Research On Provably Secure Certificateless Signature Schemes

Digital signature is one of the core technology of information security, has been widely used in commerqial, financial, military and other fields. Certificate less signature eliminates inherent key escrow problem in identity-based signature, and does not yet requires certificates as in the traditional signature. These two advantages make it attractive to the research community and industrial world from the beginning of its birth. It has been a very active research hot topic in the field of cryptology and information security.Meanwhile, the provable security provides the theoretical basis and scientific evidence for cryptographic schemes, and it has become a basic requirement of modern cryptographic schemes. This dissertation aims to provide more provably secure certificateless signature schemes. And we focus on certificateless encryption schemes, certificateless signatures schemes, certificateless signature schemes with special properties (e.g. certificateless aggregate signature schemes, certifiqateless partially blind signature schemes, certificateless signcryption schemes). The major contributions of the dissertation are as follows.1. We give cryptanalysis to Hwang et al.’s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against "malicious-but-passive" KGC attack in the standard model. Their scheme is proved to be insecure even in a weaker security model called "honest-but-curious" KGC attack model. We then propose an improved scheme which is really secure against "malicious-but-passive" KGC attack in thd standard model.2. We carry out cryptanalysis and improvement of Yu et al.’s certificateless signature scheme. Most of certificateless signature schemes without random oracles cannot resist key replacement attack. To overcome this security weakness, Yu et al. recently propose a new certificateless signature scheme and claimed that their scheme is provably secure in the standard model. However, we show their scheme is still insecure against key replacement attack. We then propose an improved certificateless signature scheme and present its security proof. Our new scheme not only avoids the weakness in Yu et al.’s scheme, but also offers shorter system parameters, shorter length of signature, and higher computational efficiency.3. We propose a new certificateless short signature scheme and prove that it is existentially unforgeable against adaptive chosen message attack in the random oracle model. Our new scheme not only provides provable security but also has the very short signature length (one group element). Thus, our scheme can be applied in low storage environments.4. We carry out cryptanalysis and improvement of Xiong et al.’ certificateless aggregate signature. Recently, Xiong et al. presented an efficient certificateless aggregate signature scheme. They claimed that their scheme was provably secure in a strengthened security model, where the "malicious-but-passive" KGC attack was considered. However, we show that Xiong et al.’s certificateless aggregate signature scheme is even not secure against "honest-but-curious" KGC attack, and the corresponding improved scheme with really secure against "malicious-but-passive" KGC attack in the random oracle model is proposed. Performance analysis shows that our new scheme is efficient and practical.5. We carry out cryptanalysis and improvement of Zhang et al.’ certificateless partially blind signature. In2011, Zhang et al. constructed the first concrete certificateless partially blind signature scheme for electronic cash. We demonstrate that a malicious KGC can forge a signature on any message. Recently, Zhang et al. gave a rescued scheme. Unfortunately, they did not give its formal security proof. We also demonstrate that a malicious user in their rescued scheme can forge a signature on any message by replacing the signer’s public key. Once we apply their schemes to an untraceable electronic cash system, a malicious user or KGC can forge valid electronic coins (i.e., valid signatures) without being detected by the bank. It will result in loss of the bank. We then propose a newly improved certificateless partially blind signature scheme which is existentially unforgeable against adaptive chosen message attack in random oracle model and has higher computational efficiency than Zhang et al.’s rescued scheme. Finally, we give an example of potential application to electronic cash systems using our scheme.6. We propose a corrected version of Liu et al.’s certificateless signcryption scheme. Liu et al.’s scheme is the first certificateless signcryption scheme in the standard model. However, their scheme is proved to have some security weaknesses. In this paper, we propose a corrected version of Liu et al.’s scheme and prove our scheme is indistinguishable against adaptive chosen ciphertext attacks and is existentially unforgeable against chosen message attacks in the standard model. Performance analysis shows the new scheme has smaller public parameter size than the Liu et al.’s signcryption scheme.