Breaking and Fixing of an Identity Based Multi-Signcryption Scheme (original) (raw)
Related papers
On the Provable Security of Multi-Receiver Signcryption Schemes
In ATC 2007, an identity based signcryption scheme for multiple receivers was proposed by Yu et al. In this paper, we first show that Yu et al.'s signcryption scheme is insecure by demonstrating an universal forgeability attack -anyone can generate a valid signcryption on any message on behalf of any legal user for any set of legal receivers without knowing the secret keys of the legal users. Also, we point out a subtle flaw in the proof of confidentiality given by Yu et al. and show that the scheme does not provide confidentiality. Further, we propose a corrected version of Yu et al.'s scheme and formally prove its security (confidentiality and unforgeability) under the existing security model for signcryption.
Cryptanalysis of an Authentication Scheme Using an Identity Based Generalized Signcryption
Cryptanalysis of an Authentication Scheme Using an Identity Based Generalized Signcryption, 2019
Secure data transmission is a challenging issue in modern data communication. ID based generalized signcryption is a cost effective security primitive which provides authentication or confidentiality, or jointly confidentiality and authentication. Wei's proposed an ID based generalized signcryption scheme for authentication and confidentiality of big data in a standard model, claiming that their scheme holds the security of indistinguishability against adaptive chosen-ciphertext attacks and existential unforgeability against adaptive chosen message attacks. In this paper, we analyzed Wei's scheme by launching security attacks on the scheme to check its validity. As a result, it became clear and proved that the master secret key generated in the scheme is compromisable. Similarly, the mentioned scheme does not hold the security of indistinguishability against adaptive chosen-ciphertext attacks and existential unforgeability against adaptive chosen message attacks. Consequently, Wei's schemes is prone to attacks and is insecure.
An Efficient Identity-Based Signcryption Scheme for Multiple Receivers
2009
This paper puts forward a new efficient construction for Multi-Receiver Signcryption in the Identity-based setting. We consider a scenario where a user wants to securely send a message to a dynamically changing subset of the receivers in such a way that non-members of this subset cannot learn the message. One obvious solution is to signcrypt the message to each member of the subset and transmit it to each of them individually. This requires a very long transmission (the number of receivers times the length of the message) and high computation cost. Another simple solution is to provide a key for every possible subset of receivers. This requires every user to store a huge number of keys. In this case, the storage efficiency is compromised. The goal of this paper is to provide a solution which is efficient in all three measures i.e. transmission length, storage of keys and computation at both ends. We propose a new scheme that achieves both confidentiality and authenticity simultaneously in this setting and is the most efficient scheme to date, in the parameters described above. It breaks the barrier of ciphertext length of linear order in the number of receivers, and achieves constant sized ciphertext, independent of the size of the receiver set. This is the first Multi-receiver Signcryption scheme to do so. We support the scheme with security proofs in the random oracle model under precisely defined security model.
On the Security of Identity Based Ring Signcryption Schemes
Lecture Notes in Computer Science, 2009
Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. Ring signcryption enables a user to signcrypt a message along with the identities of a set of potential senders (that includes him) without revealing which user in the set has actually produced the signcryption. Thus a ring signcrypted message has anonymity in addition to authentication and confidentiality. Ring signcryption schemes have no group managers, no setup procedures, no revocation procedures and no coordination: any user can choose any set of users (ring), that includes himself and signcrypt any message by using his private and public key as well as other users (in the ring) public keys, without getting any approval or assistance from them. Ring Signcryption is useful for leaking trustworthy secrets in an anonymous, authenticated and confidential way.
An Identity-Based Ring Signcryption Scheme
2012
Signcryption enables a user to perform digital signature for providing authenticity and public key encryption for providing message confidentiality simultaneously in a single logical step with a cost lesser than sign-then-encrypt approach. As the concept of ring signcryption emerged, various practical applications like electronic transaction protocol and key management protocols, felt the requirement of signer's privacy, which was lacking in normal signcryption schemes. Without revealing the users' identity of the ring signcryption can provide confidentiality and authenticity both. In this paper, we present a new ID-based ring signcryption scheme, motivated to the scheme provided by Zhu et al.[9]. Selvi et al. [17] and Wang et al. [23] found some security flaws in the Zhu's scheme [9], which is being considered and repaired in this paper. The proposed scheme is proven to be secure against adaptive chosen ciphertext ring attacks (IND-IDRSC-CCA2) and secure against an existential forgery for adaptive chosen message attacks (EF-IDRSC-ACMA).
Identity based hybrid signcryption revisited
2012 International Conference on Information Technology and e-Services, 2012
Signcryption is a cryptographic primitive which combines both the functions of digital signature and public key encryption logically in single step, and with a computational cost significantly less than required by the traditional signature-then-encryption approach. Identity based cryptosystem is a public key cryptosystem in which public key can be any arbitrary string. Hybrid cryptosystem combines the convenience of a public key cryptosystem with the efficiency of a symmetric cryptosystem. Dent [4] has given security models for hybrid signcryption scheme with insider security. He has given two security models for hybrid signcryption KEM: key indistinguishability and message indistinguishability model. Hybrid signcryption in identity base setting was given by Fagen Li et al. [10]. In this paper [10] only one security model key indistinguishability is considered. Our contribution in this paper is three fold: First we give new proof for IDB hybrid signcryption in Dent [4] security model. Second for the confidentiality of hybrid signcryption, we improve the bound as compared to Dent [4].Third we also give the example of identity based hybrid signcryption based on [11].
Signcryption scheme for Identity-based Cryptosystems
IACR Cryptol. ePrint Arch., 2003
An Identity-based cryptosystem is a Public Key cryptosystem in which the public keys of the entities are their identities, or strings derived from their identities. Signcryption combines digital signatures and encryption with a cost significantly smaller than that required for signature-thenencryption. This paper proposes an ID-based signcryption scheme based on bilinear pairings on elliptic curves. It is shown that the new scheme is an improved version of the existing signcryption scheme [10] by comparing the computations in both the schemes.
A new identity based signcryption scheme from pairings
2003
... Definition1 We say that an identity based signcryption scheme (IDSC) has the indistinguishability against adaptive chosen ciphertext attacks property (I-IDSC-CCA) if no polynomially bounded adversary has a non-negligible advan-tage in the following game. ...
An efficient identity based generalized signcryption scheme
Theoretical Computer Science, 2011
Generalized signcryption is a new cryptographic primitive, which provides separate or joint encryption and signature as per need. It is more suitable for some storage constrained environments, e.g. smart card, WSN (Wireless Sensor Networks) etc. In this paper, we propose an efficient identity based generalized signcryption scheme. We also simplify the security notions for identity based generalized signcryption and prove the security of the proposed scheme under the new security model.
In this paper, we show how to construct an Identity Based Signcryption Scheme (IBSC) using an Identity Based Encryption (IBE) and an Identity Based Signature (IBS) schemes. This we obtain by first extending the An-Dodis-Rabin construction to the Identity Based setting and then instantiating. We then further modify the construction to obtain an efficient construction. We show that the security of the IBSC scheme–indistinguishability as well as unforgeablity–is derived from the security of the underlying IBE and IBS schemes. Moreover, we show that under mild (reasonable) assumptions, the scheme is both space and time efficient compared to the Sign-then-Encrypt approach.