An Efficient Key Escrow-Free Identity-Based Signature Scheme
Bubu Bhuyan2017
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
There are mainly two drawbacks of identity-based cryptosystem. First one is that it suffers from key escrow problem and the second one is that it uses a secure channel at the stage of private key issuance by the Private Key Generator (PKG). In this paper, we propose a key escrow-free identitybased signature scheme without using secure channel in the process of private key issuance stage. The bilinear pairing is used for the construction of the proposed scheme. The scheme is secure against adaptive chosen message attack and given ID attack under the assumption that the computation DiffieHellman problem is hard.
Related papers
A Key Escrow-Free Identity-Based Signature Scheme without using Secure Channel
Cryptologia, 2010
Over the years, several identity-based signature schemes using bilinear pairings have been proposed, but most of them suffer from key escrow problems and require a secure channel during the private key issuance stage. In this paper, we present an identity-based signature scheme variant using bilinear pairings. We use a binding-blinding technique to eliminate key escrow problems and to avoid using a secure channel in the key issuance stage. We then extend the proposed scheme to a multi-signature scheme. We show that both schemes are secure against chosen message attacks.
A provable secure key-escrow-free identity-based signature scheme without using secure channel at the phase of private key issuance
Sādhanā
The identity-based cryptosystems furnish us with simplest key management procedures. Yet, they have a very slow adoption in cryptography due to the key escrow problem and the necessity of a secure channel between the user and the Private Key Generator (PKG) to transmit the created private key to the user. In this paper, we propose an identity-based signature scheme that not only solves the key escrow problem but also eliminates the requirement of the secure channel. The proposed scheme is secure against existential forgery under adaptively chosen message and ID attacks in the random oracle model assuming the hardness of the Computational Diffie-Hellmann Problem (CDHP). Furthermore, we compare the efficiency of our scheme to that of a similar established scheme.
A Robust Identity-Based Signature Scheme that Avoids Key Escrow Problem
Proceedings of the 6th ETSI Annual Security Workshop, January 19 – 20, 2011, Sophia Antipolis, France. docbox.etsi.org, 2011
The notion of identity-based cryptography was put forth by Shamir to simplify the authentication of a public key by merely using an identity string as the public key. From the verifier’s or the encryptor’s point of view, only the identity of the other party is required. Hence, there is no necessity to ensure the validity of the public key. Due this nice property, a series of identity-based schemes have subsequently been proposed including identity-based signatures, identity-based encryption, and hierarchical identity-based cryptography. In these identity-based cryptosystems, there is a trusted party called the private key generator (PKG) who generates the secret key for each user identity. As the PKG generates and holds the secret key for all users, a complete trust must be placed on the PKG. However, this may not be a desirable approach in a real world scenario, where a malicious PKG can sell users’ keys, sign messages or decrypt ciphertexts on behalf of users without being confronted in a court of law. This is known as the key escrow problem. This problem seems to be inherent in identity-based cryptosystems. Some propositions have been made for employing multiple PKGs to solve this problem. The master secret key is jointly computed by a number of PKGs, such that no single PKG has the knowledge of it. However, this approach requires an extra infrastructure and communication cost between users and different PKGs. A user needs to run the key extraction protocol with different PKGs by proving his identity to them. Furthermore, maintaining multiple PKGs for a commercially used infrastructure is a daunting task. In this work, we introduce the concept of escrow-free identity-based signatures to reduce the trust in the PKG. In this model, each signer has his own public key and secret key. The PKG generates the identity-based secret key for the signer with respect to the user public key. Then the signer uses both secret keys to sign a message. Therefore, the signer is protected against a malicious PKG that may attempt to release a signature by itself on the behalf of the user. To verify the signature, it only requires the signer’s identity and the message. This is the main difference between the proposed protocol with existing certificate-based signatures (CBS), certificate-less signatures (CLS), self-certificated signatures (SCS). The verification protocols of these currently existing schemes require signer’s public key to be verified. The proposed protocol is therefore an identity-based signature (IBS) scheme and solves the key escrow problem. We also show that the proposed escrow-free IBS is more efficient than CBS, CLS and SCS since the user public key is not involved and is not sent to the verifier. """
Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps
Lecture Notes in Computer Science, 2005
In this paper, based on the scheme proposed by Barreto et al in ASIACRYPT 2005, an identity-based signcryption scheme in multiple Private Key Generator (PKG) environment is proposed, which mitigates the problems referred to users' private keys escrow and distribution in single PKG system. For security of the scheme, it is proved to satisfy the properties of message confidentiality and existential signature-unforgeability, assuming the intractability of the q-Strong Diffie-Hellman problem and the q-Bilinear Diffie-Hellman Inversion problem. For efficiency, compared with the state-of-the-art signcryption schemes of the same kind, our proposal needs less pairing computations and is shown to be the most efficient identity-based signcryption scheme for multiple PKGs up to date.
New and Efficient ID-based Signature Scheme with Message Recovery using Bilinear Pairings over Elliptic Curves
2018
Digital signature is one of the most important cryptographic primitive and has many practical applications in the real world. In many signature schemes, messages are to be transmitted together with signature and thus these schemes requires a large communicational cost for which they may be cannot efficiently used in some resource constrained devices such as WSNs, Mobile phones etc., where the less computation and low band width for communication are of great concern. In this paper, we design and analyze a new signature scheme with message recovery in the Identity based setting using bilinear pairings over elliptic curves. We discuss the proof of correctness and the security of the proposed scheme. Finally, we compare our scheme with the related schemes in terms of computational and communicational point of view.
A Signature Scheme based on Asymmetric Bilinear Pairing Functions
We construct a Certificateless Public Key Signature scheme -CL-PKS, i.e., a cryptographic signature scheme which does not require any Digital Certificate to verify a signature generated by a private key, based on asymmetric bilinear pairing functions. Our scheme does not allow the so-called key escrow. We analyze both its efficiency and security: it is more efficient than previously published CL-PKS schemes, with shorter signatures and public keys; we prove it is strong against adaptively chosen message attacks, based on the computational difficulty of the q-Strong Diffie-Hellman Problem and the Bilinear Pairing Inversion Problem.
A New Identity-based Proxy Signature Scheme from Bilinear Pairings
2006 2nd International Conference on Information & Communication Technologies, 2006
Proxy signature schemes allow a proxy signer to generate a proxy signature on behalf of an original signer. In this paper we propose an Identity-based proxy signature scheme from bilinear pairings. In comparison with the Xu et al's scheme, our scheme is more efficient in computation and requires fewer pairing operations especially in verification phase.
Identity-based Signcryption Groupkey Agreement Protocol Using Bilinear Pairing
Informatica (Slovenia), 2017
This paper proposes a key agreement protocol with the usage of pairing and Malon-Lee approach in key agreement phase, where users will contribute their key contribution share to other users to compute the common key from all the users key contributions and to use it in encryption and decryption phases. Initially the key agreement is proposed for two users, later it is extended to three users, and finally a generalized key agreement method, which employs the alternate of the signature method and authentication with proven security mechanism, is presented. Finally, the proposed protocol is compared with the against existing protocols with efficiency and security perspective.
The exact security of an identity based signature and its applications
2004
This paper first positively answers the previously open question of whether it was possible to obtain an optimal security reduction for an identity based signature (IBS) under a reasonable computational assumption. We revisit the Sakai-Ogishi-Kasahara IBS that was recently proven secure by Bellare, Namprempre and Neven through a general framework applying to a large family of schemes. We show that their modified SOK-IBS scheme can be viewed as a one-level instantiation of Gentry and Silverberg's alternative hierarchical IBS the exact security of which was never considered before. We also show that this signature is as secure as the one-more Diffie-Hellman problem. As an application, we propose a modification of Boyen's "Swiss Army Knife" identity based signature encryption (IBSE) that presents better security reductions and satisfies the same strong security requirements with a similar efficiency.
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme Using Elliptic Curve Cryptography
Certificate less public key cryptography is a design that is secure against key escrow issue and remove loopholes of ID based cryptography. Lots of work has been done on CL –DS yet they depend on bilinear pairing that required more time to perform pairing operations. Bilinear pairing is executed with super-singular EC group which is tedious. In this paper we propose a pairing free ID based Certificate Less Digital Signature (CL-DS) scheme utilizing elliptic curve cryptography, which maintain a strategic distance from tedious operations required in bilinear matching. We improve the security of the previously proposed scheme with less computation time with time stamp.
Related papers
Efficient Identity-based Signature Scheme with Partial Message Recovery
Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007), 2007
Digital signature is one of the important primitive of public-key cryptography and has become an essential technique in providing security services in modern communications. Due to the limitations imposed by both the communication bandwidth and computational power of wireless communication devices, signature schemes with less bandwidth and less computational cost are desirable for practical applications. Signature schemes with message recovery provide a feature that the message is recoverable from the signature and hence does not need to be transmitted separately for signature verification. Recently many signature schemes with message recovery have been designed in traditional as well as Identity based settings and most of the schemes are constructed using bilinear pairings over elliptic curves. Nevertheless, the computational cost of a pairing is more expensive and is higher than the scalar multiplication. Thus, signature schemes without pairing would be more appealing in terms of efficiency. In this paper, we propose an efficient identity-based message recovery scheme without pairings. In our scheme the message itself is not required to be transmitted together with the signature and so it turns out to have the least data size of communication cost. Also, we compare our scheme with the existing ID-based signature schemes with message recovery in terms of computational and communicational point of view. With the pairing-free realization, the proposed scheme is efficient and applicable for resource constrained devices.
An Escrow-Free Two-party Identity-based Key Agreement Protocol without Using Pairings for Distinct PKGs
Key escrow is a default property that is inherent in identity-based cryptography, where a curious private key generator (PKG) can derive a secret value shared by communicating entities in its domain. Therefore, a dishonest PKG can encrypt and decrypt ciphers or can carry out any attack on the communicating parties. Of course, the escrow property is not completely unwanted but is acceptable in other particular applications. On the other hand, in more civil applications, this key escrow property is undesirable and needs to be removed to provide maximum communication privacy. Therefore, this paper presents an escrow-free identity-based key agreement protocol that is also applicable even in a distinct PKG condition that does not use pairings. The proposed protocol has comparable computational and communicational performance to many other protocols with similar security attributes, of which their security is based on costly bilinear pairings. The protocol's notion was inspired by McCullagh et al. and Chen-Kudla, in regard to escrow-free and multi-PKG key agreement ideas. In particular, the scheme captures perfect forward secrecy and key compromise impersonation resilience, which were lacking in McCullagh et al.'s study, as well as all other desirable security attributes, such as known key secrecy, unknown key-share resilience and no-key control. The merit in the proposed protocol is the achievement of all required security requirements with a relatively lower computational overhead than many other protocols because it precludes pairings.
AC ertificateless Signature Scheme based on Bilinear Pairing Functions
2007
We construct a Certificateless Public Key Signature scheme -CL-PKS, i.e., a cryptographic signature scheme which does not require any Digital Certificate to verify a signature generated by a private key, based on asymmetric bilinear pairing functions. Our scheme does not allow the so-called key escrow. We analyze both its efficiency and security: it is more efficient than previously published CL-PKS schemes, with shorter signatures and public keys; we prove it is strong against adaptively chosen message attacks, based on the computational difficulty of the Diffie-Hellman Problems.
Signcryption scheme for Identity-based Cryptosystems
IACR Cryptol. ePrint Arch., 2003
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-thenencryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme [10] by comparing the computations in both the schemes.
Certificateless Public-Key Signature: Security Model and Efficient Construction
2006
“Certificateless public-key cryptosystem” is a new and attractive paradigm, which avoids the inherent key escrow property in identity-based public-key cryptosystems, and does not need expensive certificates as in the public key infrastructure. A strong security model for certificateless public key encryption was established by Al-Riyami and Paterson in 2003. In this paper, we first present a security model for certificateless public-key signature schemes, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie-Hellman problem in the random oracle model with a tight reduction.
Secure and efficient identity-based proxy signature scheme with message recovery
2020
Digital signature with proxy delegation, which is a secure ownership enforcement tool, allows an original signer to delegate signature rights to a third party called proxy, so that the proxy can sign messages on behalf of the original signer. In today’s modern society, many applications use this mechanism. Several types of delegations are quite prevalent and the delegation of signing authority is one of them. In a traditional digital signature scheme, signer transmits signature along with message for verification, which leads to additional communication, computation cost and requires extra bandwidth. To resolve these issues, in this paper, we present an efficient ID-based proxy signature scheme with message recovery using bilinear pairings. Because of the message recovery feature, the proxy signer need not send the message to the verifier, so that the proposed scheme reduces the bandwidth requirement and communication cost. Our proposed scheme is proven secure against existential fo...
Cryptanalysis of Certificateless Signcryption Schemes and an Efficient Construction without Pairing
2009
Certificateless cryptography introduced by Al-Riyami and Paterson eliminates the key escrow problem inherent in identity based cryptosystems. Even though building practical identity based signcryption schemes without bilinear pairing are considered to be almost impossible, it will be interesting to explore possibilities of constructing such systems in other settings like certificateless cryptography. Often for practical systems, bilinear pairings are considered to induce computational overhead. Signcryption is a powerful primitive that offers both confidentiality and authenticity to noteworthy messages. Though some prior attempts were made for designing certificateless signcryption schemes, almost all the known ones have security weaknesses. Specifically, in this paper we demonstrate the security weakness of the schemes in [2], [1] and [6]. We also present the first provably secure certificateless signcryption scheme without bilinear pairing and prove it in the random oracle model.
New identity based signcryption schemes from pairings
IEEE Transactions on Information Theory, 2000
We present a new identity based scheme based on pairings over elliptic curves. It combines the functionalities of signature and encryption and is provably secure in the random oracle model. We compare it with Malone-Lee's one from security and eciency points of view. We give a formal proof of semantical security under the Decisional Bilinear Die-Hellman assumption for this new
A new identity based signcryption scheme from pairings
2003
... Definition1 We say that an identity based signcryption scheme (IDSC) has the indistinguishability against adaptive chosen ciphertext attacks property (I-IDSC-CCA) if no polynomially bounded adversary has a non-negligible advan-tage in the following game. ...
How to construct identity-based signatures without the key escrow problem
International Journal of Information Security, 2010
The inherent key escrow problem is one of the main reasons for the slow adoption of identity-based cryptography. The existing solution for mitigating the key escrow problem is by adopting multiple Private Key Generators (PKGs). Recently, there was a proposal that attempted to reduce the trust of the PKG by allowing a malicious PKG to be caught if he reveals the user's identity-based secret key illegally. Nonetheless, the proposal does not consider that the PKG can simply decrypt the ciphertext instead of revealing the secret key itself (in the case of identity-based encryption schemes). The aim of this paper is to present an escrow-free identity-based signature (IBS) scheme, in which the malicious PKG will be caught if it releases a signature on behalf of the user but signed by itself. We present a formal model to capture such a scheme and provide a concrete construction.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.