International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

S. Sharmila Deva Selvi

Publications

Year
Venue
Title
2010
EPRINT
Security Weaknesses in Two Certificateless Signcryption Schemes
S.Sharmila Deva Selvi S.Sree Vivek C.Pandu Rangan
Recently, a certificateless signcryption scheme in the standard model was proposed by Liu et al. in \cite{LiuHZM10}. Another certificateless signcryption scheme in the standard model was proposed by Xie et al. in \cite{WZ09}. Here, we show that the scheme in \cite{LiuHZM10} and \cite{WZ09} are not secure against Type-I adversary.
2010
EPRINT
Identity Based Public Verifiable Signcryption Scheme
S.Sharmila Deva Selvi S.Sree Vivek C.Pandu Rangan
Signcryption as a single cryptographic primitive offers both confidentiality and authentication simultaneously. Generally in signcryption schemes, the message is hidden and thus the validity of the ciphertext can be verified only after unsigncrypting the ciphertext. Thus, a third party will not be able to verify whether the ciphertext is valid or not. Signcryption schemes that allow any user to verify the validity of the ciphertext without the knowledge of the message are called public verifiable signcryption schemes. Third Party verifiable signcryption schemes allow the receiver to convince a third party, by providing some additional information along with the signcryption other than his private key with/without exposing the message. In this paper, we show the security weaknesses in three existing schemes \cite{BaoD98}, \cite{TsoOO08} and \cite{ChowYHC03}. The schemes in \cite{BaoD98} and \cite{TsoOO08} are in the Public Key Infrastructure (PKI) setting and the scheme in \cite{ChowYHC03} is in the identity based setting. More specifically, \cite{TsoOO08} is based on elliptic curve digital signature algorithm (ECDSA). We also, provide a new identity based signcryption scheme that provides public verifiability and third party verification. We formally prove the security of the newly proposed scheme in the random oracle model.
2010
EPRINT
Identity Based Self Delegated Signature - Self Proxy Signatures
S.Sharmila Deva Selvi S.Sree Vivek S.Gopinath C.Pandu Rangan
A proxy signature scheme is a variant of digital signature scheme in which a signer delegates his signing rights to another person called proxy signer, so that the proxy signer can generate the signature of the actual signer in his absence. Self Proxy Signature (SPS) is a type of proxy signature wherein, the original signer delegates the signing rights to himself (Self Delegation), there by generating temporary public and private key pairs for himself. Thus, in SPS the user can prevent the exposure of his private key from repeated use. In this paper, we propose the first identity based self proxy signature scheme. We give a generic scheme and a concrete instantiation in the identity based setting. We have defined the appropriate security model for the same and proved both the generic and identity based schemes in the defined security model.
2010
EPRINT
On the Security of Identity Based Threshold Unsigncryption Schemes
S.Sharmila Deva Selvi S.Sree Vivek S.Priti C.Pandu Rangan
Signcryption is a cryptographic primitive that provides confidentiality and authenticity simultaneously at a cost significantly lower than that of the naive combination of encrypting and signing the message. Threshold signcryption is used when a message to be sent needs the authentication of a certain number of members in an organisation, and until and unless a given number of members (known as the threshold) join the signcyption process, a particular message cannot be signcrypted. Threshold unsigncryption is used when this constraint is applicable during the unsigncryption process. In this work, we cryptanalyze two threshold unsigncryption schemes. We show that both these schemes do not meet the stringent requirements of insider security and propose attacks on both confidentiality and unforgeability. We also propose an improved identity based threshold unsigncryption scheme and give the formal proof of security in a new stronger security model.
2010
EPRINT
Identity Based Online/Offline Signcryption Scheme
S. Sharmila Deva Selvi S. Sree Vivek C. Pandu Rangan
Online/Offline signcryption is a cryptographic primitive where the signcryption process is divided into two phases - online and offline phase. Most of the computations are carried out offline (where the message and the receiver identity are unavailable). The online phase does not require any heavy computations like pairing, multiplication on elliptic curves and is very efficient. To the best of our knowledge there exists three online/offline signcryption schemes in the literature : we propose various attacks on all the existing schemes. Then, we give the first efficient and provably secure identity based online/offline signcryption scheme. We formally prove the security of the new scheme in the random oracle model \cite{BellareR93}. The main advantage of the new scheme is, it does not require the knowledge of message or receiver during the offline phase. This property is very useful since it is not required to pre-compute offline signcryption for different receivers based on the anticipated receivers during the offline phase. Hence, any value generated during the offline phase can be used during the online phase to signcrypt the message to a receiver during the online phase. This helps in reducing the number of values stored during the offline phase. To the best of our knowledge, the scheme in this paper is the first provably secure scheme with this property.
2010
EPRINT
CCA2 Secure Certificateless Encryption Schemes Based on RSA
S.Sharmila Deva Selvi S.Sree Vivek C.Pandu Rangan
Certificateless cryptography, introduced by Al-Riyami and Paterson eliminates the key escrow problem inherent in identity based cryptosystem. In this paper, we present two novel and completely different RSA based adaptive chosen ciphertext secure (CCA2) certificateless encryption schemes. The new schemes are efficient when compared to other existing certificatless encryption schemes that are based on the costly bilinear pairing operation and are quite comparable with the certificateless encryption scheme based on multiplicative groups (without bilinear pairing) by Sun et al. \cite{SZB07} and the RSA based CPA secure certificateless encryption scheme by Lai et al. \cite{LDLK09}. We consider a slightly stronger security model than the ones considered in \cite{LDLK09} and \cite{SZB07} to prove the security of our schemes.
2010
EPRINT
Efficient and Provably Secure Identity Based Aggregate Signature Schemes With Partial and Full Aggregation
S.Sharmila Deva Selvi S.Sree Vivek J.Shriram C.Pandu Rangan
An identity based signature allows users to sign their documents using their private keys and the signature can be verified by any user by using the identity of the signer and public parameters of the system. This allows secure communication between the users without any exchange of certificates. An aggregate signature scheme is a digital signature scheme which allows aggregation of different signatures by different users on different messages. An aggregate signature on $n$ messages $m_{i}$ by $n$ users $U_{i}$ convinces the verifier that each user $U_{i}$ has signed the corresponding message $m_{i}$. The primary objective of the aggregate signature scheme is to achieve both computational and communication efficiency. Here we discuss two identity based aggregate signature schemes. The first aggregate scheme IBAS-1 uses a variation of light weight Schnorr based signature. IBAS-1 does not involve any pairing operations in signature verification. IBAS-1 is computationally efficient since it avoids the costlier operation in elliptic curve groups(pairings). Also because of the light weight property of IBAS-1, it is much suitable for practice. The second aggregate signature scheme IBAS-2, which also has Schnorr type key construct, achieves full aggregation of signatures without agreeing on common randomness and without having any kind of interaction among all the signers. IBAS-2 achieves communication efficiency. But the computational complexity of IBAS-2 is higher than the IBAS-1 because it involves bilinear pairing.
2008
EPRINT
cryptanalysis and Improvement of a Recently Proposed Remote User Authentication Scheme Using Smart Cards
S.Sharmila Deva Selvi S.Sree Vivek
Recently Debasis et al[1] proposed an improvement to prevent offline attack in Fang et al’s[2] scheme, where [2] was an improvement of Das et al’s[3] scheme. However the improved scheme is insecure against side channel attack. In this paper we propose an enhancement for [1]. The enhanced scheme is secure against substitution, impersonation, spoofing, replay, side-channel and password guessing attacks.
2008
EPRINT
Provably Secure ID-Based Broadcast Signcryption (IBBSC) Scheme
With the advent of mobile and portable devices such as cell phones and PDAs, wireless content distribution has become a major means of communications and entertainment. In such applications, a central authority needs to deliver encrypted data to a large number of recipients in such a way that only a privileged subset of users can decrypt it. A broadcasting news channel may face this problem, for example, when a large number of people subscribe to a daily exclusive news feature. This is exactly the kind of problem that \textit{broadcast encryption} attempts to efficiently solve. On top of this, especially in the current digital era, junk content or spam is a major turn off in almost every Internet application. If all the users who subscribe to the news feed receive meaningless noise or any unwanted content, then the broadcaster is going to lose them. This results in the additional requirement that subscribers have source authentication with respect to their broadcaster. \textit{Broadcast signcryption}, which enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step, provides the most efficient solution to the dual problem of confidentiality and authentication. Efficiency is a major concern, because mobile devices have limited memory and computational power and wireless bandwidth is an extremely costly resource. While several alternatives exist in implementing broadcast signcryption schemes, identity-based (ID-based) schemes are arguably the best suited because of the unique advantage that they provide --- any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In ASIAN 2004, Mu et al. \cite{MSLR04} propose what they call an ID-based authenticated broadcast encryption scheme, which is also a broadcast signcryption scheme, as the security goals are the same. They claim that their scheme provides message authentication and confidentiality and formally prove that the broadcaster's secret is not compromised, but in this paper, we demonstrate that even without knowing the broadcaster's secret, it is possible for a legal user to impersonate the broadcaster. We demonstrate this by mounting a universal forgeability attack --- any valid user, on receiving and decrypting a valid ciphertext from a broadcaster, can generate a valid ciphertext on any message on behalf of that broadcaster for the same set of legal receivers to which the broadcaster signcrypted the earlier message, without knowing any secrets. Following this, we propose a new ID-based broadcast signcryption (IBBSC) scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA2).
2008
EPRINT
Cryptanalysis of ID-Based Signcryption Scheme for Multiple Receivers
In ATC 2007, an identity-based signcryption scheme for multiple receivers was proposed by Yu et al. They prove confidentiality of their scheme and also claim unforgeability without any proof. In this paper, we show that their signcryption scheme is insecure by demonstrating a universal forgeability attack - anyone can generate a valid signcrypted ciphertext on any message on behalf of any legal user for any set of legal receivers without knowing the secret keys of the legal users. Further, we propose a corrected version of their scheme and formally prove its security (confidentiality and unforgeability) under the existing security model for signcryption. We also analyze the efficiency of the corrected scheme by comparing it with existing signcryption schemes for multiple receivers.
2008
EPRINT
Cryptanalysis of Bohio et al.'s ID-Based Broadcast Signcryption (IBBSC) Scheme for Wireless Ad-hoc Networks
Broadcast signcryption enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step. It provides a very efficient solution to the dual problem of achieving confidentiality and authentication during content distribution. Among other alternatives, ID-based schemes are arguably the best suited for its implementation in wireless ad-hoc networks because of the unique advantage that they provide - any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In 2004, Bohio et al. [4] proposed an ID-based broadcast signcryption (IBBSC) scheme which achieves constant ciphertext size. They claim that their scheme provides both message authentication and confidentiality, but do not give formal proofs. In this paper, we demonstrate how a legitimate user of the scheme can forge a valid signcrypted ciphertext, as if generated by the broadcaster. Moreover, we show that their scheme is not IND-CCA secure. Following this, we propose a fix for Bohio et al.'s scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA). While fixing the scheme, we also improve its efficiency by reducing the ciphertext size to two elements compared to three in [4].
2008
EPRINT
Cryptanalysis of Li et al.'s Identity-Based Threshold Signcryption Scheme
Signcryption is a cryptographic primitive that aims at providing confidentiality and authentication simultaneously. Recently in May 2008, a scheme for identity based threshold signcryption was proposed by Fagen Li and Yong Yu. They have proved the confidentiality of their scheme and have also claimed the unforgeability without providing satisfactory proof. In this paper, we show that in their signcryption scheme the secret key of the sender is exposed(total break) to the clerk during sincryption and hence insecure in the presence of malicious clerks. Further, we propose a corrected version of the scheme and formally prove its security under the existing security model for signcryption.
2008
EPRINT
Efficient ID-Based Signcryption Schemes for Multiple Receivers
This paper puts forward new efficient constructions for Multi-Receiver Signcryption in the Identity-based setting. We consider a scenario where a user wants to securely send a message to a dynamically changing subset of the receivers in such a way that non-members of the of this subset cannot learn the message. The obvious solution is to transmit an individually signcrypted message to every member of the subset. This requires a very long transmission (the number of receivers times the length of the message) and high computation cost. Another simple solution is to provide every possible subset of receivers with a key. This requires every user to store a huge number of keys. In this case, the storage efficiency is compromised. The goal of this paper is to provide solutions which are efficient in all three measures i.e. transmission length, storage of keys and computation at both ends. We propose three new schemes that achieve both confidentiality and authenticity simultaneously in this setting and are the most efficient schemes to date, in the parameters described above. The first construction achieves optimal computational and storage cost. The second construction achieves much lesser transmission length than the previous scheme (down to a ratio of one-third), while still maintaining optimal storage cost. The third scheme breaks the barrier of ciphertext length of linear order in the number of receivers, and achieves constant sized ciphertext, independent of the size of the receiver set. This is the first Multi-receiver Signcryption scheme to do so. We support all three schemes with security proofs under a precisely defined formal security model.