International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Tsz Hon Yuen

Affiliation: The University of Hong Kong

Publications

Year
Venue
Title
2015
EPRINT
2015
PKC
2014
EPRINT
2012
EUROCRYPT
2007
EPRINT
(Convertible) Undeniable Signatures without Random Oracles
We propose a convertible undeniable signature scheme without random oracles. Our construction is based on Waters' and Kurosawa and Heng's schemes that were proposed in Eurocrypt 2005. The security of our scheme is based on the CDH and the decision linear assumption. Comparing only the part of undeniable signatures, our scheme uses more standard assumptions than the existing undeniable signatures without random oracles due to Laguillamie and Vergnaud.
2007
EPRINT
Efficient Hierarchical Identity Based Signature in the Standard Model
The only known constructions of Hierarchical Identity Based Signatures that are proven secure in the strongest model without random oracles are based on the approach of attaching certificate chains or hierarchical authentication tree with one-time signature. Both construction methods lead to schemes that are somewhat inefficient and leave open the problem of efficient direct construction. In this paper, we propose the first direct construction of Hierarchical Identity Based Signature scheme that is proven under the strongest model without relying on random oracles and using more standard $q$-SDH assumption. It is computationally efficient and the signature size is constant. When the number of hierarchical level is set to be one, our scheme is a normal identity based signature scheme. It enjoys the shortest size in public parameters and signatures when compare with others in the literature, with the same security level.
2006
EPRINT
(Hierarchical Identity-Based) Threshold Ring Signatures
Victor K. Wei Tsz Hon Yuen
We construct the first several efficient threshold ring signatures (TRS) without random oracles. Specializing to a threshold of one, they are the first several efficient ring signatures without random oracles after the only earlier instantiation of Chow, Liu, Wei, and Yuen. Further specializing to a ring of just one user, they are the short (ordinary) signatures without random oracles summarized in Wei and Yuen. We also construct the first hierarchical identity-based threshold ring signature without random oracles. The signature size is $O(n\lambda_s)$ bits, where $\lambda_s$ is the security parameter and $n$ is the number of users in the ring. Specializing to a threshold of one, it is the first hierarchical identity-based ring signature without random oracles. Further specializing to a ring of one user, it is the constant-size hierarchical identity-based signature (HIBS) without random oracles in Yuen-Wei - the signature size is $O(\lambda_s)$ bits which is independent of the number of levels in the hierarchy.
2006
EPRINT
Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles
In this paper, we propose a Hierarchical Identity Based Encryption scheme that is proven secure under the strongest model of \cite{BonehFr01} directly, without relying on random oracles. The size of the ciphertext is a constant while the size of public parameters is independent to the number of bit representing an identity. It is the first in the literature to achieve such a high security level and space efficiency at the same time. In addition, we also propose the first Hierarchical Identity Based Signature scheme that is proven under the strongest model without relying on random oracles and using more standard $q$-SDH assumption. Similar to the proposed encryption scheme, the space complexity of the signature and public parameters are as efficient as the proposed encryption scheme.
2005
EPRINT
Group Signature where Group Manager, Members and Open Authority are Identity-Based
We present the first group signature scheme with provable security and signature size $O(\lambda)$ bits where the group manager, the group members, and the Open Authority (OA) are all identity-based. We use the security model of Bellare, Shi, and Zhang, except to add three identity managers for manager, members, and OA respectively, and we discard the Open Oracle. Our construction uses identity-based signatures summarized in Bellare, Namprempre, and Neven for manager, Boneh and Franklin's IBE for OA, and we extend Bellare et al.'s group signature construction by verifiably encrypt an image of the member public key, instead of the public key itself. The last innovation is crucial in our efficiency; otherwise, Camenisch and Damgard's verifiable encryption would have to be used resulting in lower efficiency.
2005
EPRINT
Ring Signatures without Random Oracles
Since the formalization of ring signature by Rivest, Shamir and Tauman in 2001, there are lots of variations appeared in the literature. Almost all of the variations rely on the random oracle model for security proof. In this paper, we propose a ring signature scheme based on bilinear pairings, which is proven to be secure against chosen message attack without using the random oracle model. It is one of the first in the literature to achieve this security level.
2005
EPRINT
Constant-Size Hierarchical Identity-Based Signature/Signcryption without Random Oracles
Tsz Hon Yuen Victor K. Wei
We construct the first constant-size hierarchical identity-based signature (HIBS) without random oracles - the signature size is $O(\lambda_s)$ bits, where $\lambda_s$ is the security parameter, and it is independent of the number of levels in the hierarchy. We observe that an efficient hierarchical identity-based signcryption (HIBSC) scheme without random oracles can be compositioned from our HIBS and Boneh, Boyen, and Goh's hierarchical identity-based encryption (HIBE). We further optimize it to a constant-factor efficiency improvement. This is the first constant-size HIBSC without random oracles.
2005
EPRINT
More short signatures without random oracles
Victor K. Wei Tsz Hon Yuen
We construct three new signatures and prove their securities without random oracles. They are motivated, respectively, by Boneh and Boyen's, Zhang, et al.'s, and Camenisch and Lysyanskaya's signatures without random oracles. The first two of our signatures are as short as Boneh and Boyen's (resp. Zhang, et al.'s} state-of-the-art short signatures. Our third signature is reducible to a modified LRSW Assumption but without their hypothesized external signing oracle. New and interesting variants of the q-SDH Assumption, the q-SR (Square Root) Assumption are also presented. New and independently interesting proof techniques extending the two-mode technique of Boneh and Boyen are used, including a combined three-mode simulation and rewinding in the standard model.
2004
EPRINT
Fast and Proven Secure Blind Identity-Based Signcryption from Pairings
Tsz Hon Yuen Victor K. Wei
We present the first blind identity-based signcryption (BIBSC). We formulate its security model and define the security notions of blindness and parallel one-more unforgeability (p1m-uf). We present an efficient construction from pairings, then prove a security theorem that reduces its p1m-uf to Schnorr??s ROS Problem in the random oracle model plus the generic group and pairing model. The latter model is an extension of the generic group model to add support for pairings, which we introduce in this paper. In the process, we also introduce a new security model for (non-blind) identity-based signcryption (IBSC) which is a strengthening of Boyen??s. We construct the first IBSC scheme proven secure in the strenghened model which is also the fastest (resp. shortest) IBSC in this model or Boyen??s model. The shortcomings of several existing IBSC schemes in the strenghened model are shown.
2004
EPRINT
Signcryption in Hierarchical Identity Based Cryptosystem
In many situations we want to enjoy confidentiality, authenticity and non-repudiation of message simultaneously. One approach to achieve this objective is to "sign-then-encrypt" the message, or we can employ special cryptographic scheme like signcryption. Two open problems about identity-based (ID-based) signcryption were proposed in \cite{CryptoePrint:2003:023}. The first one is to devise an efficient forward-secure signcryption scheme with public verifiability and public ciphertext authenticity, which is promptly closed by \cite{LNCS2971:ICISC2003:CYHC}. Another one which still remains open is to devise a hierarchical ID-based signcryption scheme that allows the user to receive signcrypted messages from sender who is under another sub-tree of the hierarchy. This paper aims at solving this problem by proposing two concrete constructions of hierarchical ID-based signcryption.