Aggregate signatures are a useful primitive which allows aggregation into a single and constant-length signature many signatures on different messages computed by different users. Specific proposals of aggregate signature schemes exist only for PKI-based scenarios. For identity-based scenarios, where public keys of the users are directly derived from their identities, the signature schemes proposed up to now do not seem to allow constant-length aggregation. We provide an intermediate solution to this problem, by designing a new identity-based signature scheme which allows aggregation when the signatures to be aggregated come all from the same signer. The new scheme is deterministic and enjoys some better properties than the previous proposals; for example, it allows detection of a possible corruption of the master entity. We formally prove that the scheme is unforgeable, in the random oracle model, assuming that the Computational Diffie–Hellman problem is hard to solve.

Identity-based (ID-based) public key cryptosystem can be a good alternative for certificate-based public key setting, especially when e#cient key management and moderate security are required. A proxy signature scheme permits an entity to delegate its signing rights to another entity. But to date, no ID-based proxy signature scheme with provable security has been proposed. In this paper, we formalize a notion of security for ID-based proxy signature schemes and propose a scheme based on the bilinear pairings. We show that the security of our scheme is tightly related to the computational Di#e-Hellman assumption in the random oracle model.

Abstract. Certificateless cryptography achieves the best of the two worlds: it inherits from identity-based techniques a solution to the certificate management problem in public-key encryption, whilst removing the secret key escrow functionality inherent to the identity-based setting. Signcryption schemes achieve confidentiality and authentication simultaneously by combining public-key encryption and digital signatures, offering better overall performance and security. In this paper, we introduce the notion of certificateless signcryption and present an efficient construction which guarantees security under insider attacks, and therefore provides forward secrecy and non-repudiation. The scheme is shown to be secure using random oracles under a variant of the bilinear Diffie-Hellman assumption.

In this paper, we describe the notion of signature chaining which was originally proposed in [1]. Signature chaining is essentially a method of generating proxy signatures. However, the di#erence from most proxy schemes is that in a chained signature, the proxies are generated sequentially rather than in parallel. The purpose of a chaining scheme is to `link' many proxies in a chain of trust. We propose an e#cient protocol using aggregate signatures that enables this to be done in an e#cient and non-interactive manner. Our protocol is based on bilinear pairings and is secure against chosen ciphertext attacks under the Di#e Hellman assumption.

Authenticated encryption schemes used in order to send one message to one recipient have received considerable attention in the last years. We investigate the case of schemes, we call authenticated 1#n schemes, that allow one to encrypt e#ciently in a public-key setting a message for several, say n, recipients in an authenticated manner. We propose formal security definitions for such schemes that work also for n = 1 and which are stronger and/or more general than those currently proposed. We then present a flexible mode of operation that transforms any 1#1 authenticated encryption scheme working on small messages into a 1#n authenticated encryption scheme working on longer messages. We show that it allows the construction of e#cient 1#n schemes that are proved secure for the strongest security notion.

Identity-based (ID-based) public key cryptosystem can be a good alternative for certificate-based public key setting, especially when e#cient key management and moderate security are required. In a (t, n) threshold proxy signature scheme, the original signer delegates the power of signing messages to a designated proxy group of n members. Any t or more proxy signers of the group can cooperatively issue a proxy signature on behalf of the original signer, but t 1 or less proxy signers cannot.

Abstract. In a directed signature scheme, a verifier can exclusively verify the signatures designated to himself, and shares with the signer the ability to prove correctness of the signature to a third party when necessary. Directed signature schemes are suitable for applications such as bill of tax and bill of health. This paper studies directed signatures in the identity-based setting. We first present the syntax and security notion that includes unforgeability and invisibility, then propose a concrete identity-based directed signature scheme from bilinear pairings. We then prove our scheme existentially unforgeable under the computational Diffie-Hellman assumption, and invisible under the decisional Bilinear Diffie-Hellman assumption, both in the random oracle model.

Abstract — Binding services are crucial building blocks in networks and networked applications. A binding service (e.g., the Domain Name System (DNS)) maps certain information, namely, binding keys (e.g., host names), to other information, i.e., binding values (e.g., IP addresses), and answers queries for such key-value bindings. Clearly, building secure binding services that ensure the integrity and authenticity of bindings are vital to the correct operations of many networks and networked applications. In this paper we present a novel approach for building generic secure binding services that allow arbitrary key-value bindings as (trusted) infrastructure services to support a variety of networks and networked applications. We combine the Identity-Based Encryption (IBE) crypto-mechanisms with distributed hash table (DHT) techniques to develop an innovative architecture for building scalable, robust and secure binding services. Using this architecture, we implement a prototype system called Vault and evaluate its performance both in a local testbed and on the PlanetLab. I.

Abstract — Grid and P2P systems enable users to share resources across organization boundaries. A strong security system is an integral component of grid middleware to enable secure resource sharing at a very large scale. P2P grid systems combine approaches from both worlds to share resources at a very large scale. P2P grid systems have a different set of security requirements contrary to the traditional server based centralized grid systems. This paper proposes a decentralized security framework for P2P grid systems. This framework is part of a P2P based data grid middleware DGET (Data Grid Environment and Tools).

E#cient authentication is one of important security requirements in mobile ad hoc network (MANET) routing systems. The techniques of digital signatures are generally considered as the best candidates to achieve strong authentication. However, using normal digital signature schemes is too costly to MANET due to the computation overheads. Considering the feasibility of incorporating digital signatures in MANET, we incorporate the notion of online/o#ine signatures, where the computational overhead is shifted to the o#ine phase. However, due to the diversity of di#erent routing protocols, a universal scheme that suits all MANET routing systems does not exist in the literature. Notably, an authentication scheme for the AODV routing is believed to be not suitable to the DSR routing. In this paper, we first introduce an e#cient ID-based online/o#ine scheme for authentication in AODV and then provide a formal transformation to convert the scheme to an ID-based online/o#ine multisignature scheme. Our scheme is unique, in the sense that a single ID-based online/o#ine signature scheme can be applied to both AODV and DSR routing protocols.