Separable and Anonymous Identity-Based Key Issuing
Sherman S.M. Chow11th International Conference on Parallel and Distributed Systems (ICPADS'05)
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In identity-based (ID-based) cryptosystems, a local registration authority (LRA) is responsible for authentication of users while the key generation center (KGC) is responsible for computing and sending the private keys to users and therefore, a secure channel is required. For privacy-oriented applications, it is important to keep in secret whether the private key corresponding to a certain identity has been requested. All of the existing ID-based key issuing schemes have not addressed this anonymity issue. Besides, the separation of duties for authentication and private key computation has not been discussed as well. In this paper, based on a signature scheme similar to a short blind signature, we propose a novel separable and anonymous ID-based key issuing scheme without secure channel. Our protocol supports the separation of duties between LRA and KGC. The private key computed by the KGC can be sent to the user in an encrypted form such that only the legitimate key requester authenticated by LRA can decrypt it, and any eavesdropper cannot know the identity corresponding to the secret key.
Related papers
A provable secure key-escrow-free identity-based signature scheme without using secure channel at the phase of private key issuance
Sādhanā
The identity-based cryptosystems furnish us with simplest key management procedures. Yet, they have a very slow adoption in cryptography due to the key escrow problem and the necessity of a secure channel between the user and the Private Key Generator (PKG) to transmit the created private key to the user. In this paper, we propose an identity-based signature scheme that not only solves the key escrow problem but also eliminates the requirement of the secure channel. The proposed scheme is secure against existential forgery under adaptively chosen message and ID attacks in the random oracle model assuming the hardness of the Computational Diffie-Hellmann Problem (CDHP). Furthermore, we compare the efficiency of our scheme to that of a similar established scheme.
Identity Based Public Verifiable Signcryption Scheme
2010
Signcryption as a cryptographic primitive that offers both confidentiality and authentication simultaneously. Generally, in signcryption schemes, the message is hidden and thus the validity of the signcryption can be verified only after the unsigncryption process. Thus, a third party will not be able to verify whether the signcryption is valid or not. Signcryption schemes that allow any one to verify the validity of signcryption without the knowledge of the message are called public verifiable signcryption schemes. Third party verifiable signcryption schemes allow the receiver of a signcryption, to convince a third party that the signcryption is valid, by providing some additional information along with the signcryption. This information can be anything other than the receiver’s private key and the verification may or may not require the exposure of the corresponding message. This paper shows the security weaknesses in two such existing schemes namely [14] and [4]. The scheme in [14] is Public Key Infrastructure (PKI) based scheme and the scheme in [4] is an identity based scheme. More specifically, [14] is based on elliptic curve digital signature algorithm (ECDSA). We also, provide a new identity based signcryption scheme that provides both public verifiability and third party verification. We formally prove the security of the newly proposed scheme in the random oracle model.
A Robust Identity-Based Signature Scheme that Avoids Key Escrow Problem
Proceedings of the 6th ETSI Annual Security Workshop, January 19 – 20, 2011, Sophia Antipolis, France. docbox.etsi.org, 2011
The notion of identity-based cryptography was put forth by Shamir to simplify the authentication of a public key by merely using an identity string as the public key. From the verifier’s or the encryptor’s point of view, only the identity of the other party is required. Hence, there is no necessity to ensure the validity of the public key. Due this nice property, a series of identity-based schemes have subsequently been proposed including identity-based signatures, identity-based encryption, and hierarchical identity-based cryptography. In these identity-based cryptosystems, there is a trusted party called the private key generator (PKG) who generates the secret key for each user identity. As the PKG generates and holds the secret key for all users, a complete trust must be placed on the PKG. However, this may not be a desirable approach in a real world scenario, where a malicious PKG can sell users’ keys, sign messages or decrypt ciphertexts on behalf of users without being confronted in a court of law. This is known as the key escrow problem. This problem seems to be inherent in identity-based cryptosystems. Some propositions have been made for employing multiple PKGs to solve this problem. The master secret key is jointly computed by a number of PKGs, such that no single PKG has the knowledge of it. However, this approach requires an extra infrastructure and communication cost between users and different PKGs. A user needs to run the key extraction protocol with different PKGs by proving his identity to them. Furthermore, maintaining multiple PKGs for a commercially used infrastructure is a daunting task. In this work, we introduce the concept of escrow-free identity-based signatures to reduce the trust in the PKG. In this model, each signer has his own public key and secret key. The PKG generates the identity-based secret key for the signer with respect to the user public key. Then the signer uses both secret keys to sign a message. Therefore, the signer is protected against a malicious PKG that may attempt to release a signature by itself on the behalf of the user. To verify the signature, it only requires the signer’s identity and the message. This is the main difference between the proposed protocol with existing certificate-based signatures (CBS), certificate-less signatures (CLS), self-certificated signatures (SCS). The verification protocols of these currently existing schemes require signer’s public key to be verified. The proposed protocol is therefore an identity-based signature (IBS) scheme and solves the key escrow problem. We also show that the proposed escrow-free IBS is more efficient than CBS, CLS and SCS since the user public key is not involved and is not sent to the verifier. """
An Improvement of an Identity-Based Key Issuing Protocol
2008
In 2005, Sui et al. proposed two separable and anonymous identity-based key issuing schemes, but the impersonation attack is proposed to show that Sui et al. 's second protocol is not free from the key-escrow problem. In order to solve such problem, Feng Cao et al. proposed an improved scheme in 2006. However, in the paper, we find that Feng Cao et al. 's scheme is still vulnerable to the impersonation attack. According, the current paper first shows the weakness of Feng Cao et al's improved scheme, and then proposes our improvement which reaches the goal of avoiding key escrow problem and enhances efficiency.
ENHANCED IDENTITY-BASED CERTIFICATELESS SIGNCRYPTION SCHEME
security, better performance efficiency and reduced cost expanses are all made possible by the enhanced new system.
An Efficient Key Escrow-Free Identity-Based Signature Scheme
2017
There are mainly two drawbacks of identity-based cryptosystem. First one is that it suffers from key escrow problem and the second one is that it uses a secure channel at the stage of private key issuance by the Private Key Generator (PKG). In this paper, we propose a key escrow-free identitybased signature scheme without using secure channel in the process of private key issuance stage. The bilinear pairing is used for the construction of the proposed scheme. The scheme is secure against adaptive chosen message attack and given ID attack under the assumption that the computation DiffieHellman problem is hard.
Signcryption scheme for Identity-based Cryptosystems
IACR Cryptol. ePrint Arch., 2003
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-thenencryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme [10] by comparing the computations in both the schemes.
Cryptanalysis of Key Issuing Protocols in ID-based Cryptosystems
Corr, 2005
To remove key escrow problem and avoid the need of secure channel in ID based cryptosystem Lee et al. proposed a secure key issuing protocol. However we show that it suffers from impersonation, insider attacks and incompetency of the key privacy authorities. We also cryptanalyze Sui et al.'s separable and anonymous key issuing protocol.
A Key Escrow-Free Identity-Based Signature Scheme without using Secure Channel
Cryptologia, 2010
Over the years, several identity-based signature schemes using bilinear pairings have been proposed, but most of them suffer from key escrow problems and require a secure channel during the private key issuance stage. In this paper, we present an identity-based signature scheme variant using bilinear pairings. We use a binding-blinding technique to eliminate key escrow problems and to avoid using a secure channel in the key issuance stage. We then extend the proposed scheme to a multi-signature scheme. We show that both schemes are secure against chosen message attacks.
A Revocable ID-based Signcryption Scheme
J. Inf. Hiding Multim. Signal Process., 2012
Signcryption scheme can efficiently perform encryption and signing procedures in a single step to obtain message confidentiality and non-reputation properties. As compared to the traditional public key system, identity (ID)-based public key system (IDPKS) can simplify the management of required certificates. However, how to revoke these compromised or misbehaving identities in the IDPKS becomes a critical problem. Recently, Tseng and Tsai proposed a novel construction in the IDPKS with revocation mechanism called revocable ID-based public key system (R-IDPKS). In this paper, we follow their R-IDPKS to propose an important cryptographic primitive ”signcryption”. Security analysis is made to demonstrate that the proposed scheme is provably secure and provides confidentiality and unforgeability.
An identity-based ring signature scheme with enhanced privacy
… and Workshops, 2006, 2006
There are many applications in which it is necessary to transmit authenticatable messages while achieving certain privacy goals such as signer ambiguity. The emerging area of vehicular ad-hoc network is a good example application domain with this requirement. The ring signature technique that uses an ad-hoc group of signer identities is a widely used method for generating this type of privacy preserving digital signatures. The identity-based cryptographic techniques do not require certificates. The construction of ring signatures using identity-based cryptography allow for privacy preserving digital signatures to be created in application when certificates are not readily available or desirable such as in vehicle area networks. We propose a new designated verifier identitybased ring signature scheme that is secure against full key exposure attacks even for a small group size. This is a general purpose primitive that can be used in many application domains such as ubiquitous computing where signer ambiguity is required in small groups. We consider the usefulness of identity-based cryptographic primitives in vehicular adhoc networks and use a specific example application to illustrate the use of identity-based ring signatures as a tool to create privacy preserving authenticatable messages.
How to construct identity-based signatures without the key escrow problem
International Journal of Information Security, 2010
The inherent key escrow problem is one of the main reasons for the slow adoption of identity-based cryptography. The existing solution for mitigating the key escrow problem is by adopting multiple Private Key Generators (PKGs). Recently, there was a proposal that attempted to reduce the trust of the PKG by allowing a malicious PKG to be caught if he reveals the user's identity-based secret key illegally. Nonetheless, the proposal does not consider that the PKG can simply decrypt the ciphertext instead of revealing the secret key itself (in the case of identity-based encryption schemes). The aim of this paper is to present an escrow-free identity-based signature (IBS) scheme, in which the malicious PKG will be caught if it releases a signature on behalf of the user but signed by itself. We present a formal model to capture such a scheme and provide a concrete construction.
Anonymous ID Based Signcryption Scheme for Multiple Receivers
2009
Abstract: Anonymous signcryption is synonyms of ring signcryption which provides anonymity of the sender along with the advantages of signcryption. Multi receiver signcryption is suited for situation where a sender wants to send a message to multiple ...
A Unified Hybrid ID-based And Certificate based Cryptosystem For Information Security
International journal of engineering research and technology, 2014
cryptography encompasses techniques for secure communication over unsecure networks vulnerable from adversaries. The ID-based and certificate based cryptographic schemes are two of the most popular techniques in this field of information security. These schemes have been designed under different theoretical backgrounds and they have their own advantages and drawbacks. Certificate based cryptography and PKI is widely employed in the real world. It can provide explicit authentication of users, even in large scale groups with complex hierarchy. On the other hand ID-based cryptography is advantageous in key management, since key distribution and key revocation are not required, but they also have an inherent drawback of key escrow problem, i.e. users private keys are known to the key generation center (KGC).There have been few works which try to provide them together in an efficient way. A hybrid scheme comprising public key infrastructure (PKI) and ID-based encryption (IBE) can be taken under consideration for improved operational results. Combining both these schemes drastically eliminates problems faced by each scheme individually. Furthermore ,the concept of unified public key infrastructure (UPKI) in which both certificate-based and IDbased cryptosystems provided to users in a single framework increases the efficiency gain as end users do not need to manage other users' certificate. In this paper we proposed combination of cryptographic algorithms in different ways which will provide output with varied efficiencies. The output from one cryptographic system taken as input for the other or both the Id-based and certificate based systems presenting the single output as a combination.
An efficient user identification scheme based on ID-based cryptosystem
Computer Standards & Interfaces, 2004
Tseng-Jan modified a non-interactive public key distribution system and also proposed several applications based on the Maurer-Yacobi scheme. In their scheme, a user can prove his identity to another user without revealing his secret key. They use a challenge-response-type interactive protocol to achieve their objective. However, in wireless environment, waiting for a corresponding response from the other is time-wasting and consumes the battery of the mobile device. The ability of computing and the capacity of the battery of a mobile device are limited. Therefore, we propose an efficient scheme based on ID-based cryptosystem that is more suitable to be applied in the mobile environment.
Hidden identity-based signatures
IET Information Security, 2009
This paper introduces Hidden Identity-based Signatures (Hidden-IBS), a type of digital signatures that provide mediated signer-anonymity on top of Shamir's Identity-based signatures. The motivation of our new signature primitive is to resolve an important issue with the kind of anonymity offered by "group signatures" where it is required that either the group membership list is public or that the opening authority is dependent on the group manager for its operation. Contrary to this, Hidden-IBS do not require the maintenance of a group membership list and they enable an opening authority that is totally independent of the group manager. As we argue this makes Hidden-IBS much more attractive than group signatures for a number of applications. In this paper, we provide a formal model of Hidden-IBS as well as two efficient constructions that realize the new primitive. Our elliptic curve construction that is based on the SDH/DLDH assumptions produces signatures that are merely half a Kbyte long and can be implemented very efficiently.
Foretaste on identity based encryption
IJARIIT-Volume 5 issue 3, 2019
Cryptography is an art which provides confidentiality, integrity, non-repudiation, and authentication to the parties involve in communication. Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. PKG uses user's credentials to publish the public key and after authentication of the user, it grants it is a master private key. Security of IBE depends on the trust of issuing authority. The purpose of this paper is to review the technological aspects in cryptography under Identity-based scheme. Section I provide an introduction of the scheme illustrating its background and procedure: Section II throw light on few schemes of IBC with their proofing algorithms while Section III mention the pros and cons of this scheme and finally the conclusion. Section IV summarises the content as the conclusion of the paper. Section V list the references that were sighted in the writing of this paper.
Fully Secure Accountable-Authority Identity-Based Encryption
Lecture Notes in Computer Science, 2011
The problem of trust is one of the biggest concerns in any identity-based infrastructure where the key-generation authority (called the PKG) must choose secret keys for participants and therefore be highly trusted by all parties. While some abilities of the PKG are intrinsic to this setting, reducing this trust as much as possible is beneficial to both user and authority
New Identity-Based Blind Signature and Blind Decryption Scheme in the Standard Model
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2009
We explicitly describe and analyse blind hierachical identity-based encryption (blind HIBE) schemes, which are natural generalizations of blind IBE schemes [20]. We then uses the blind HIBE schemes to construct: (1) An identity-based blind signature scheme secure in the standard model, under the computational Diffie-Hellman (CDH) assumption, and with much shorter signature size and lesser communication cost, compared to existing proposals. (2) A new mechanism supporting a user to buy digital information over the Internet without revealing what he/she has bought, while protecting the providers from cheating users.
Identity Based Encryption and Identity Based Signature Scheme : A Research on Security Schemes 1333
2019
1330 Published By: Blue Eyes Intelligence Engineering & Sciences Publication Retrieval Number: F12700486S419/19©BEIESP DOI: 10.35940/ijitee.F1270.0486S419 Abstract— In computer based system, key for the problem of identification, authentication and secrecy can be found in the field of cryptography. Dependence on public key infrastructure and to receive certificates signed by Certificate Authority (CA) to authenticate oneself for exchange of encrypted messages is one of the most significant limitation for the widespread adoption of Public Key Cryptography (PKC) as this process is time engrossing and error prone. Identity based cryptography (IBC) aspires to reduce the certificate and key management overhead of PKC. IBC’s important primordial is Identity-based Encryption (IBE). IBE provided emergent for perception of Identity based signature (IBS) schemes. In this paper, overview of IBE and IBS schemes has been given. Also, a survey on various IBE and IBS schemes has been performed to ...
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.