Skip to main content
Springer Nature Link
Log in

Certificate-Based Signature: Security Model and Efficient Construction

  • Conference paper
Public Key Infrastructure (EuroPKI 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4582))

Included in the following conference series:

Abstract

In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2) solving the certificate revocation problem, and (3) eliminating third-party queries in the traditional PKI. In addition, it also solves the inherent key escrow problem in the identity-based cryptography. In this paper, we first introduce a new attack called the “Key Replacement Attack” in the certificate-based system and refine the security model of certificate-based signature. We show that the certificate-based signature scheme presented by Kang, Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks. We then propose a new certificate-based signature scheme, which is shown to be existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model. Compared with the certificate-based signature scheme in CT-RSA 2004, our scheme enjoys shorter signature length and less operation cost, and hence, our scheme outperforms the existing schemes in the literature.

The work is supported by the National Natural Science Foundation of China (No. 60673070), Natural Science Foundation of Jiangsu Province (No. BK2006217), and the Project of Jiangsu Province Police Ministry (No. 200503002).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Shamir, A.: Identity-based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)

    Chapter  Google Scholar 

  2. Boneh, D., Franklin, M.: Identity-based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 229–231. Springer, Heidelberg (2001)

    Google Scholar 

  3. Al-Riyami, S.S., Paterson, K.G.: Certificateless Public Key Cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)

    Google Scholar 

  4. Al-Riyami, S.S., Paterson, K.G.: CBE from CL-PKE: A Generic Construction and Efficient Schemes. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 398–415. Springer, Heidelberg (2005)

    Google Scholar 

  5. Huang, X., Susilo, W., Mu, Y., Zhang, F.T.: On the Security of Certificateless Signature Schemes from Asiacrypt 2003. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 13–25. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Hu, B.C., Wong, D.S., Zhang, Z.F., Deng, X.T.: Key Replacement Attack Against a Generic Construction of Certificateless Signature. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 235–246. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Kang, B.G., Park, J.H., Hahn, S.G.: A Certificate-based Signature Scheme. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 99–111. Springer, Heidelberg (2004)

    Google Scholar 

  8. Micali, S.: Novomodo: Scalable Certificate Validation and Simplified PKI Management. In: Proc. of 1st Annual PKI Research Workshop (2002), available at http://www.cs.dartmouth.edu/pki02/

  9. Gentry, C.: Certificate-based Encryption and the Certificate Revocation Problem. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Guttman, P.: PKI: Its not Dead, Just Resting. IEEE Computer 35, 41–49 (2002), Extended version available at www.cs.auckland.ac.nz/pgut001/pubs/notdead.pdf

    Google Scholar 

  11. Kang, B.G., Park, J.H.: Is It Possible to Have CBE from CL-PKE? Cryptology ePrint Archive, Report 2005/431

    Google Scholar 

  12. Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. In: Proc. of 7th Annual USENIX Security Symposium (1998), available at http://www.wisdom.weizmann.ac.il/kobbi/papers.html

  13. Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Aiello, W., Lodha, S., Ostrovsky, R.: Fast Digital Identity Revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 137–152. Springer, Heidelberg (1998)

    Google Scholar 

  15. Yum, D.H., Lee, P.J.: Identity-based Cryptography in Public Key Management. In: Katsikas, S.K., Gritzalis, S., Lopez, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 71–84. Springer, Heidelberg (2004)

    Google Scholar 

  16. Yum, D.H., Lee, P.J.: Generic Construction of Certificateless Encryption. In: Laganà, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 802–811. Springer, Heidelberg (2004)

    Google Scholar 

  17. Dodis, Y., Katz, J.: Chosen-Ciphertext Security of Multiple Encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 188–209. Springer, Heidelberg (2005)

    Google Scholar 

  18. Galindo, D., Morillo, P., Ráfols, C.: Breaking Yum and Lee Generic Constructions of Certificate-Less and Certificate-Based Encryption Schemes. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 81–91. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer and Information Engineering, Hohai University, Nanjing, 210098, P.R. China

    Jiguo Li

  2. Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia

    Xinyi Huang, Yi Mu, Willy Susilo & Qianhong Wu

Authors
  1. Jiguo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinyi Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qianhong Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Javier Lopez Pierangela Samarati Josep L. Ferrer

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, J., Huang, X., Mu, Y., Susilo, W., Wu, Q. (2007). Certificate-Based Signature: Security Model and Efficient Construction. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73408-6_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73407-9

  • Online ISBN: 978-3-540-73408-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics