Results 1  10
of
31
IDBased Proxy Signature Using Bilinear Pairings, Available at http://eprint.iacr.org/2004/206
"... ..."
Certificateless Signcryption
"... Abstract. Certificateless cryptography achieves the best of the two worlds: it inherits from identitybased techniques a solution to the certificate management problem in publickey encryption, whilst removing the secret key escrow functionality inherent to the identitybased setting. Signcryption s ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Certificateless cryptography achieves the best of the two worlds: it inherits from identitybased techniques a solution to the certificate management problem in publickey encryption, whilst removing the secret key escrow functionality inherent to the identitybased setting. Signcryption schemes achieve confidentiality and authentication simultaneously by combining publickey encryption and digital signatures, offering better overall performance and security. In this paper, we introduce the notion of certificateless signcryption and present an efficient construction which guarantees security under insider attacks, and therefore provides forward secrecy and nonrepudiation. The scheme is shown to be secure using random oracles under a variant of the bilinear DiffieHellman assumption.
A Biometric Identity Based Signature Scheme
, 2004
"... We describe an identity based signature scheme that uses biometric information to construct the public key. Such a scheme would be beneficial in a legal dispute over whether a contract had been signed or not by a user. A biometric reading provided by the alleged signer would be enough to verify th ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
We describe an identity based signature scheme that uses biometric information to construct the public key. Such a scheme would be beneficial in a legal dispute over whether a contract had been signed or not by a user. A biometric reading provided by the alleged signer would be enough to verify the signature. We make use of Fuzzy extractors [7] to generate a key string from a biometric measurement.
Deterministic identitybased signatures for partial aggregation
 J. Comput
, 2006
"... Aggregate signatures are a useful primitive which allows aggregation into a single and constantlength signature many signatures on different messages computed by different users. Specific proposals of aggregate signature schemes exist only for PKIbased scenarios. For identitybased scenarios, wher ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
Aggregate signatures are a useful primitive which allows aggregation into a single and constantlength signature many signatures on different messages computed by different users. Specific proposals of aggregate signature schemes exist only for PKIbased scenarios. For identitybased scenarios, where public keys of the users are directly derived from their identities, the signature schemes proposed up to now do not seem to allow constantlength aggregation. We provide an intermediate solution to this problem, by designing a new identitybased signature scheme which allows aggregation when the signatures to be aggregated come all from the same signer. The new scheme is deterministic and enjoys some better properties than the previous proposals; for example, it allows detection of a possible corruption of the master entity. We formally prove that the scheme is unforgeable, in the random oracle model, assuming that the Computational Diffie–Hellman problem is hard to solve.
Oneway signature chaining: a new paradigm for group cryptosystems
 International Journal of Information and Computer Security
"... In this paper, we describe a new cryptographic primitive called (OneWay) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a “link ” of the chain. The onewayness implies that the chaini ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
In this paper, we describe a new cryptographic primitive called (OneWay) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a “link ” of the chain. The onewayness implies that the chaining process is oneway in the sense that more links can be easily added to the chain. However, it is computationally infeasible to remove any intermediate links without removing all the links. The signatures so created are called chain signatures (CS). We give precise definitions of chain signatures and discuss some applications in trust transfer. We then present a practical construction of a CS scheme that is secure (in the random oracle model) under the Computational DiffieHellman (CDH) assumption in bilinear maps.
Strongly unforgeable signatures and hierarchical identitybased signatures from lattices without random oracles
 In PQCrypto
, 2010
"... Abstract. We propose a variant of the “bonsai tree ” signature scheme, a latticebased existentially unforgeable signature scheme in the standard model. Our construction offers the same efficiency as the “bonsai tree” scheme but supports the stronger notion of strong unforgeability. Strong unforgeab ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a variant of the “bonsai tree ” signature scheme, a latticebased existentially unforgeable signature scheme in the standard model. Our construction offers the same efficiency as the “bonsai tree” scheme but supports the stronger notion of strong unforgeability. Strong unforgeability demands that the adversary is unable to produce a new messagesignature pair (m, s), even if he or she is allowed to see a different signature s ′ for m. In particular, we provide the first treeless signature scheme that supports strong unforgeability for the postquantum era in the standard model. Moreover, we show how to directly implement identitybased, and even hierarchical identitybased, signatures (IBS) in the same strong security model without random oracles. An additional advantage of this direct approach over the usual generic conversion of hierarchical identitybased encryption to IBS is that we can exploit the efficiency of ideal lattices without significantly harming security. We equip all constructions with strong security proofs based on mild worstcase assumptions on lattices and we also propose concrete security parameters.
An efficient identitybased signature scheme with batch verifications
 In InfoScale ’06
, 2006
"... Mapping messages or user’s identity into a point on elliptic curves is required in many pairingbased cryptographic schemes. In most of these pairingbased schemes, this requirement is realized by a special hash function called MapToPoint function. However, the efficiency of the MapToPoint function ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Mapping messages or user’s identity into a point on elliptic curves is required in many pairingbased cryptographic schemes. In most of these pairingbased schemes, this requirement is realized by a special hash function called MapToPoint function. However, the efficiency of the MapToPoint function is much lower than the general hash functions. In this paper, we propose a new identitybased signature (IBS) scheme without MapToPoint function, which speeds up extracting the secret key and verifying the signatures. The security of the proposed scheme depends on a complex assumption similar to kCAA. Another benefit of the proposed scheme is that it supports batch verifications such that multiple signatures of distinct messages for distinct users are verified simultaneously. The results show that batch verifications on the proposed IBS scheme is much faster than other IBS schemes. Furthermore, the proposed scheme is used to construct an efficient chameleon signature scheme by cooperating with an identitybased chameleon hash function. Keywords: IDbased signature, IDbased chameleon signature, batch verification 1
Identitybased threshold proxy signature from bilinear pairings
 Informatica
, 2010
"... Abstract. Delegation of rights is a common practice in the real world. We present two identitybased threshold proxy signature schemes, which allow an original signer to delegate her signing capability to a group of n proxy signers, and it requires a consensus of t or more proxy signers in order to ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Delegation of rights is a common practice in the real world. We present two identitybased threshold proxy signature schemes, which allow an original signer to delegate her signing capability to a group of n proxy signers, and it requires a consensus of t or more proxy signers in order to generate a valid signature. In addition to identitybased scheme, privacy protection for proxy singers and security assurance are two distinct features of this work. Our first scheme provides partial privacy protection to proxy signers such that all signers ’ identities are revealed, whereas none of those t participating signers is specified. On the other hand, all proxy signers remain anonymous in the second scheme. This provides a full privacy protection to all proxy signers; however, each valid signature contains a tag that allows one to trace all the participating proxy signers. Both our proposed schemes are secure against unforgeability under chosen message attack, and satisfy many other necessary conditions for proxy signature.
Identity based threshold proxy signature. Cryptology ePrint Archive, Report 2004/250
, 2004
"... ..."
EPPDR: An Efficient PrivacyPreserving Demand Response Scheme with Adaptive Key Evolution in Smart Grid
"... Abstract—Smart grid has recently emerged as the next generation of power grid due to its distinguished features, such as distributed energy control, robust to load fluctuations, and close usergrid interactions. As a vital component of smart grid, demand response can maintain supplydemand balance a ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract—Smart grid has recently emerged as the next generation of power grid due to its distinguished features, such as distributed energy control, robust to load fluctuations, and close usergrid interactions. As a vital component of smart grid, demand response can maintain supplydemand balance and reduce users ’ electricity bills. Furthermore, it is also critical to preserve user privacy and cyber security in smart grid. In this paper, we propose an efficient privacypreserving demand response (EPPDR) scheme which employs a homomorphic encryption to achieve privacypreserving demand aggregation and efficient response. In addition, an adaptive key evolution technique is further investigated to ensure the users ’ session keys to be forward secure. Security analysis indicates that EPPDR can achieve privacypreservation of electricity demand, forward secrecy of users ’ session keys, and evolution of users ’ private keys. In comparison with an existing scheme which also achieves forward secrecy, EPPDR has better efficiency in terms of computation and communication overheads, and can adaptively control the key evolution to balance the tradeoff between the communication efficiency and security level.