Analysis And Design Of Certificateless Encryption Schemes Against Malicious KGC Attacks

To overcome the problem of key escrow in identity-based public key cryptography (ID-PKC) and avoid the use of certificate like in public key infrastructure(PKI), Al-Riyami and Paterson introduced the original concept of certificateless public key cryptography(CL-PKC) in AsiaCrypt2003. Since its introduction, many certifi-cateless cryptographic schemes have been published and proved in their security model, but almost all of them have an implicit assumption that the key gener-ation center(KGC) starts launching attacks only after it has generated a master public/secret key pair honestly. In2007, Au et al. pointed out that the implicit assumption is not reasonable and proposed the original notion of malicious KGC. In their improved security model, a malicious KGC refers to a stronger type II adversary who is allowed to make an attack from setting up the system. So, a certificateless cryptographic scheme secure against a malicious KGC attack is more practical in real applications. However, almost all the certificateless cryptograph-ic schemes proposed in recent years are still insecure against the malicious KGC attacks.The thesis focuses on the analysis and design of certificateless encryption(CLE) schemes secure against malicious KGC attacks in the standard model. The con-tributions are divided into two parts. The first part is cryptanalysis and attacks against some existing CLE schemes. The another is that we introduce two new CLE schemes against malicious KGC and prove its security without using random oracle.First of all, the thesis analyzes the security of two existing CLE schemes which were claimed secure against malicious KGC attacks in the standard model. One of the two CLE schemes was proposed by Zhang et al. Although they proved that their CLE schemes was chosen-ciphertext secure in the standard model, actually, the CLE schemes cannot resist attacks from a malicious KGC. The thesis show an attack that demonstrates a malicious KGC can easily decrypt a target ciphertext using chosen ciphertext attack. The another CLE scheme introduced by Hwang et al. is also insecure under chosen ciphertext attacks because it can not meet the requirements of the indistinguishability of ciphertext. From the above, our cryptanalysis shows that both of the schemes are actually insecure in the security model. We will give the details of the special attacks in chapter4.Next, the thesis introduces two new constructions of certificateless encryption schemes in the standard model. One of constructions can be regarded as a modifi- cation to Zhang et al.’s scheme. This CLE scheme not only overcomes the security drawbacks of Zhang et al.’s scheme, but also preserves its most distinctive feature of a short public key length. Comparing with the first CLE scheme, the another can be considered as an improvement to Hwang et al.’s scheme. It can also with-stand public key replacement attacks as well as the malicious KGC attacks. Both of constructions make use of bilinear maps and their formal security proofs are shown in the standard model assuming the intractability of DBDH problem and the de-cisional truncated q-ABDHE problem. At last, the thesis also briefly analyze the performance of our new schemes and make a comparison with several existing CLE schemes claimed secure against malicious KGC attacks.