Abstract
In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2) solving the certificate revocation problem, and (3) eliminating third-party queries in the traditional PKI. In addition, it also solves the inherent key escrow problem in the identity-based cryptography. In this paper, we first introduce a new attack called the “Key Replacement Attack” in the certificate-based system and refine the security model of certificate-based signature. We show that the certificate-based signature scheme presented by Kang, Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks. We then propose a new certificate-based signature scheme, which is shown to be existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model. Compared with the certificate-based signature scheme in CT-RSA 2004, our scheme enjoys shorter signature length and less operation cost, and hence, our scheme outperforms the existing schemes in the literature.
The work is supported by the National Natural Science Foundation of China (No. 60673070), Natural Science Foundation of Jiangsu Province (No. BK2006217), and the Project of Jiangsu Province Police Ministry (No. 200503002).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Shamir, A.: Identity-based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Boneh, D., Franklin, M.: Identity-based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 229–231. Springer, Heidelberg (2001)
Al-Riyami, S.S., Paterson, K.G.: Certificateless Public Key Cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)
Al-Riyami, S.S., Paterson, K.G.: CBE from CL-PKE: A Generic Construction and Efficient Schemes. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 398–415. Springer, Heidelberg (2005)
Huang, X., Susilo, W., Mu, Y., Zhang, F.T.: On the Security of Certificateless Signature Schemes from Asiacrypt 2003. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 13–25. Springer, Heidelberg (2005)
Hu, B.C., Wong, D.S., Zhang, Z.F., Deng, X.T.: Key Replacement Attack Against a Generic Construction of Certificateless Signature. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 235–246. Springer, Heidelberg (2006)
Kang, B.G., Park, J.H., Hahn, S.G.: A Certificate-based Signature Scheme. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 99–111. Springer, Heidelberg (2004)
Micali, S.: Novomodo: Scalable Certificate Validation and Simplified PKI Management. In: Proc. of 1st Annual PKI Research Workshop (2002), available at http://www.cs.dartmouth.edu/pki02/
Gentry, C.: Certificate-based Encryption and the Certificate Revocation Problem. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003)
Guttman, P.: PKI: Its not Dead, Just Resting. IEEE Computer 35, 41–49 (2002), Extended version available at www.cs.auckland.ac.nz/pgut001/pubs/notdead.pdf
Kang, B.G., Park, J.H.: Is It Possible to Have CBE from CL-PKE? Cryptology ePrint Archive, Report 2005/431
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. In: Proc. of 7th Annual USENIX Security Symposium (1998), available at http://www.wisdom.weizmann.ac.il/kobbi/papers.html
Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)
Aiello, W., Lodha, S., Ostrovsky, R.: Fast Digital Identity Revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 137–152. Springer, Heidelberg (1998)
Yum, D.H., Lee, P.J.: Identity-based Cryptography in Public Key Management. In: Katsikas, S.K., Gritzalis, S., Lopez, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 71–84. Springer, Heidelberg (2004)
Yum, D.H., Lee, P.J.: Generic Construction of Certificateless Encryption. In: Laganà, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 802–811. Springer, Heidelberg (2004)
Dodis, Y., Katz, J.: Chosen-Ciphertext Security of Multiple Encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 188–209. Springer, Heidelberg (2005)
Galindo, D., Morillo, P., Ráfols, C.: Breaking Yum and Lee Generic Constructions of Certificate-Less and Certificate-Based Encryption Schemes. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 81–91. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, J., Huang, X., Mu, Y., Susilo, W., Wu, Q. (2007). Certificate-Based Signature: Security Model and Efficient Construction. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-73408-6_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73407-9
Online ISBN: 978-3-540-73408-6
eBook Packages: Computer ScienceComputer Science (R0)