• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3316-3332
• /
• 2019

In a transitive signature scheme, a signer wants to authenticate edges in a dynamically growing and transitively closed graph. Using transitive signature schemes it is possible to authenticate an edge (i, k), if the signer has already authenticated two edges (i, j) and (j, k). That is, it is possible to make a signature on (i, k) using two signatures on (i, j) and (j, k). We propose the first transitive signature schemes for undirected graphs from lattices. Our first scheme is provably secure in the random oracle model and our second scheme is provably secure in the standard model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.65-72
• /
• 2005

Quite recently, Zhou, Lu and Cao proposed a proxy-protected signature scheme based on the RSA assumption and two proxy-protectcd schemes based on the hardness of integer factorization. Dey also provided a security proof for each signature scheme in the random oracle model. In this paper, we show that their schemes do not satisfy a security requirement necessary for proxy signature schemes. This results in generating proxy signature without fay Permission from an original signer.

• ETRI Journal
• /
• v.45 no.6
• /
• pp.1090-1102
• /
• 2023

Authenticated multiple key agreement (AMKA) protocols provide participants with multiple session keys after one round of authentication. Many schemes use Diffie-Hellman or authenticated key agreement schemes that rely on hard integer factorizations that are vulnerable to quantum algorithms. Lattice cryptography provides quantum resistance to authenticated key agreement protocols, but the certificate always incurs excessive public key infrastructure management overhead. Thus, a lightweight lattice-based secure system is needed that removes this overhead. To answer this need, we provide a two-party lattice- and identity-based AMKA scheme based on bilateral short integer or computational bilateral inhomogeneous small integer solutions, and we provide a security proof based on the random oracle model. Compared with existing AMKA protocols, our new protocol has higher efficiency and stronger security.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.59-71
• /
• 2012

PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.64-77
• /
• 2009

A proxy re-encryption scheme allows Alice to temporarily delegate the decryption rights to Bob via a proxy. Alice gives the proxy a re-encryption key so that the proxy can convert a ciphertext for Alice into the ciphertext for Bob. Recently, ID-based proxy re-encryption schemes are receiving considerable attention for a variety of applications such as distributed storage, DRM, and email-forwarding system. And a non-interactive identity-based proxy re-encryption scheme was proposed for achieving CCA-security by Green and Ateniese. In the paper, we show that the identity-based proxy re-encryption scheme is unfortunately vulnerable to a collusion attack. The collusion of a proxy and a malicious user enables two parties to derive other honest users' private keys and thereby decrypt ciphertexts intended for only the honest user. To solve this problem, we propose two ID-based proxy re-encryption scheme schemes, which are proved secure under CPA and CCA in the random oracle model. For achieving CCA-security, we present self-authentication tag based on short signature. Important features of proposed scheme is that ciphertext structure is preserved after the ciphertext is re-encrypted. Therefore it does not lead to ciphertext expansion. And there is no limitation on the number of re-encryption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.113-124
• /
• 2002

Proposals for a password-based authenticated key exchange protocol that have been published so far almost concentrated on the provable security. But in a real environment such as mobile one, efficiency is a critical issue as security. In this paper we discuss the efficiency of PAK which is secure in the random oracle model ［l］. Among 4 hash functions in PAK the instantiation for $H_1$, which outputs a verifier of the password, has most important effect on the computational efficiency. We analyze two different methods for $H_1$ suggested in ［1］ and we show that $H_{lq}$ has merits in transforming to EC or XTR variants as well as in the efficiency. As an efficient variant. we propose PAK2-EC and PAK2-XTR which do not require any additional step converting a hash output into a point of elliptic curve or XTR subgroup when compared to the previous work on the PAK［2］. Finally we compare PAK2 with the password-based authenticated key exchange protocols such as SPEKE, SRP, and AMP.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.6
• /
• pp.312-332
• /
• 2008

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1313-1327
• /
• 2013

How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2769-2792
• /
• 2013

In this paper, we propose an authenticated key agreement scheme, TinyIBAK, based on the identity-based cryptography and bilinear paring, for large scale sensor networks. We prove the security of our proposal in the random oracle model. According to the formal security validation using AVISPA, the proposed scheme is strongly secure against the passive and active attacks, such as replay, man-in-the middle and node compromise attacks, etc. We implemented our proposal for TinyOS-2.1, analyzed the memory occupation, and evaluated the time and energy performance on the MICAz motes using the Avrora toolkits. Moreover, we deployed our proposal within the TOSSIM simulation framework, and investigated the effect of node density on the performance of our scheme. Experimental results indicate that our proposal consumes an acceptable amount of resources, and is feasible for infrequent key distribution and rekeying in large scale sensor networks. Compared with other ID-based key agreement approaches, TinyIBAK is much more efficient or comparable in performance but provides rekeying. Compared with the traditional key pre-distribution schemes, TinyIBAK achieves significant improvements in terms of security strength, key connectivity, scalability, communication and storage overhead, and enables efficient secure rekeying.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.764-785
• /
• 2018

In this paper, we present a new public key encryption scheme with equality test (PKEwET). Compared to other PKEwET schemes, we find that its security can be improved since the proposed scheme is based on non-Abelian factorization problems. To our knowledge, it is the first scheme regarding equality test that can resist quantum algorithm attacks. We show that our scheme is one-way against chosen-ciphertext attacks in the case that the computational Diffie-Hellman problem is hard for a Type-I adversary. It is indistinguishable against chosen-ciphertext attacks in the case that the Decisional Diffie-Hellman problem is hard in the random oracle model for a Type-II adversary. To conclude the paper, we demonstrate that our scheme is more efficient.