Font Size: a A A

Studies Of Certificateless Signature Against Malicious-but-passive KGC Attacks In The Standard Model

Posted on:1019-04-05Degree:DoctorType:Dissertation
Country:ChinaCandidate:W J YangFull Text:PDF
GTID:1368330563995108Subject:Computer Science and Technology
Abstract/Summary:PDF Full Text Request
In Asiacrypt 2003,Al-Riyami and Paterson proposed the concept of certificateless cryptography.It eliminates the key escrow problem associated with identity-based cryptography without requiring the introduction of public key certificates.From then on,lots of efforts have been made in this area.Unfortunately,almost all of previous protocols have an unreasonable implicit assumption: the key generation center(KGC)is not allowed to launch attacks until it has generated a master public/secret key pair honestly according to protocol specification.Before long,Au et al.improved the original security model and addressed a malicious-but-passive KGC.Here,the malicious-butpassive KGC can set some computationally indistinguishable trapdoors in the system parameters adaptively at the beginning of system initialization.It seems to be more natural if we consider this KGC to have already been malicious at the very beginning of the setup of the system.Thus,designing certificateless protocols secure against maliciousbut-passive KGC attacks is of more value for academic research.Digital signature protocol and its extention,which can provide integrity,authentication and non-repudiation for online activities,are always seen as a very important branch in certificateless settings.In this thesis,we focus on researching certificateless protocols provably secure against malicious-but-passive KGC attack in the standard model,including certificateless signature protocol,certificateless threshold signature protocol and certificateless proxy signature protocol,and achieve the following results:1.Certificateless Signature(CLS)Protocol.This thesis cryptanalyzes Pang et al.'s and Hung et al.'s CLS protocols,and indicates that the two protocols cannot meet the requirements of unforgeability under the malicious-but-passive KGC attack.In Hung et al.'s protocol,even any third party can easily forge a new signature on a previously signed message under its adversarial model.In addition,it gives some concrete attacks and briefly analyzes the reasons why the provably secure protocols are insecure following their security model.Further,with different environment,this thesis also constructs an unforgeable CLS protocol and a stronglyunforgeable CLS protocol,and strictly proves their security against maliciousbut-passive KGC attack in the standard model.2.Certificateless Threshold Signature(CLTS)Protocol.We refine CLTS definition and its security model,and show two practical attacks on the latest fully distributed CLTS protocol proposed by Hu et al.under their security model and the improved security model,respectively.In addition,we also point out that there are some fatal flaws in their security proof.As an intermediate step,we present a single-KGC CLTS protocol based on the first basic CLS protocol by employing verifiable secret sharing and distributed key generation.Further,to avoid single point of failure and abuse caused by the only KGC,we introduce the concept of distributed KGCs into the single-KGC CLTS protocol and construct the first concrete fully distributed CLTS protocol which is proven to be existentially unforgeable against malicious-but-passive KGC attacks in the standard model.3.Certificateless Proxy Signature(CLPS)Protocol.The primitive allows an original signer to delegate his/her signing right to proxy signer for easily handling transaction.Until now,how to construct a CLPS protocol which is proven to be secure against malicious-but-passive KGC attack in the standard model is still an open problem.In this thesis,we focus on the interesting problem and introduce the first CLPS protocol provably secure against malicious-but-passive KGC attacks without using random oracle.During the proof process,a classic difficulty problem instance is embedded into the target entity public key rather than the system parameters.We successfully address the challenge about how to link the security of a protocol to a specific difficulty problem.
Keywords/Search Tags:certificateless cryptography, malicious-but-passive KGC attack, digital signature, threshold signature, proxy signature, standard model
PDF Full Text Request
Related items