Certificate-Based Signature: Security Model and Efficient Construction

In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2) solving the certificate revocation problem, and (3) eliminating third-party queries in the traditional PKI. In addition, it also solves the inherent key escrow problem in the identity-based cryptography. In this paper, we first introduce a new attack called the "Key Replacement Attack" in the certificatebased system and refine the security model of certificate-based signature. We show that the certificate-based signature scheme presented by Kang, Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks. We then propose a new certificate-based signature scheme, which is shown to be existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model. Compared with the certificate-based signature scheme in CT-RSA 2004, our scheme enjoys shorter signature length and less operation cost, and hence, our scheme outperforms the existing schemes in the literature.

[1]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[2]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[3]  Je Hong Park,et al.  Is it possible to have CBE from CL-PKE? , 2005, IACR Cryptol. ePrint Arch..

[4]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[5]  Je Hong Park,et al.  A Certificate-Based Signature Scheme , 2004, CT-RSA.

[6]  이필중 Identity-based Cryptography in Public Key Management , 2004 .

[7]  Paz Morillo,et al.  Improved certificate-based encryption in the standard model , 2008, J. Syst. Softw..

[8]  Joseph K. Liu,et al.  Efficient Certificate-Based Encryption in the Standard Model , 2008, SCN.

[9]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[10]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[11]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[12]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[13]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[14]  Pil Joong Lee,et al.  Generic Construction of Certificateless Encryption , 2004, ICCSA.

[15]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[16]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[17]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[18]  Tsz Hon Yuen,et al.  Certificate Based (Linkable) Ring Signature , 2007, ISPEC.

[19]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[20]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[21]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[22]  William P. Marnane,et al.  Identity- Based Cryptography , 2008 .

[23]  Kenneth G. Paterson,et al.  CBE from CL-PKE: A Generic Construction and Efficient Schemes , 2005, Public Key Cryptography.

[24]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[25]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[26]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[27]  Pil Joong Lee,et al.  Separable Implicit Certificate Revocation , 2004, ICISC.

[28]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[29]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[30]  Yang Lu,et al.  Constructing Efficient Certificate-based Encryption with Paring , 2009, J. Comput..

[31]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[32]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[33]  Antonio Laganà,et al.  Computational Science and Its Applications – ICCSA 2004 , 2004, Lecture Notes in Computer Science.

[34]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[35]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[36]  Fagen Li,et al.  Efficient Certificate-Based Signcryption Scheme from Bilinear Pairings , 2008 .

[37]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[38]  Paz Morillo,et al.  Breaking Yum and Lee Generic Constructions of Certificate-Less and Certificate-Based Encryption Schemes , 2006, EuroPKI.