• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4527-4547
• /
• 2018

Signcryption is a cryptographic primitive that provides authentication (signing) and confidentiality (encrypting) simultaneously at a lower computational cost and communication overhead. With the proposition of certificateless public key cryptography (CLPKC), certificateless signcryption (CLSC) scheme has gradually become a research hotspot and attracted extensive attentions. However, many of previous CLSC schemes are constructed based on time-consuming pairing operation, which is impractical for mobile devices with limited computation ability and battery capacity. Although researchers have proposed pairing-free CLSC schemes to solve the issue of efficiency, many of them are in fact still insecure. Therefore, the challenging problem is to keep the balance between efficiency and security in CLSC schemes. In this paper, several existing CLSC schemes are cryptanalyzed and a new CLSC scheme without pairing based on elliptic curve cryptosystem (ECC) is presented. The proposed CLSC scheme is provably secure against indistinguishability under adaptive chosen-ciphertext attack (IND-CCA2) and existential unforgeability under adaptive chosen-message attack (EUF-CMA) resting on Gap Diffie-Hellman (GDH) assumption and discrete logarithm problem in the random oracle model. Furthermore, the proposed scheme resists the ephemeral secret leakage (ESL) attack, public key replacement (PKR) attack, malicious but passive KGC (MPK) attack, and presents efficient computational overhead compared with the existing related CLSC schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.165-176
• /
• 2004

Al-Riyami and Paterson$^{[1]}$ suggested the new public key paradigm which is called the certificateless public key system. This system takes the advantages of both traditional PKC and ID-based PKC. It does not require the use of certificates of the public key and does not have the key escrow problem caused from the ID-based cryptosystem. In this paper, we propose an efficient certificateless public key encryption scheme which satisfies mutual authentication. The security of our protocol is based on the hardness of two problems; the computational Diffie-Hellman problem(CDHP) and the bilinear Diffie-Hellman problem(BDHP). We also give a formal security model for both confidentiality and unforgeability, and then show that our scheme is probably secure in the random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.3
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.46-55
• /
• 2009

We study the problem of searching documents containing each of several keywords (conjunctive keyword search) over encrypted documents. A conjunctive keyword search protocol consists of three entities: a data supplier, a storage system such as database, and a user of storage system. A data supplier uploads encrypted documents on a storage system, and then a user of the storage system searches documents containing each of several keywords. Recently, many schemes on conjunctive keyword search have been suggested in various settings. However, the schemes require high computation cost for the data supplier or user storage. Moreover, up to now, their securities have been proved in the random oracle model. In this paper, we propose efficient conjunctive keyword search schemes over encrypted documents, for which security is proved without using random oracles. The storage of a user and the computational and communication costs of a data supplier in the proposed schemes are constant. The security of the scheme relies only on the hardness of the Decisional Bilinear Diffie-Hellman (DBDH) problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.17-30
• /
• 2008

In the paper, we consider password-based authenticated key exchange with different passwords, where the users do not share a password between themselves, but only with the server. The users make a session key using their different passwords with the help of the server. We propose an efficient password-based authenticated key exchange protocol with different passwords which achieves forward secrecy without random oracles. In fact this amount of computation and the number of rounds are comparable to the most efficient password-based authenticated key exchange protocol in the random oracle model. The protocol requires a client only to memorize a human-memorable password, and all other information necessary to run the protocol is made public.

• Journal of Communications and Networks
• /
• v.15 no.3
• /
• pp.252-257
• /
• 2013

To alleviate the damage caused by key exposures, Dodis et al. introduced the notion of key-insulated security where secret keys are periodically updated by using a physically insulated helper key. To decrease the risk of helper key exposures, Hanaoka et al. advocated parallel key-insulated mechanism where distinct helpers are independently used in key updates. In this paper, we propose the first parallel key-insulated signature scheme which is provably secure without resorting to the random oracle methodology. Our scheme not only allows frequent key updating, but also does not increase the risk of helper key exposures.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.563-565
• /
• 2008

In this paper, we construct an efficient fuzzy identity-based encryption scheme in the random oracle model. The fuzzy identity-based encryption is an extension of identity-based encryption schemes where a user's public key is represented as his identity. Our construction requires constant number of bilinear map operations for decryption and the size of private key is small compared with the previous fuzzy identity-based encryption of Sahai-Waters. We also presents that our fuzzy identity-based encryption can be converted to attribute-based encryption schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2928-2940
• /
• 2013

Key exposure is a major threat to secure cryptosystems. To mitigate the impact caused by key-compromise attacks, a key-insulated cryptographic mechanism is a better alternative. For securing the large message communication in peer-to-peer networks, in this paper, we propose the first novel identity-based key-insulated encryption (IB-KIE) scheme with message linkages. Our scheme has the properties of unbounded time periods and random-access key-updates. In the proposed scheme, each client can periodically update his private key while the corresponding public one remains unchanged. The essential security assumption of our proposed scheme is based on the well-known bilinear Diffie-Hellman problem (BDHP). To ensure the practical feasibility, we also formally prove that the proposed scheme achieves the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) in the random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2254-2275
• /
• 2017

In this paper, we present an IND-CCA2 secure certificateless proxy re-encryption scheme in the random oracle model. A certificateless public key cryptography simplifies the certificate management in a traditional public key infrastructure and the built-in key escrow feature in an identity-based public key cryptography. Our scheme shares the merits of certificateless public key encryption cryptosystems and proxy re-encryption cryptosystems. Our certificateless proxy re-encryption scheme has several practical and useful properties - namely, multi-use, unidirectionality, non-interactivity, non-transitivity and so on. The security of our scheme bases on the standard bilinear Diffie-Hellman and the decisional Bilinear Diffie-Hellman assumptions.

• Journal of Communications and Networks
• /
• v.16 no.3
• /
• pp.258-263
• /
• 2014

A hierarchical identity-based broadcast encryption (H-IBBE) scheme is an identity-based broadcast encryption (IBBE) scheme in a hierarchical environment. In order to obtain secure H-IBBE schemes in the quantum era, we propose an H-IBBE scheme based on the learning with errors problemassumption.Our scheme achieves indistinguishability from random under adaptive chosen-plaintext and chosen-identity attacks in the random oracle model.