Browse > Article
http://dx.doi.org/10.3837/tiis.2019.03.022

A Forward-Secure Certificate-Based Signature Scheme with Enhanced Security in the Standard Model  

Lu, Yang (School of Computer Science and Technology, Nanjing Normal University)
Li, Jiguo (College of Mathematics and Informatics, Fujian Normal University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.3, 2019 , pp. 1502-1522 More about this Journal
Abstract
Leakage of secret keys may be the most devastating problem in public key cryptosystems because it means that all security guarantees are missing. The forward security mechanism allows users to update secret keys frequently without updating public keys. Meanwhile, it ensures that an attacker is unable to derive a user's secret keys for any past time, even if it compromises the user's current secret key. Therefore, it offers an effective cryptographic approach to address the private key leakage problem. As an extension of the forward security mechanism in certificate-based public key cryptography, forward-secure certificate-based signature (FS-CBS) has many appealing merits, such as no key escrow, no secure channel and implicit authentication. Until now, there is only one FS-CBS scheme that does not employ the random oracles. Unfortunately, our cryptanalysis indicates that the scheme is subject to the security vulnerability due to the existential forgery attack from the malicious CA. Our attack demonstrates that a CA can destroy its existential unforgeability by implanting trapdoors in system parameters without knowing the target user's secret key. Therefore, it is fair to say that to design a FS-CBS scheme secure against malicious CAs without lying random oracles is still an unsolved issue. To address this problem, we put forward an enhanced FS-CBS scheme without random oracles. Our FS-CBS scheme not only fixes the security weakness in the original scheme, but also significantly optimizes the scheme efficiency. In the standard model, we formally prove its security under the complexity assumption of the square computational Diffie-Hellman problem. In addition, the comparison with the original FS-CBS scheme shows that our scheme offers stronger security guarantee and enjoys better performance.
Keywords
Forward-secure certificate-based signature; existential forgery attack; malicious CA; standard model; existential unforgeability;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 F. Zhang, R. Safavi-Naini and W. Susilo, "An efficient signature scheme from bilinear parings and its applications," in Proc. of PKC 2004, pp. 277-290, March 1-4, 2004.
2 B. Lynn, "PBC library: The pairing-based cryptography library," http://crypto.stanford.edu/pbc/.
3 D. Yao, N. Fazio, Y. Dodis, A. Lysyanskaya, "ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption," in Proc. of ACM CCS 2004, pp. 354-363, October 25 - 29, 2004.
4 Y. Lu and J. Li, "A practical forward-secure public-key encryption scheme," Journal of Networks, vol. 6, no. 9, pp. 1254-1261, June, 2011.
5 J. Yu, F. Kong, X. Cheng, R. Hao and J. Fan, "Forward-secure identity-based public-key encryption without random oracles," Fundamenta Informaticae, vol. 111, no. 2, pp. 241-256, February, 2011.   DOI
6 J. Yu, H. Xia, H. Zhao, R. Hao, Z. Fu and X. Cheng, "Forward-secure identity-based signature scheme in untrusted update environments," Wireless Personal Communications, vol. 86, no. 3, pp. 1467-1491, February, 2016.   DOI
7 Y. Lu and J. Li, "A pairing-free certificate-based proxy re-encryption scheme for secure data sharing in public clouds," Future Generation Computer Systems, vol. 62, pp. 140-147, September, 2016.   DOI
8 M. Abdalla and L. Reyzin, "A new forward-secure digital signature scheme," in Proc. of Asiacrypt 2000, pp. 116-129, December 3-7, 2000.
9 G. Itkis and L. Reyzin, "Forward-secure signatures with optimal signing and verifying," in Proc. of Crypto 2001, pp. 499-514, August 19-23, 2001.
10 T. Malkin, D. Micciancio, S. K. Miner, "Efficient generic forward-secure signatures with an unbounded number of time periods," in Proc. of Eurocrypt 2002, pp. 400-417, April 28 - May 2, 2002.
11 D. Galindo, P. Morillo and C. Rafols, "Improved certificate-based encryption in the standard model," Journal of Systems and Software, vol. 81, no. 7, pp. 1218-1226, July, 2008.   DOI
12 J. K. Liu and J. Zhou, "Efficient certificate-based encryption in the standard model," in Proc. of SCN 2008, pp. 144-155, September 10-12, 2008.
13 Y. Lu and J. Li, "Efficient construction of certificate-based encryption secure against public key replacement attacks in the standard model," Journal of Information Science and Engineering, vol. 30, no. 5, pp. 1553-1568, September, 2014.
14 Q. Yu, J. Li and Y. Zhang, "Leakage-resilient certificate-based encryption," Security and Communication Networks, vol. 8, no, 18, pp. 3346-3355, May, 2015.   DOI
15 Y. Lu and Q. Zhang, "Enhanced certificate-based encryption scheme without bilinear pairings," KSII Transactions on Internet and Information Systems, vol. 10, no. 2, pp. 881-896, February, 2016.   DOI
16 C. Gentry, "Certificate-based encryption and the certificate revocation problem," in Proc. of Eurocrypt 2003, pp. 272-293, May 4-8, 2003.
17 Y. Lu and J. Li, "New forward-secure public-key encryption without random oracles," International Journal of Computer Mathematics, vol. 90, no. 12, pp. 2603-2613, December, 2013.   DOI
18 Y. Lu and J. Li, "Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model," Advances in Mathematics of Communications, 2017, vol. 11, vol. 1, pp. 161-177, March, 2017.   DOI
19 A. Shamir, "Identity-based cryptosystems and signature schemes," in Proc. of Crypto 1984, pp. 47-53, August 19-22, 1984.
20 Y. Lu and J. Li, "An improved certificate-based signature scheme without random oracles," IET Information Security, vol. 10, no. 2, pp. 80-86, February, 2016.   DOI
21 Y. Lu, Jiguo Li and Jian Shen, "Weakness and improvement of a certificate-based key-insulated signature in the standard model," The Computer Journal, vol. 60, no. 12, pp. 1729-1744, December, 2017.   DOI
22 Y. Lu and J. Li, "Forward-secure certificate-based encryption and its generic construction," Journal of Networks, vol. 5, no. 5, pp. 527-534, May, 2010.
23 J. Li, Y. Zhang, H. Teng, "A forward-secure certificate-based signature scheme in the standard model," in Proc. of CSS 2012, pp. 362-376, December 12-13, 2012.
24 J. Li, H. Teng, X. Huang, Y. Zhang and J. Zhou, "A forward-secure certificate-based signature scheme," The Computer Journal, vol. 58, no. 4, pp. 853-866, April, 2015.   DOI
25 K. Singh and N. Trichy, "Lattice forward-secure identity based encryption scheme," Journal of Internet Services and Information Security, vol. 2, no. 3/4, pp. 118-128, April, 2012.   DOI
26 J.K. Liu, F. Bao and J. Zhou, "Short and efficient certificate-based signature," in Proc. of Networking 2011 Workshops, pp. 167-178, May 13, 2011.
27 B. G. Kang, J. H. Park and S. G. Hahn, "A certificate-based signature scheme," in Proc. of Topics in Cryptology - CT-RSA 2004, pp. 99-111, February 23-27, 2004.
28 M.H. Au, J.K. Liu, W. Susilo and T.H. Yuen, "Certificate based (linkable) ring signature," in Proc. of ISPEC 2007, pp. 79-92, May 7 - 10, 2007.
29 W. Wu, Y. Mu, W. Susilo, X. Huang, "Certificate-based signatures, revisited," Journal of Universal Computer Science, vol. 15, no. 8, pp. 1659-1684, April, 2009.
30 J. Li, X. Huang, Y. Zhang, L. Xu, "An Efficient short certificate-based signature scheme," Journal of Systems and Software, vol. 85, no. 2, pp. 314-322, February, 2012.   DOI
31 J. Li, Z. Wang and Y. Zhang, "Provably secure certificate-based signature scheme without pairings," Information Science, vol. 233, pp. 313-320, June, 2013.   DOI
32 W. Wu, Y. Mu, W. Susilo, X. Huang and L. Xu, "A provably secure construction of certificate-based encryption from certificateless encryption," The Computer Journal, vol. 55, no. 10, pp. 1157-1168, January, 2012.   DOI
33 J. Li, Y. Guo, Q. Yu, Y. Lu, Y. Zhang, F. Zhang, "Continuous leakage-resilient certificate-based encryption," Information Sciences, vol. 355-356, pp. 1-14, August, 2016.   DOI
34 Q. Yu, J. Li, Y. Zhang, W. Wu, X. Huang and Y. Xiang, "Certificate-based encryption resilient to key leakage," Journal of Systems and Software, vol. 116, pp. 101-112, June, 2016.   DOI
35 M. Bellare and S. K. Miner, "A forward-secure digital signature scheme," in Proc. of Crypto 1999, pp. 431-448, August 15-19, 1999.
36 R. Canetti, S. Halevi and J. Katz, "A forward-secure public-key encryption scheme," in Proc. of Eurocrypt 2003, pp. 255-271, May 4-8, 2003.
37 Y. Lu and J. Li, "A provably secure certificate-based encryption scheme secure against malicious CA attacks in the standard model," Information Sciences, vol. 372, pp. 745-757, December, 2016.   DOI
38 R. Anderson, "Two Remarks on public key cryptology," in Proc. of ACM CCS 1997, invited lecture, April 1-4, 1997.
39 B. Libert, J. Quisquater, M. Yung, "Forward-secure signatures in untrusted update environments," in Proc. of ACM CCS 2007, pp. 266-275, Oct 29 - Nov 2, 2007.
40 J. Yu, R. Hao, F. Kong, X. Cheng, J. Fan and Y. Chen, "Forward-secure identity-based signature: security notions and construction," Information Sciences, vol. 181, no. 3, pp. 648-660, February, 2011.   DOI
41 J. Wei, W. Liu and X. Hu, "Forward-secure identity-based signature with efficient revocation," International Journal of Computer Mathematics, vol. 94, no. 7, July, 2016.   DOI