePrint Archive, Report 2005/058, 2005. http://eprint.iacr.org/2005/058.Google Scholar
- D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In Proc. CRYPTO 2001, pages 213--229. Springer-Verlag, 2001. LNCS 2139. Google ScholarDigital Library
- D. Boneh and M. K. Franklin. Identity-based encryption from the Weil pairing. SIAM J. Computing, 32(3):586--615, 2003. Google ScholarDigital Library
- Z. H. Cheng and R. Comley. Efficient certificateless public key encryption. Cryptology ePrint Archive, Report 2005/012, 2005. http://eprint.iacr.org/2005/012.Google Scholar
- A. W. Dent. A survey of certificateless encryption schemes and security models. Cryptology ePrint Archive, Report 2006/211, 2006. http://eprint.iacr.org/2006/211.Google Scholar
- E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Proc. CRYPTO 99, pages 537--554. Springer-Verlag, 1999. LNCS 1666. Google ScholarDigital Library
- D. Galindo, P. Morillo, and C. Ràfols. Breaking Yum and Lee generic constructions of certificate-less and certificate-based encryption schemes. In 3rd European PKI Workshop: Theory and Practice (EuroPKI 2006), pages 81--91. Springer, 2006. LNCS 4043. Google ScholarDigital Library
- S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attack. SIAM J. Computing, 17(2):281--308, Apr. 1988. Google ScholarDigital Library
- B. C. Hu, D. S. Wong, Z. Zhang, and X. Deng. Key replacement attack against a generic construction of certificateless signature. In Information Security and Privacy: 11th Australasian Conference, ACISP 2006, pages 235--246. Springer-Verlag, 2006. LNCS 4058. Google ScholarDigital Library
- X. Huang, W. Susilo, Y. Mu, and F. Zhang. On the security of certificateless signature schemes from Asiacrypt 2003. In Cryptology and Network Security, 4th International Conference, CANS 2005, pages 13--25. Springer-Verlag, 2005. LNCS 3810. Google ScholarDigital Library
- X. Li, K. Chen, and L. Sun. Certificateless signature and proxy signature schemes from bilinear pairings. Lithuanian Mathematical Journal, 45(1):76--83, 2005.Google ScholarCross Ref
- B. Libert and J.-J. Quisquater. On constructing certificateless cryptosystems from identity based encryption. In 9th International Conference on Theory and Practice in Public Key Cryptography (PKC 2006), pages 474--490. Springer, 2006. LNCS 3958. Google ScholarDigital Library
- A. Shamir. Identity-based cryptosystems and signature schemes. In Proc. CRYPTO 84, pages 47--53. Springer, 1984. LNCS 196. Google ScholarDigital Library
- D. H. Yum and P. J. Lee. Generic construction of certificateless encryption. In ICCSA '04, pages 802--811. Springer, 2004. LNCS 3043.Google ScholarCross Ref
- D. H. Yum and P. J. Lee. Generic construction of certificateless signature. In Information Security and Privacy: 9th Australasian Conference, ACISP 2004, pages 200--211. Springer-Verlag, 2004. LNCS 3108.Google ScholarCross Ref
- D. H. Yum and P. J. Lee. Identity-based cryptography in public key management. In EuroPKI'04, pages 71--84. Springer, 2004. LNCS 3093.Google Scholar
- Z. Zhang, D. Wong, J. Xu, and D. Feng. Certificateless public-key signature: Security model and efficient construction. In 4th International Conference on Applied Cryptography and Network Security (ACNS 2006), pages 293--308. Springer, 2006. LNCS 3989. Google ScholarDigital Library
- Malicious KGC attacks in certificateless cryptography
Recommendations
Efficient certificateless encryption withstanding attacks from malicious KGC without using random oracles
As the key generation center KGC in a certificateless cryptosystem is no longer fully trusted, for practical applications, a secure certificateless encryption CLE scheme should withstand malicious KGC attacks. In this paper, we investigate practical CLE ...
Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model
Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic ...
A Provably Secure Proxy Signature Scheme in Certificateless Cryptography
A proxy signature scheme enables an original signer to delegate its signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, in order to eliminate the use of certificates in certified ...
Comments