Study Of Provably Secure Public Key Cryptosystems In The Standard Model

The theory of provable security is an important research area in modern cryptogra-phy, especially in public key cryptography, and has a tendency of standardization. Therandom oracle methodology plays an important role in the provable security of public keycryptography. However,there exist some signature and encryption schemes that are se-cure in the random oracle model, but for which any implementation of the random oracleresults in insecure schemes. This stresses the importance of designing the provably secureschemes in the standard model or without using the random oracles. In this dissertation,the author focuses on both the construction of public key cryptographic schemes and theirsecurity proofs in the standard model, and obtains the following main results:(1) A provably secure proxy multi-signature scheme in the standard model is proposed.First, we give the formal definition of proxy multi-signature, classify the adversariesinto three types according to their abilities, and formalize a clear security modelof proxy multi-signature. Then, we present a proxy multi-signature scheme in thestandard model. The size of a proxy multi-signature is independent of the number ofthe original signers. Our scheme is existentially unforgeable against chosen messageattacks and chosen warrant attacks based on the hardness of the well known CDHproblem in the standard model.(2) A provably secure proxy signature scheme with revocation in the standard modelis presented. The revocation of delegated rights is an essential issue of the proxysignature schemes. A security model of proxy signature schemes with revocation isformalized. Under the formal security framework, a proxy signature scheme with fastrevocation based on bilinear pairings is proposed. A security mediator (SEM), whichis an on-line partially trusted server, is introduced to examine whether a proxy signersigns according to the warrant or he/she exists in the revocation list. Moreover, theproxy signer must cooperate with the SEM to generate a valid proxy signature, thusthe proposed scheme has the property of fast revocation. The proposed scheme isprovably secure based on the computational Diffie-Hellman (CDH) intractabilityassumption without relying on the random oracles, and satisfies all the securityrequirements for a secure proxy signature. Finally, we extend the proposed schemeto obtain a proxy multi-signature scheme with revocation .(3) A chosen ciphertext secure identity-based encryption extended scheme in the stan-dard model is proposed. In Eurocrypt 2005, Waters'identity-based encryptionscheme su?ers from a drawback that the scheme only guarantees chosen plaintext security, which hampers its applications in higher security level environments. Achosen ciphertext secure identity-based encryption scheme was proposed to rem-edy this drawback. The proposed encryption scheme was regarded as the extendedversion of Waters'scheme with only one additional element in the ciphertext, andguaranteed chosen ciphertext security. The extended scheme's indistinguishabil-ity against adaptive chosen ciphertext attacks was proven in the standard modeland rested on the hardness of the decisional bilinear Diffie-Hellman intractabilityassumption.(4) Certificateless public key signcryption scheme is an important cryptographic prim-itive in cryptography. Barbosa and Farshim proposed a certificateless signcryptionscheme. However, their construction is proven to be secure in the random ora-cle model but not the standard model, and the scheme is also vunlerable to themalicious-but-passive key generation center (KGC) attacks. To overcome these dis-advantages, we introduce a formal security model for certificateless signcryptionschemes secure against the malicious-but-passive KGC attacks and propose a novelcertificateless signcryption scheme. The proposed certificateless signcryption schemeis proven to be IND-CCA2 secure under the decisional Bilinear Diffie-Hellman in-tractability assumption without using the random oracles. The proposed scheme isalso proven to be existentially unforgeable under the computational Diffie-Hellmanintractability assumptions. Furthermore, performance analysis shows that the pro-posed scheme is e?cient and practical.