Cryptanalysis and Improvement of a Certificateless Multi-proxy Signature Scheme

• Autorzy: Tian M. , Yang W. , Huang L.

Identyfikatory

DOI

10.3233/FI-2013-976

• Języki publikacji: EN

Abstrakty

EN

Certificateless cryptography is a new type of public key cryptography,which removes the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Multi-proxy signature is an extension of proxy signature, which allows an original signer authorizing a group of proxy signers and only the cooperation of all proxy signers in the group can create valid proxy signatures on behalf of the original signer. Recently, Jin andWen combined certificateless cryptographywith multi-proxy signature, and proposed a model as well as a concrete scheme of certificateless multi-proxy signature. They claimed that their scheme is provably secure in their security model. Unfortunately, in this paper by giving two attacks, we will show that their certificateless multi-proxy signature scheme can be broken. The first attack indicates their security model is flawed and the second attack indicates their certificateless multi-proxy signature scheme is insecure. Possible improvements are also suggested to prevent these attacks.

Słowa kluczowe

EN

cryptanalysis; certificateless cryptography; multi-proxy signature; bilinear pairing

• Wydawca: IOS Press
• Czasopismo: Fundamenta Informaticae
• Rocznik: 2014
• Tom: Vol. 129, nr 4
• Strony: 365--375
• Opis fizyczny: Bibliogr. 17 poz.

Twórcy

autor

Tian M.

• School of Computer Science and Technology University of Science and Technology of China Hefei 230026, P.R. China

autor

Yang W.

• School of Computer Science and Technology University of Science and Technology of China Hefei 230026, P.R. China

autor

Huang L.

• School of Computer Science and Technology University of Science and Technology of China Hefei 230026, P.R. China

Bibliografia

• [1] Shamir, A.: Identity-based cryptosystems and signature schemes. In: CRYPTO’84, LNCS 196, Springer-Verlag, pp.47–53, 1985.
• [2] Al-Riyami, S., Paterson, K.: Certificateless public key cryptography. In: ASIACRYPT 2003, LNCS 2894, Springer-Verlag, pp.452–473, 2003.
• [3] Huang, X., Susilo, W., Mu, Y., Zhang, F.: On the security of certificateless signature schemes from Asiacrypt 2003. In: CANS 2005, LNCS 3810, Springer-Verlag, pp.13–25, 2005.
• [4] Au, M., Chen, J., Liu, J., Mu, Y.,Wong, D., Yang, G.: Malicious KGC attacks in certificateless cryptography. In: ASIACCS 2007, pp.302–311, 2007.
• [5] Zhang, L., Zhang, F.: A new certificateless aggregate signature scheme. Computer Communications, 32(6), pp.1079–1085, 2009.
• [6] Xiong, H., Li, F., Qin, Z.: A provably secure proxy signature scheme in certificateless cryptography. Informatica, 21(2), pp.277–294, 2010.
• [7] Liu, Z., Hu, Y., Zhang, X., Ma, H.: Certificateless signcryption scheme in the standard model. Information Sciences, 180(3), pp.452–464, 2010.
• [8] Weng, J., Yao, G., Deng, H., Chen, M., Li, X.: Cryptanalysis of a certificateless signcryption scheme in the standard model. Information Sciences, 181(3), pp.661–667, 2011.
• [9] Jin, Z.,Wen, Q.: Certificateless multi-proxy signature. Computer Communications, 34(3), pp.344-352, 2011.
• [10] Mambo, M., Usuda, K., Okamoto, E.: Proxy signature for delegating signing operation. In: CCS’96, pp.48–57, 1996.
• [11] Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: CCS’98, pp.83–92, 1998.
• [12] Lee, B., Kim, H., Kim, K.: Strong proxy signature and its applications. In: Proceedings of Symposium on Cryptography and Information Security (SCIS 2001), pp.603–608, 2001.
• [13] Park, H., Lee, I.: A digital nominative proxy signature scheme for mobile communication. In: ICICS 2001, LNCS 2229, Springer-Verlag, pp.451–455, 2001.
• [14] Weissman, J., Ramakrishnan, S.: Using proxies to accelerate cloud applications. In: Proceedings of the Workshop on Hot Topics in Cloud Computing, pp.14–19, 2009.
• [15] Hwang, S., Shi, C.: A simple multi-proxy signature scheme. In: Proceedings of the 10th National Conference on Information Security, pp.134–138, 2000.
• [16] Cao, F., Cao, Z.: A secure identity-based multi-proxy signature scheme. Computers and Electrical Engineering, 35(1), pp.86–95, 2009.
• [17] Xiong, H., Hua, J., Chen, Z., Li, F.: On the security of an identity based multi-proxy signature scheme. Computers and Electrical Engineering, 37(2), pp.129–135, 2011.