Affiliation: Xi'an Jiaotong University
On Security Notions for Verifiable Encrypted Signature
First we revisit three - BGLS, MBGLS and GZZ verifiably encrypted signature schemes[2,3,6].We find that they are all not strong unforgeable.We remark that the notion of existential unforgeable is not sufficient for fair exchange protocols in most circumstances.So we propose three new - NBGLS, MBGLS and NGZZ verifiably encrypted signature schemes which are strong unforgeable. Also we reconsider other two - ZSS and CA verifiably encrypted signature schemes[4,8], we find that they both cannot resist replacing public key attack. So we strongly suggest that strong unforgeable for verifiably encrypted signature maybe a better notion than existential unforgeable and checking adjudicator knowing its private key is a necessary step for secure verifiably encrypted signature scheme.
Multi-Recipient Signcryption for Secure Wireless Group Communication
Secure group communication is significant for wireless and mobile computing. Overheads can be reduced efficiently when a sender sends multiple messages to multiple recipients using multi-recipient signcryption schemes. In this paper, we proposed the formal definition and security model of multi-recipient signcryption, presented the definition of reproducible signcryption and proposed security theorems for randomness reusing based multi-recipient signcryption schemes. We found that a secure reproducible signcryption scheme can be used to construct an efficient multi-recipient signcryption scheme which has the same security level as the underlying base signcryption scheme. We constructed a multi-recipient scheme which is provable secure in random oracle model assuming that the GDH problem is hard, based on a new BLS-type signcryption scheme. Overheads of the new scheme are only (n+1)/2n times of traditional ways when a sender sends different messages to n distinct recipients. It is more efficient than other known schemes. It creates a possibility for the practice of the public key cryptosystem in ubiquitous computing.
Provable Secure Generalized Signcryption
Generalized Signcryption is a new cryptographic primitive which can work as an encryption scheme, a signature scheme or a signcryption scheme. We give security notions of Generalized Signcryption and improve a Generalized Signcryption scheme proposed by Han et al.We give the formal attacking model of this new cryptographic primitive in the framework of theory of provable security. At last, we give formal proofs for this new improved Generalized Signcryption in our attacking model.
ECGSC: Elliptic Curve based Generalized Signcryption Scheme
Signcryption is a new cryptographic primitive that simultaneously fulfills both the functions of signature and encryption. The definition of generalized signcryption is proposed in the paper firstly. Generalized signcryption has a special feature that provides confidentiality or authenticity separately under the condition of specific inputs. So it is more useful than common ones. Based on ECDSA, a signcryption scheme called ECGSC is designed. It will be equivalent to an AtE(OTP$,MAC) encryption scheme or ECDSA when one of party is absent. A third party can verify the signcryption text publicly in the method of ECDSA. Security properties are proven based on Random Oracle mode: confidentiality (CUF-CPA), unforgeability (UF-CMA) and non-repudiation. Compared with the others, ECGSC presents a 78% reduction in computational cost for typical security parameters for high level security applications.
Elliptic Curve based Signcryption and its Multi-party Schemes
Signcryption is a novel public key primitive to achieve the combined functionality of authentication and confidentiality in an efficient manner. A new Elliptic Curve Cryptosystems based Signcryption which combines ECDSA and PSCE-1 is presented in the paper. The signcryption scheme is a publicly verifiable scheme which can be verified by the third party after the specific recipient removes his key information. Analysis shows that the proposed scheme is secure against the adaptive chosen ciphertext attack. The signcryption saves the communication cost at least 1.25 times and enhances computation cost 1.19 times over ECDSA-then-PSCE-1. Compared with other signcryption schemes, such as Y.Zheng??s ECSCS, the new signcryption uses a uniform elliptic curve cryptosystem platform instead of four kinds of cryptosystem components: hash function, keyed hash function, symmetric cipher and elliptic curve. While keeping high security and efficiency, the scheme can be implemented in software and hardware at low price because of above advantages. Base on the signcryption, a broadcast scheme for multiple recipients and a threshold scheme with key distributed generation for multiple senders are also proposed.