• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.461-475
• /
• 2014

Homomorphic MAC is a cryptographic primitive which protects authenticity of data, while allowing homomorphic evaluation of such protected data. In this paper, we present a new homomorphic MAC, which is based on integers, relying only on the existence of secure PRFs, and having efficiency comparable to the practical Catalano-Fiore homomorphic MAC. Our scheme is unforgeable even when MAC verification queries are allowed to the adversary, and we achieve this by showing strong unforgeability of our scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3338-3351
• /
• 2012

There is an intuitive connection between signcryption and key agreement. Such a connector may lead to a novel way to construct authenticated and efficient group key agreement protocols. In this paper, we present a primary approach for constructing an authenticated group key agreement protocol from signcryption. This approach introduces desired properties to group key agreement. What this means is that the signcryption gives assurance to a sender that the key is available only to the recipient, and assurance to the recipient that the key indeed comes from the sender. Following the generic construction, we instantiate a distributed two-round group key agreement protocol based on signcryption scheme given by Dent [8]. We also show that this concrete protocol is secure in the outsider unforgeability notion and the outsider confidentiality notion assuming hardness of the Gap Diffie-Hellman problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.113-119
• /
• 2003

In WISA 2002, Ham et al. proposed a one-way mobile payment system. They claimed that the electronic cash of the system satisfies unforgeability and double spending prevention. In this paper, we point out that their system is not secure as they claimed by showing that the forgery of payment scripts is possible.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.11
• /
• pp.2921-2929
• /
• 1998

We propose an efficient off-line electronic cash system based on the certificate issued by Certificate Authority. It satisfies all the basic requirements for electronic payment system such as cash unforgeability, cash anonymity, double spending detection, no framing, etc. Our proposed system is very computationally efficient in the sense that: (1) the number of exponentiation operation imposed on the user during withdrawal phase is much smaller than any existing off-line electronic cash schemes, (2) all the computation of user's during withdrawal phase can be performed by off-line pre-processing. So the proposed system is suitable to be implemented by smart cards in both memory and computation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1246-1259
• /
• 2015

Certificate-based signature (CBS) combines the advantages of both public key-based signature and identity-based signature, while saving from the disadvantages of drawbacks in both PKS and IBS. The insecure deployment of CBS under the hostile circumstances usually causes the exposure of signing key to be inescapable. To resist the threat of key leakage, we present a pairing-free key insulated CBS scheme by incorporating the idea of key insulated mechanism and CBS. Our scheme eliminates the costly pairing operations and as a matter of fact outperforms the existing key insulated CBS schemes. It is more suitable for low-power devices. Furthermore, the unforgeability of our scheme has been formally proven to rest on the discrete logarithm assumption in the random oracle model.

• Journal of applied mathematics & informatics
• /
• v.31 no.3_4
• /
• pp.425-441
• /
• 2013

In literature, several strong designated verifier signature (SDVS) schemes have been devised using elliptic curve bilinear pairing and map-topoint (MTP) hash function. The bilinear pairing requires a super-singular elliptic curve group having large number of elements and the relative computation cost of it is approximately two to three times higher than that of elliptic curve point multiplication, which indicates that bilinear pairing is an expensive operation. Moreover, the MTP function, which maps a user identity into an elliptic curve point, is more expensive than an elliptic curve scalar point multiplication. Hence, the SDVS schemes from bilinear pairing and MTP hash function are not efficient in real environments. Thus, a cost-efficient SDVS scheme using elliptic curve cryptography with pairingfree operation is proposed in this paper that instead of MTP hash function uses a general cryptographic hash function. The security analysis shows that our scheme is secure in the random oracle model with the hardness assumption of CDH problem. In addition, the formal security validation of the proposed scheme is done using AVISPA tool (Automated Validation of Internet Security Protocols and Applications) that demonstrated that our scheme is unforgeable against passive and active attacks. Our scheme also satisfies the different properties of an SDVS scheme including strongness, source hiding, non-transferability and unforgeability. The comparison of our scheme with others are given, which shows that it outperforms in terms of security, computation cost and bandwidth requirement.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1C
• /
• pp.166-174
• /
• 2004

Proxy signature is the signature that an original signer delegates his signing capability to a proxy signer and the proxy signer creates a signature on behalf of the original signer. The basic methodology of proxy signature is that the original signer creates a signature on delegation information and gives it secretly to the proxy signer, and the proxy signer uses it as a proxy private key or uses it to generate a proxy private key. In this paper, we suggest the proxy-register protocol that the original signer register to the verifier about the proxy related information, and verifier sets the warrant of proxy signer, validity period for proxy signature and some limitation.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.6
• /
• pp.288-295
• /
• 2005

Multi-signcryption scheme is an extension of signcryption scheme for multi-signers performing together the signcryption operation on messages, and it provides useful cryptographic functions such as confidentiality and authenticity for the sound circulation of messages through the Internet. In this paper, we show the weaknesses of the previous multi-signcryption schemes. And then we propose a new multi-signcryption scheme that improves the weaknesses and the efficiency of the previous schemes. Our scheme efficiently provides message flexibility, order flexibility, message verifiability, order verifiability, message confidentiality, message unforgeability, non-repudiation and robustness. Therefore, it is suitable for protecting messages and multi-signers from malicious attacks in the Internet.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.10
• /
• pp.5219-5243
• /
• 2019

In electronic ticketing system, the malicious behavior of scalpers damages the customer's interest and disturbs the normal order of market. In order to solve the problem of scalpers, we took two steps. Firstly, we established the electronic ticketing system based on the consortium blockchain (CB-ETS). By establishing CB-ETS, we can make the ticketing market develop better in a controlled environment and be managed by the members in the consortium blockchain. Secondly, we put forward a kind of taxation mechanism for suppressing scalpers based on CB-ETS. Together with the regulatory mechanism, our scheme can effectively reduce the scalpers' profits and further inhibit scalpers. Through the above two steps, the scheme can effectively resist the malicious behavior of scalpers. Among them, in the process of transferring tickets, we optimized the transfer mechanism to achieve a win-win situation. Finally, we analyzed the security and efficiency of our scheme. Our scheme realizes the anonymity through the mixed currency protocol based on ring signature and guarantees the unforgeability of tickets by multi-signature in the process of modifying the invalidity of tickets. It also could resist to Dos attacks and Double-Spending attacks. The efficiency analysis shows that our scheme is significantly superior to relevant works.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4527-4547
• /
• 2018

Signcryption is a cryptographic primitive that provides authentication (signing) and confidentiality (encrypting) simultaneously at a lower computational cost and communication overhead. With the proposition of certificateless public key cryptography (CLPKC), certificateless signcryption (CLSC) scheme has gradually become a research hotspot and attracted extensive attentions. However, many of previous CLSC schemes are constructed based on time-consuming pairing operation, which is impractical for mobile devices with limited computation ability and battery capacity. Although researchers have proposed pairing-free CLSC schemes to solve the issue of efficiency, many of them are in fact still insecure. Therefore, the challenging problem is to keep the balance between efficiency and security in CLSC schemes. In this paper, several existing CLSC schemes are cryptanalyzed and a new CLSC scheme without pairing based on elliptic curve cryptosystem (ECC) is presented. The proposed CLSC scheme is provably secure against indistinguishability under adaptive chosen-ciphertext attack (IND-CCA2) and existential unforgeability under adaptive chosen-message attack (EUF-CMA) resting on Gap Diffie-Hellman (GDH) assumption and discrete logarithm problem in the random oracle model. Furthermore, the proposed scheme resists the ephemeral secret leakage (ESL) attack, public key replacement (PKR) attack, malicious but passive KGC (MPK) attack, and presents efficient computational overhead compared with the existing related CLSC schemes.