Results 1  10
of
28
A Biometric Identity Based Signature Scheme
, 2004
"... We describe an identity based signature scheme that uses biometric information to construct the public key. Such a scheme would be beneficial in a legal dispute over whether a contract had been signed or not by a user. A biometric reading provided by the alleged signer would be enough to verify th ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
We describe an identity based signature scheme that uses biometric information to construct the public key. Such a scheme would be beneficial in a legal dispute over whether a contract had been signed or not by a user. A biometric reading provided by the alleged signer would be enough to verify the signature. We make use of Fuzzy extractors [7] to generate a key string from a biometric measurement.
Deterministic identitybased signatures for partial aggregation
 J. Comput
, 2006
"... Aggregate signatures are a useful primitive which allows aggregation into a single and constantlength signature many signatures on different messages computed by different users. Specific proposals of aggregate signature schemes exist only for PKIbased scenarios. For identitybased scenarios, wher ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Aggregate signatures are a useful primitive which allows aggregation into a single and constantlength signature many signatures on different messages computed by different users. Specific proposals of aggregate signature schemes exist only for PKIbased scenarios. For identitybased scenarios, where public keys of the users are directly derived from their identities, the signature schemes proposed up to now do not seem to allow constantlength aggregation. We provide an intermediate solution to this problem, by designing a new identitybased signature scheme which allows aggregation when the signatures to be aggregated come all from the same signer. The new scheme is deterministic and enjoys some better properties than the previous proposals; for example, it allows detection of a possible corruption of the master entity. We formally prove that the scheme is unforgeable, in the random oracle model, assuming that the Computational Diffie–Hellman problem is hard to solve.
IDbased Proxy Signature Using Bilinear Pairings
 In: Parallel and Distributed Processing and Applications (ISPA 2005), LNCS 3759
, 2005
"... ..."
Certificateless Signcryption
"... Abstract. Certificateless cryptography achieves the best of the two worlds: it inherits from identitybased techniques a solution to the certificate management problem in publickey encryption, whilst removing the secret key escrow functionality inherent to the identitybased setting. Signcryption s ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Certificateless cryptography achieves the best of the two worlds: it inherits from identitybased techniques a solution to the certificate management problem in publickey encryption, whilst removing the secret key escrow functionality inherent to the identitybased setting. Signcryption schemes achieve confidentiality and authentication simultaneously by combining publickey encryption and digital signatures, offering better overall performance and security. In this paper, we introduce the notion of certificateless signcryption and present an efficient construction which guarantees security under insider attacks, and therefore provides forward secrecy and nonrepudiation. The scheme is shown to be secure using random oracles under a variant of the bilinear DiffieHellman assumption.
Oneway signature chaining: a new paradigm for group cryptosystems
 International Journal of Information and Computer Security
"... In this paper, we describe a new cryptographic primitive called (OneWay) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a “link ” of the chain. The onewayness implies that the chaini ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
In this paper, we describe a new cryptographic primitive called (OneWay) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a “link ” of the chain. The onewayness implies that the chaining process is oneway in the sense that more links can be easily added to the chain. However, it is computationally infeasible to remove any intermediate links without removing all the links. The signatures so created are called chain signatures (CS). We give precise definitions of chain signatures and discuss some applications in trust transfer. We then present a practical construction of a CS scheme that is secure (in the random oracle model) under the Computational DiffieHellman (CDH) assumption in bilinear maps.
An efficient identitybased signature scheme with batch verifications
 In InfoScale ’06
, 2006
"... Mapping messages or user’s identity into a point on elliptic curves is required in many pairingbased cryptographic schemes. In most of these pairingbased schemes, this requirement is realized by a special hash function called MapToPoint function. However, the efficiency of the MapToPoint function ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Mapping messages or user’s identity into a point on elliptic curves is required in many pairingbased cryptographic schemes. In most of these pairingbased schemes, this requirement is realized by a special hash function called MapToPoint function. However, the efficiency of the MapToPoint function is much lower than the general hash functions. In this paper, we propose a new identitybased signature (IBS) scheme without MapToPoint function, which speeds up extracting the secret key and verifying the signatures. The security of the proposed scheme depends on a complex assumption similar to kCAA. Another benefit of the proposed scheme is that it supports batch verifications such that multiple signatures of distinct messages for distinct users are verified simultaneously. The results show that batch verifications on the proposed IBS scheme is much faster than other IBS schemes. Furthermore, the proposed scheme is used to construct an efficient chameleon signature scheme by cooperating with an identitybased chameleon hash function. Keywords: IDbased signature, IDbased chameleon signature, batch verification 1
Strongly unforgeable signatures and hierarchical identitybased signatures from lattices without random oracles
 In PQCrypto
, 2010
"... Abstract. We propose a variant of the “bonsai tree ” signature scheme, a latticebased existentially unforgeable signature scheme in the standard model. Our construction offers the same efficiency as the “bonsai tree” scheme but supports the stronger notion of strong unforgeability. Strong unforgeab ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a variant of the “bonsai tree ” signature scheme, a latticebased existentially unforgeable signature scheme in the standard model. Our construction offers the same efficiency as the “bonsai tree” scheme but supports the stronger notion of strong unforgeability. Strong unforgeability demands that the adversary is unable to produce a new messagesignature pair (m, s), even if he or she is allowed to see a different signature s ′ for m. In particular, we provide the first treeless signature scheme that supports strong unforgeability for the postquantum era in the standard model. Moreover, we show how to directly implement identitybased, and even hierarchical identitybased, signatures (IBS) in the same strong security model without random oracles. An additional advantage of this direct approach over the usual generic conversion of hierarchical identitybased encryption to IBS is that we can exploit the efficiency of ideal lattices without significantly harming security. We equip all constructions with strong security proofs based on mild worstcase assumptions on lattices and we also propose concrete security parameters.
Authenticated Hybrid Encryption for Multiple Recipients
, 2006
"... Authenticated encryption schemes used in order to send one message to one recipient have received considerable attention in the last years. We investigate the case of schemes, we call authenticated 1#n schemes, that allow one to encrypt efficiently in a publickey setting a message for several, ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Authenticated encryption schemes used in order to send one message to one recipient have received considerable attention in the last years. We investigate the case of schemes, we call authenticated 1#n schemes, that allow one to encrypt efficiently in a publickey setting a message for several, say n, recipients in an authenticated manner. We propose formal security definitions for such schemes that work also for n = 1 and which are stronger and/or more general than those currently proposed. We then present a flexible mode of operation that transforms any 1#1 authenticated encryption scheme working on small messages into a 1#n authenticated encryption scheme working on longer messages. We show that it allows the construction of efficient 1#n schemes that are proved secure for the strongest security notion.
A multireceiver IDbased generalized signcryption scheme
"... Generalized signcryption(GSC) can adaptively work as an encryption scheme, a signature scheme or a signcryption scheme with only one algorithm. In this paper, the formal definition and security notions of multireceiver identitybased generalized signcryption (MIDGSC) are defined. A concrete scheme ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Generalized signcryption(GSC) can adaptively work as an encryption scheme, a signature scheme or a signcryption scheme with only one algorithm. In this paper, the formal definition and security notions of multireceiver identitybased generalized signcryption (MIDGSC) are defined. A concrete scheme is also proposed and proved to be confidential under the Bilinear DiffieHellman (BDH) assumption and existential unforgeable under the Computational DiffieHellman(CDH) assumption in the random oracle model, which only needs one pairing computation to generalized signcrypt a single message for n receivers using the randomness reuse technique. Compared with other multireceiver IDbased signcryption schemes, the new scheme is also of high efficiency.