Identity-Based Mediated RSA Revisited

In SSYM 2001, Boneh, Ding, Tsudik and Wong presented encryption and signature schemes based on the identity-based mediated RSA (ID-MRSA), in which the users are not allowed to decrypt/sign messages without the permission of a security mediator (the SEM). This allows a simple key revocation. Subsequently, in CT-RSA 2003, Ding and Tsudik presented a security proof for these schemes. In particular, they stated that 'IB-mRSA/OAEP encryption offers equivalent the semantic security to RSA/OAEP against adaptive chosen ciphertext attacks in the random oracle model if the key generation function is division intractable'. To make the key generation function division intractable, Ding and Tsudik used a division intractable hash function to generate division intractable public keys. In this paper, we show that using a division intractable hash function does not necessarily mean that the key generation function is division intractable. We also modify the ID-MRSA so that the generated keys are always division intractable. We also show that these modifications do not passively affect the efficiency of the ID-MRSA.

[1]  Michael K. Reiter,et al.  Two-party generation of DSA signatures , 2001, International Journal of Information Security.

[2]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[3]  Colin Boyd,et al.  Security-Mediated Certificateless Cryptography , 2006, Public Key Cryptography.

[4]  David Mazières,et al.  Proactive Two-Party Signatures for User Authentication , 2003, NDSS.

[5]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[6]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[7]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[8]  Jean-Jacques Quisquater,et al.  Efficient revocation and threshold pairing based cryptosystems , 2003, PODC '03.

[9]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[10]  Jean-Pierre Seifert,et al.  Extending Wiener's Attack in the Presence of Many Decrypting Exponents , 1999, CQRE.

[11]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[12]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[13]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[14]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[15]  Cameron Ross Dunne,et al.  Pseudonym management using mediated identity-based cryptography , 2005, DIM '05.

[16]  Dan Boneh,et al.  Fine-grained control of security capabilities , 2004, TOIT.

[17]  Chen Yang,et al.  Secure mediated certificateless signature scheme , 2007 .

[18]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[19]  Pieter H. Hartel,et al.  Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application , 2009, WISA.

[20]  Dan Boneh,et al.  Identity-Based Mediated RSA ? , 2002 .

[21]  Michael K. Reiter,et al.  Delegation of cryptographic servers for capture-resilient devices , 2001, CCS '01.

[22]  Lifeng Guo,et al.  An Identity-based Mediated Signature Scheme from Bilinear Pairing , 2006, Int. J. Netw. Secur..

[23]  Ravi Ganesan,et al.  The Yaksha security system , 1996, CACM.

[24]  Michael K. Reiter,et al.  Networked cryptographic devices resilient to capture , 2003, International Journal of Information Security.

[25]  Santanu Sarkar,et al.  Cryptanalysis of RSA with more than one decryption exponent , 2010, Inf. Process. Lett..

[26]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[27]  Chen Yang,et al.  Efficient Mediated Certificates Public-Key Encryption Scheme without Pairings , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[28]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[29]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[30]  Oliver Popov,et al.  A Social Welfare Approach in Increasing the Benefits from the Internet in Developing Countries , 2011 .