Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Certificateless public key cryptography eliminates inherent key escrow problem in identity-based cryptography, and does not yet requires certificates as in the traditional public key infrastructure. In this paper, we give crypt-analysis to Hwang et al.’s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against “malicious-but-passive” key generation center (KGC) attack in the standard model. Their scheme is proved to be insecure even in a weaker security model called “honest-but-curious” KGC attack model. We then propose an improved scheme which is really secure against “malicious-but-passive” KGC attack in the standard model.

[1]  Jianhua Li,et al.  Efficient Certificateless Public Key Encryption. , 2005 .

[2]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[3]  Limin Shen,et al.  Cryptanalysis of a Certificateless Encryption Scheme in the Standard Model , 2012, 2012 Fourth International Conference on Intelligent Networking and Collaborative Systems.

[4]  Xiaoyun Wang,et al.  Certificateless Encryption Scheme Secure in Standard Model , 2009 .

[5]  Kenneth G. Paterson,et al.  Certificateless Encryption Schemes Strongly Secure in the Standard Model , 2008, Public Key Cryptography.

[6]  Hui Li,et al.  Short-ciphertext and BDH-based CCA2 secure certificateless encryption , 2010, Science China Information Sciences.

[7]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[8]  Joonsang Baek,et al.  Certificateless Public Key Encryption Without Pairing , 2005, ISC.

[9]  Richard Comley,et al.  Efficient Certificateless Public Key Encryption , 2005, IACR Cryptol. ePrint Arch..

[10]  Pil Joong Lee,et al.  Generic Construction of Certificateless Encryption , 2004, ICCSA.

[11]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[12]  Zhoujun Li,et al.  An Efficient Certificateless Encryption Scheme in the Standard Model , 2009, 2009 Third International Conference on Network and System Security.

[13]  Joseph K. Liu,et al.  Certificateless Public Key Encryption Secure against Malicious KGC Attacks in the Standard Model , 2007, IACR Cryptol. ePrint Arch..

[14]  Joseph K. Liu,et al.  Self-Generated-Certificate Public Key Cryptography and certificateless signature/encryption scheme in the standard model: extended abstract , 2007, ASIACCS '07.

[15]  Jean-Jacques Quisquater,et al.  On Constructing Certificateless Cryptosystems from Identity Based Encryption , 2006, Public Key Cryptography.

[16]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[17]  Qiong Huang,et al.  Generic Certificateless Encryption Secure Against Malicious-but-Passive KGC Attacks in the Standard Model , 2010, Journal of Computer Science and Technology.

[18]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[19]  Qiong Huang,et al.  Generic Certificateless Encryption in the Standard Model , 2007, IWSEC.

[20]  Qiong Huang,et al.  Generic Certificateless Key Encapsulation Mechanism , 2007, ACISP.

[21]  Qiong Huang,et al.  Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model , 2010 .

[22]  Stefanos Gritzalis,et al.  Proceedings of the 11th international conference on Information Security , 2005 .

[23]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.