A secure extension of the Kwak-Moon group signcryption scheme

This paper presents the secure extension of the Kwak-Moon group signcryption scheme [Kwak D, Moon S. Efficient distributed signcryption scheme as group signcryption. In: First applied cryptography and network security - ACNS'03. Lecturer notes in computer science, vol. 2846. Springer-Verlag; 2003. p. 403-17] as a countermeasure against the cryptanalysis in [Wang G, Deng RH, Kwak D, Moon S. Security analysis of two signcryption scheme. In: Information security conference - ISC 2004. Lecturer notes in computer science, vol. 3225. Springer-Verlag; 2004. p. 123-33]. The cryptanalysis revealed that the Kwak-Moon scheme cannot satisfy the properties of unforgeability, coalition-resistance, and traceability. Therefore, to avoid these weaknesses, while providing the same functions, we add confidentiality to the original group signature by distributing a shared secret among group members through an efficient group key agreement. However, in case of just combining a group signature and a group key agreement, if an attacker who does not belong to the group acquires a valid group signature, it is still possible for him to impersonate a valid group member and delegate the group. Thus, to avoid this possibility, the proposed scheme confirms whether or not the sender is equal to the signer by including a session key encryption in the signed message. In addition, we analyze the security of the proposed scheme and apply it to an anonymous statistical survey of attributes.

[1]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[2]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Public Key Cryptography.

[3]  Dongho Won,et al.  Attacks on Bresson-Chevassut-Essiari-Pointcheval's Group Key Agreement Scheme for Low-Power Mobile Devices , 2004, IACR Cryptol. ePrint Arch..

[4]  Yi Mu,et al.  Distributed Signcryption , 2000, INDOCRYPT.

[5]  Ron Steinfeld,et al.  A Signcryption Scheme Based on Integer Factorization , 2000, ISW.

[6]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[7]  J. Camenisch,et al.  A Group Signature Scheme Based on an RSA-Variant , 1998 .

[8]  Toru Nakanishi,et al.  A Group Signature Scheme Committing the Group , 2002, ICICS.

[9]  Emmanuel Bresson,et al.  Mutual authentication and group key agreement for low-power mobile devices , 2003, Comput. Commun..

[10]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[11]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[12]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[13]  Yuliang Zheng,et al.  Signcryption and Its Applications in Efficient Public Key Solutions , 1997, ISW.

[14]  Dong Jin Kwak,et al.  Efficient Distributed Signcryption Scheme as Group Signcryption , 2003, ACNS.

[15]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[16]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[17]  Robert H. Deng,et al.  Security Analysis of Two Signcryption Schemes , 2004, ISC.

[18]  Toru Nakanishi,et al.  Anonymous Statistical Survey of Attributes , 2001, ACISP.

[19]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[20]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[21]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[22]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.