1. Introduction
The objective of public key cryptography (PKC) and digital signature is used to increase the privacy of the data by achieving the four important security requirements such as confidentiality, integrity, authentication, and non-repudiation. A traditional way of obtaining these four security goals is first to sign then apply the encryption algorithm on the message. Recently those most popular research areas such as cloud email systems, computer communications, a delegation of organizational power and electronic transactions need both security requirements. Because of the high computational cost and communication overhead, it’s difficult to achieve all these goals simultaneously with the traditional approach. In 1997, Zheng [1] made the signcryption idea that accomplishes both confidentiality and authentication in a single reasonable step with better performance than the traditional methods. Later, many signcryption schemes have been proposed [2-9]. Some of these are proxy signcryption [6-8] which efficiently combines the idea of proxy signature with the signcryption scheme, and allows an entity to delegate its signcryption authority to a trusted agent on PKI framework. To solve the key management processes in PKI, the idea of ID-based cryptography (IBC) was developed by Shamir [10] in 1984. In ID-based cryptography, the recognized string (ASCII string ) or identity such as email addresses, postal code, social security number represents an individual or organization public key, while the private key of user’s is generated by PKG from their identity information. Malone-Lee [11] extended the signcryption idea to an ID-based signcryption scheme. Ever since many ID-based signatures [12-15] and signcryption [16-20] schemes have been proposed. Their key objective is to decrease the computational costs and develop efficient ID-based signcryption schemes. Now let’s consider the situation when the manager of a company went for a business trip for a short or long period of time, in order to be effective at work and accomplish things on time he/she must delegate his/her signcryption authority to a proxy signcryptor who can legitimately signcrypt on behalf of him/her. So, this kind of situation must fulfill all the security requirements and the delegation process must be done in a secure and authentic way. The basic idea of our SE-IDPSC-CS scheme is as follow; the manager of the company officially delegate his/her signcryption authorization to his/her proxy agent and the proxy agent act as a manager and generate signcrypted messages on his/her behalf by using special information called “ proxy key”. Then the proxy agent uploads the signcrypted ciphertext to a trusted cloud service provider (CSP). Finally, the authorized user can download, recover and verify its source and validity at any time from any place through the Internet. Recently, Li and Chen [20] made ID-based proxy signcryption model, but their scheme is not secure and proxy protected, because the delegator is the only one who generates the proxy key without the knowledge of the proxy agent and they simply added the proxy key on [20] signcryption algorithm, if the original signcrypter remove the proxy key he/she will recover the message. Chen et al. [22] presented a probably secure ID-based proxy signcryption model under CDHP and BDHP assumptions. Ming et al. [23] constructed an ID-based proxy signcryption model without random oracles. Zhou [24] developed secure ID-based generalized proxy signcryption without random oracles from bilinear pairings and H Yu [25] proposed an ID-based proxy signcryption protocol with UC. But still, now all the above schemes consume high computational cost. This paper explains a new secure and efficient identity-based proxy signcryption in cloud data sharing (SE-IDPSC-CS) which is more secure and efficient than the existing schemes. The design philosophy behind our proposed scheme is as follow, the manager of the company that is the original signcryptor officially delegate his/ her signcryption authority to proxy signcryptor, who then act as a manager and generate a signcrypted messages on his/her behalf and upload the signcrypted ciphertext to cloud service provider (CSP), it is a trusted server which supplies storage services and sends the signcrypted ciphertexts to an authorized user. Finally, an authorized user download, decrypt and confirm the source and validness of the message. We also proof the security of the scheme in terms of IND-IDPSC-CS-CCA2 and EF-IDPSC-CS-CMA under DBDH and CDH problems respectively. We organized the paper as follows. We define the preliminary work and the basic notations in section 3. The details of the system model, the overall framework and the security definition are presented in section 4. Section 5, provide the details of the construction while section 6 and section 7 describe security proof and performance analysis respectively. Finally, we conclude the paper in sections 8.
2. Related Work
A proxy signcryption [6-8] is a cryptographic algorithm that merges the idea of signcryption and algorithm with a proxy signature. In cryptography, signcryption is a cryptographic algorithm that achieves the functionality of both confidentiality and authentication in a single reasonable step with better performance than a traditional approach. The first signcryption scheme was proposed by Y. Zheng [1] later, several signcryption schemes have been proposed [2-8]. Proxy signature model, allows an entity officially delegate his/her signing right to someone so that he/she can sign a message on his/her behalf. The first proxy signature was proposed by Mambo et al. [26]. Later many proxy signature schemes [27-28] have been proposed. To solve key controlling processes in PKI, the concept of ID-based cryptography (IBC) was developed by Shamir [10] in 1984. In ID-based cryptography, the well-known string (ASCII string ) or identity such as email address, postal code, social security number represents an individual or organization public key, while the secret key of the user's generated by PKG from their identity data. Later, several well-organized ID-based signatures [29-31] and ID-based schemes using pairings [32-33] have been proposed. Later many new ID-based signatures [34-35] and signcryption [18-20] schemes have been proposed. Malone-Lee [11] elaborated the signcryption idea to an ID-based signcryption scheme. Ever since many ID-based signcryption schemes have been proposed [15-20]. Recently, Li and Chen proposed an ID-based proxy signcryption scheme [21]. However, their scheme is not proxy protected and does not meet the unforgeability and forward security. In 2005, Wang and Cao [36] proposed an ID-based proxy signature and proxy signcryption scheme, which is based on [18] and is efficient than [21] in terms of computational point of view. Chen et al. [22] presented a probably secure ID-based proxy signcryption model under CDHP and BDHP assumptions. Ming et al. [23] constructed an ID-based proxy signcryption model without random oracles. Zhou [24] developed secure ID-based generalized proxy signcryption without random oracles from bilinear pairings and H Yu [25] proposed an ID-based proxy signcryption protocol with UC. Later Many schemes have been proposed for efficient and secure data accessing [37-40]. In this paper, by combining the idea of ID-based signcryption and proxy signature schemes, we proposed a new secure and efficient identity-based proxy signcryption in cloud data sharing (SE-IDPSC-CS) scheme, which is secure and efficient than the above schemes. In this scheme, after validating the identity of the delegator the proxy agent creates valid signcrypted ciphertext and uploads it to a cloud service provider (CSP). Moreover, only the authorized user can download, decrypt and confirm the source and authenticity of the message. Compared to the above schemes our scheme archived the necessary security requirements.
3. Preliminaries
In this section, we briefly define the bilinear pairings and notations.
3.1 Bilinear Pairings
Let G1 additive and G2 multiplicative cyclic groups having similar prime order q. Let a, b ∊ Zq* and G1 is generated by P. A bilinear map ê : G1 × G1 → G2 has the following properties:
a. Bilinear : (aP, bQ)=(P,Q)ab for all P, Q ∊ G1, a,b ∊ Zq*.
b. Non-degenerate : P, Q ∊ G1 so that, ê(P, Q) ≠ 1 , where is the identity of G2.
c. Computability : for all P,Q ∊ G1, ê(P, Q) efficiently computable.
The revised Weil pairing and Tate pairing is acceptable applications [31]. The security of our EF-IDPSC-CS model depends on the following hard Diffie-Hellman problems. Given G1 additive and G2 multiplicative cyclic groups of the same prime order q. Let a,b ∊ Zq* and G1 is generated by P, a bilinear map ê : G1 × G1→G2 :
a. Computational Diffie-Hellman Problem (CDHP): The CDHP in G1 is to calculate given (P, aP, bP) for a, b ∊ Zq*.
a. Decisional Bilinear Diffie-Hellman Problem (DBDHP): Assumed a set (P, aP, bP, cP) and an element h ∊ G2, the DBDHP to decide whether h=ê(P, P)abc or not. We define the benefit of the adversary C against the DBDHP like this: Adv(C) = |Pa,b,c ∊ Zq*, h ∊ G2 [1←C(aP, bP, cP, h)] - Pa,b,c ∊ Zq* [1←C(aP, bP, cP, ê(P, P)abc)]|
The DBDHP normally not harder than CDHP.
3.2 Notations
The notations used in this paper are listed in Table 1.
Table 1. Acronym and Description
4. System model, Framework and Security definition
In this section, we will define the system model, framework and security definition of the scheme.
4.1 System Model
According to Fig. 1, the architecture of SE-IDPSC-CS scheme consists of the following entities:
a. PKG: This is a trusted authority used to compute the user’s private key from their identity information.
b. Delegator (Alice): This entity wants to delegate his/her signcryption authority to his/her proxy signcryptor (Bob).
c. Proxy Signcryptor (Bob): This is an entity that generates a signcrypted message on behalf of the delegator (Alice) by using the special information called ”proxy key” and uploads it to a trusted cloud service provider (CSP).
d. Cloud service provider (CSP): This entity supplies the storage service and sends the signcrypted ciphertext to an authorized user.
e. Receiver (Charlie): An entity who download, wants to recover the message content and verify it's validity at any time, from anywhere through the Internet.
Fig. 1. Model of the SE-IDPSC-CS scheme.
4.2 Framework of SE-IDPSC-CS scheme
Our scheme contains the following six algorithms, including the delegator (Alice) QIDA, proxy signcryptor (Bob) QIDB, receiver (Charlie) QIDC and the cloud service provider (CSP).
1. Setup: On input the security parameter k, PKG output the public params, and keep the master key s to itself.
2. Extract: On input, params, identity ID, and master secret key s returns the private key SID of , ID the PKG must transmit it to corresponding entities in a secure way. Assume (QIDA, SIDA) is delegator key pairs, (QIDB, SIDB) proxy signcryptor key pairs and (QIDC, SIDC) is receiver's key pairs.
3. Proxy Credential: This is an algorithm run by delegator that takes on input params, delegator private key SIDA, and warrant mw(mw contains the delegation time, identities of the delegator and proxy signcrypter), output a proxy credential SPC and sends (SPC, mw) to a delegatee. There is a clear explanation of the delegation privileges and some common information about the delegator and proxy signcrypter in the warrant mw such that a receiver can use it as verification information.
4. PKeyGen: An algorithm run by proxy signcryptor (Bob) which takes params, warrant mw, proxy credential SPC and delegatee private key SIDβ as input. Outputs a proxy key Skap.
5. Proxy Signcryption: An algorithm run by proxy signcryptor (Bob) that take on input params, the identity of the receiver QIDC, the proxy key Skap, a warrant mw, and a message m. Output a signcryption ciphertext CT.
6. Unsigncryption: On input, public parameters params ciphertext CT and SIDC of the receiver, then confirm whether the ciphertext CT is correct, if “yes” continue and output the plaintext m, otherwise, output ⊥.
4.3 Security Definition
We use a security game to describe the confidentiality and unforgeability of the message, here C is a challenger and A is an adversary respectively. We define two security models for these notions as follows:
Definition 1. We say that a SE-IDPSC-CS scheme is said to achieve the security requirement of IND-SE-IDPSC-CS-CCA2 if no polynomial-time adversaries who have a non-negligible advantage win in the following game:
Initial: C runs Setup algorithm to get params and s. Then send params A and keeps s to itself.
Phase 1: A adaptively performs several kinds of queries; each query may be dependent on the outcome of the previous queries:
Extract query QExtract(ID): A chooses an identity ID. C runs Extract (ID) and SID to A.
a. Proxy Credential query QPC(params, SIDi, mw) : A issues a proxy credential request with respect to the delegatee. C returns a warrant mw and proxy credential Spc.
b. PKeyGen query QPKeyGen(SIDj, Spc) : A selects two identities IDi, IDj, for a given identity IDi and IDj, C first runs the QPC query to get Spc. Then C runs PKeyGen(Spc, SIDj) and returns Skap to A.
c. Proxy Signcryption query QPSC(m, SIDj, IDu, Skap) : A selects a message m and three identities IDi, IDj and IDC. C first, run Extract and Proxy Credential to get the private keys of SIDi, SIDj and the proxy credential Spc, then run PKeyGen(Spc, SIDj) to get Skap. Finally, C it runs PSC(m, SIDj, IDC, Skap) and sends the result CT to A.
d. Unsigncryption query QUS(CT, IDi, IDj, IDC) : A chooses a ciphertext CT and three identities IDi, IDj and IDC. C first, run an Extract algorithm to get the SIDC. Then C runs USC(CT, IDi, IDj, SIDC) and sends the output to A. This output can be the symbol ⊥ if CT is an invalid ciphertext.
Challenge: A choose two plaintext M0, M1 ∊ M and two identities IDB, IDCon which he wishes to be challenged. He cannot have asked the private key corresponding to neither IDB nor IDC in the first stage. C chooses a random bit b ∊ {0, 1}and computes C = signcryption (Mb, SIDB, IDC) that is sent to A.
Phase 2: perform again a polynomial limited number of requests like in Phase 1. Except for the Extract query on IDB nor IDC and the plaintext corresponding to C.
Guess: creates a guess a bit b´ and wins the game if b´=b. We define A's advantage as Adv(A) = \(\left|\operatorname{Pr}\left[b^{\prime}=b\right]-\frac{1}{2}\right|\).
Definition 2. A SE-IDPSC-CS scheme is said to achieve the security requirement of EF-SE-IDPSC-CS-CMA if no polynomially time adversaries who have a non-negligible advantage in the following game:
Initial: C runs Setup algorithm to get params and s. Then sends params to F.
The adversary F performs a polynomial limited number of requests just like in the gam IND-SE-IDPSC-CS-CCA2.
Finally, F produces a new triple (CT, IDB, IDC), where the secret key of IDB was not asked in the 2nd phase and F wins the game if the output of Unsigncryption (CT, SIDB, IDC) is not ⊥ a symbol. The advantage of F's is simply its probability of a win.
5. Construction
In this section, we briefly describe the six algorithms of our SE-IDPSC-CS scheme.
1. Setup (k) : on input the security parameters k, the PKG choose two groups G1 and G2 of prime order q, a generator of G1 a bilinear map ê : G1 × G1→G2 and hash functions H1 : {0, 1}* → G1, H2 : {0, 1}* → Zq*, H3 : G2 → {0,1 }n, H4 : {0, 1}n × G2 → Zq*. The PKG randomly chooses s ∊ Zq* as a master key and calculates Ppub=sP. It also chooses a secure symmetric cipher(E, D). Then PKG publishes the system public parameters as params : {G1, G2, n, ê, P, Ppub, H1, H2, H3, H4, E, D} and keeps the master key s secret. Where n is the bit length of a message.
2. Extract (ID) : on input an identity ID, the PKG computes QID = H1(ID) and SID = sQID, as the public and private keys of the user's respectively and transmit the private key SID = sQID to its owner in a secure way.
3. Proxy Credential (params, SIDA, mw) : On input params, a delegator private key SIDA, and a warrant mw. Then, delegator generates a proxy credential Spc as follows:
x ∊ Zq*
U = xP
z = H2(mw, U)
Spc = zSIDA + xPpub
sends (mw, U, Spc) to a proxy signcryptor. There is a clear explanation of the delegation privileges and some common information about original and proxy signcrypter in the mw which helps the receiver for verification.
4. PKeyGen (mw, U, SPC, SIDB): Upon receiving (mw, U, SPC), the proxy signcryptor confirms the validity of the received proxy credential by computing:
ê(P, SPC) = ê(Ppub, zQIDA + U) (1)
Here, we show the verification process for Equ (1):
ê(P, SPC) = ê(Ppub, zQIDA + U)
= ê(P, zsQIDA = xsP)
= ê(P, zSIDA + xPpub)
= ê(P, SPC)
If Equ (1) is true, the proxy signcryptor computes the proxy key as follow
Skap = zSIDB + SPC
keep Skap to itself and later it will be used to signcrypt message on behalf of the delegator.
5. Proxy Signcryption (paramas, m , QIDC, Skap, SIDS, mw): When the proxy signcryptor wants to signcrypt a message m ∊ {0, 1}n, on behalf of the delegator he/she first chooses xl ∊ Zq* and then computes
QIDC = H1(IDC)
K1 = ê(P, Ppub)x´
k2 = H3(ê(Ppub, QIDC)x´)
c = Ek2(m)
r = H4(c, k1)
S = x´Ppub - (rSIDB + Skap)
CT = (c, r, S, mw)
where x´ is the random number, Ek2 is the encryption function with the private key Ek2. Then, the proxy signcryptor uploads the ciphertext CT = (c, r, S, mw, U)to the cloud service provider (CSP).
6. Unsigncryption (params, SIDC, CT) : When Charlie wants the data, he can download the signcrypted ciphertext (c, r, S, mw) from a cloud service provider (CSP) and perform the following tasks:
QIDA = H1(IDA)
QIDB = H1(IDB)
k´1 = ê(P, S)ê(Ppub, QIDB)z+rê(Ppub, zQIDA + U)
k´2 = H3(ê(S, QIDC)ê(QIDB, SIDC)z+rê(zQIDA + U, SIDC))
then receives m = Ek´2 (c) and accepts CT iff r = H4(c, k´1). Otherwise, returns an error symbol ⊥.
Proof of correctness
The following equations give the correctness of our proposed scheme:
k1 = ê(P, S)ê(Ppub, QIDB)z+rê(Ppub, zQIDA + U)
= ê(P, S)ê(Ppub, QIDB)z+rê(P, zSIDA + xPpub)
= ê(P, S)ê(Ppub, QIDB)z+rê(P, SPC)
= ê(P, S)ê(P, rSIDB)ê(P, zSIDB)ê(P, SPC)
= ê(P, x´Ppub - rSIDB - Skap)ê(P, rSIDB)ê(P, SKap)
= ê(P, Ppub)x´
=k1
k2 = H3(ê(S, QIDC)ê(QIDB, SIDC)z+rê(zAIDA + U, SIDC))
= H3(ê(S, QIDC)ê(rSIDB, QIDC)
.ê(zSIDB + zSIDA + xPpub, QIDC))
= H3(ê(S, QIDC)ê(rSIDB, QIDC)ê(Skap, QIDC))
= H3(ê(x´Ppub - rSIDB - Skap, QIDC)
ê(rSIDB + Skap, QIDC))
= H3(ê(Ppub, QC)x´)
=k2
6. Security proof
In this section, we prove that the proposed scheme fulfills IND-SE-IDPSC-CS-CCA2 and EUF- SE-IDPSC-CS-CMA security by the following Theorems 1 and 2, respectively.
Theorem 1. (Proof of IND-SE-IDPSC-CS-CCA2 ): The proposed scheme in this paper secure against IND-SE-IDPSC-CS-CCA2, if no polynomial-time adversaries who have a non-negligible advantage A which can (e´, t´) break DBDHP where,
\(\varepsilon^{\prime} \geq 2\left(\varepsilon-q_{u} / 2^{k-1}\right) / q_{H_{1}}^{4}\)
\(t^{\prime} \approx t+O\left(q_{p k}+q_{s}+q_{u}\right) t_{\lambda}\)
where tλ is time to calculate one pairing operation.
Proof: Assume A can break the SE-IDPSC-CS scheme with significant advantage under adaptive CCA2 after running (time) and requesting at most random oracle for Extract query, PKeyGen query, proxy signcryption query, and unsigncryption query. Then we can build another algorithm that -breaks the DBDHP by taking as a subroutine. Assume obtains a random instance of the DBDHP and the objective of is to obtain or not.
References
- Y. Zheng, "Digital Signcryption or how to achieve cost (signature & encryption) << cost (signature)+ cost (encryption)," in Proc. of Advances in Cryptology - CRYPTO '97, pp 165-179, 1997.
- F. Li, B. Liu, and J. Hong, "An efficient signcryption for data access control in cloud computing," Computing, vol. 99, no. 5, pp. 465-479, 2017. https://doi.org/10.1007/s00607-017-0548-7
- R.-J. Hwang, C.-H. Lai, and F.-F. Su, "An efficient signcryption scheme with forward secrecy based on elliptic curve," Applied Mathematics and computation, vol. 167, no. 2, pp. 870-881, 2005. https://doi.org/10.1016/j.amc.2004.06.124
- H. Y. Jung, D. H. Lee, J. I. Lim, and K. S. Chang, "Signcryption schemes with forward secrecy," in Proc. of WISA2001, Springer-Verlag, pp. 4303-475, 2001.
- Y. Zheng and H. Imai, "How to construct efficient signcryption schemes on elliptic curves," Information Processing Letters, vol. 68, no. 5, pp. 227-233, 1998. https://doi.org/10.1016/S0020-0190(98)00167-7
- C. Gamage, J. Leiwo, and Y. Zheng, "An efficient scheme for secure message transmission using proxy-signcryption," in Proc. of the 22nd Australasian Computer Science Conference, Springer, pp. 420-431, 1999.
- C. Zhou, Z. Zhao, W. Zhou, and Y. Mei, "Certificateless key-insulated generalized signcryption scheme without bilinear pairings," Security and Communication Networks, vol. 2017, 17 pages, 2017.
- V. Saraswat, R. A. Sahu, and A. K. Awasthi, "A secure anonymous proxy signcryption scheme," Journal of Mathematical Cryptology, vol. 11, no. 2, pp. 63-84, 2017. https://doi.org/10.1515/jmc-2015-0014
- P. Pandiaraja, P. Vijayakumar, V. Vijayakumar, and R. Seshadhri, "Computation efficient attribute based broadcast group key management for secure document access in public cloud." J. Inf. Sci. Eng., vol. 33, no. 3, pp. 695-712, 2017.
- A. Shamir, "Identity-based cryptosystems and signature schemes," in Proc. of Workshop on the theory and application of cryptographic techniques, Springer, pp. 47-53, 1984.
- J. Malone-Lee, "Identity-based signcryption." IACR Cryptology ePrint Archive, vol. 2002, p. 98, 2002.
- J. Xie, Y.-p. Hu, J.-t. Gao, and W. Gao, "Efficient identity-based signature over ntru lattice," Frontiers of Information Technology & Electronic Engineering, vol. 17, no. 2, pp. 135-142, 2016. https://doi.org/10.1631/FITEE.1500197
- Z. Qin, C. Yuan, Y. Wang, and H. Xiong, "On the security of two identity-based signature schemes based on pairings," Information Processing Letters, vol. 116, no. 6, pp. 416-418, 2016. https://doi.org/10.1016/j.ipl.2016.02.003
- X. Hu, H. Xu, J. Wang, W. Tan, and Y. Yang, "A generic construction of identity-based proxy signature scheme in the standard model," International Journal of Information and Computer Security, vol. 11, no. 1, pp. 83-100, 2019. https://doi.org/10.1504/IJICS.2019.096850
- P. S. Barreto, B. Libert, N. McCullagh, and J.-J. Quisquater, "Efficient and provably-secure identity-based signatures and signcryption from bilinear maps," in Proc. of International conference on the theory and application of cryptology and information security, Springer, pp. 515-532, 2005.
- A. Karati, S. H. Islam, G. Biswas, M. Z. A. Bhuiyan, P. Vijayakumar, and M. Karuppiah, "Provably secure identity-based signcryption scheme for crowdsourced industrial Internet of things environments," IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2904-2914, 2018. https://doi.org/10.1109/JIOT.2017.2741580
- X. Zhang, C. Xu, and J. Xue, "Efficient multi-receiver identity-based signcryption from lattice assumption," International Journal of Electronic Security and Digital Forensics, vol. 10, no. 1, pp. 20-38, 2018. https://doi.org/10.1504/IJESDF.2018.089202
- L. Chen and J. Malone-Lee, "Improved identity-based signcryption," in Proc. of International Workshop on Public Key Cryptography, Springer, pp. 362-379, 2005.
- S. S. Chow, S.-M. Yiu, L. C. Hui, and K. Chow, "Efficient forward and provably secure id-based signcryption scheme with public verifiability and public ciphertext authenticity," in Proc. of International Conference on Information Security and Cryptology, Springer, pp. 352-369, 2003.
- B. Libert and J.-J. Quisquater, "A new identity based signcryption scheme from pairings," in Proc. of Information Theory Workshop, pp. 155-158, 2003.
- X. Li and K. Chen, "Identity based proxy-signcryption scheme from pairings," in Proc. of Services Computing, 2004.(SCC 2004). Proceedings. 2004 IEEE International Conference on. IEEE, 2004, pp. 494-497, 2004.
- S.-X. Chen, S.-X. Zhou, X.-F. Yao, and F.-W. Li, "Efficient identity-based proxy signcryption scheme," Application Research of Computers, vol. 7, p. 084, 2011.
- Y. Ming, J. Feng, and J. Hu Q, "Secure identity-based proxy signcryption scheme in standard model," Journal of Computer Applications, vol. 34, no. 10, pp. 2834-2839, 2014. https://doi.org/10.11772/j.issn.1001-9081.2014.10.2834
- C.-X. Zhou, "Identity-based generalized proxy signcryption scheme," Information Technology and Control, vol. 45, no. 1, pp. 13-26, 2016.
- H. Yu, Z. Wang, J. Li, and X. Gao, "Identity-based proxy signcryption protocol with universal composability," Security and Communication Networks, vol. 2018, 11 pages, 2018.
- M. Mambo, K. Usuda, and E. Okamoto, "Proxy signatures: Delegation of the power to sign messages," IEICE transactions on fundamentals of electronics, communications and computer sciences, vol. 79, no. 9, pp. 1338-1354, 1996.
- S. Kim, S. Park, and D. Won, "Proxy signatures, revisited," in Proc. of International Conference on Information and Communications Security, Springer, pp. 223-232, 1997.
- B. Lee, H. Kim, and K. Kim, "Strong proxy signature and its applications," Proceedings of SCIS, vol. 2001, pp. 603-608, 2001.
- A. Fiat and A. Shamir, "How to prove yourself: Practical solutions to identification and signature problems," in Proc. of Advances in Cryptology CRYPTO86, Springer, pp. 186-194, 1986.
- U. Feige, A. Fiat, and A. Shamir, "Zero-knowledge proofs of identity," Journal of cryptology, vol. 1, no. 2, pp. 77-94, 1988. https://doi.org/10.1007/BF02351717
- F. Zhang and K. Kim, "Id-based blind signature and ring signature from pairings," in Proc. of International Conference on the Theory and Application of Cryptology and Information Security, Springer, pp. 533-547, 2002.
- K. G. Paterson, "Id-based signatures from pairings on elliptic curves," Electronics Letters, vol. 38, no. 18, pp. 1025-1026, 2002. https://doi.org/10.1049/el:20020682
- N. P. Smart, "Identity-based authenticated key agreement protocol based on weil pairing," Electronics letters, vol. 38, no. 13, pp. 630-632, 2002. https://doi.org/10.1049/el:20020387
- M. C. Gorantla, R. Gangishetti, and A. Saxena, "A survey on id-based cryptographic primitives." IACR Cryptology ePrint Archive, vol. 2005, p. 94, 2005.
- J. C. Choon and J. H. Cheon, "An identity-based signature from gap diffie-hellman groups," in Proc. of International workshop on public key cryptography, Springer, pp. 18-30, 2003.
- Q. Wang and Z. Cao, "Efficient id-based proxy signature and proxy signcryption form bilinear pairings," in Proc. of International Conference on Computational and Information Science, Springer, pp. 167-172, 2005.
- D. Pointcheval and J. Stern, "Security arguments for digital signatures and blind signatures," Journal of Cryptology, vol. 13, no. 3, pp. 361-396, 2000. https://doi.org/10.1007/s001450010003
- X. Cao, W. Kou, and X. Du, "A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges," Information Sciences, vol. 180, no. 15, pp. 2895-2903, 2010. https://doi.org/10.1016/j.ins.2010.04.002
- S. Namasudra, P. Roy, B. Balusamy, and P. Vijayakumar, "Data accessing based on the popularity value for cloud computing," in Proc. of 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), IEEE, pp. 1-6, 2017.
- S. Namasudra, P. Roy, P. Vijayakumar, S. Audithan, and B. Balusamy, "Time efficient secure dna based access control model for cloud computing environment," Future Generation Computer Systems, vol. 73, pp. 90-105, 2017. https://doi.org/10.1016/j.future.2017.01.017
- P. Vijayakumar, S. M. Ganesh, L. J. Deborah, S. H. Islam, M. M. Hassan, A. Alelaiwi, and G. Fortino, "Mgpv: A novel and efficient scheme for secure data sharing among mobile users in the public cloud," Future Generation Computer Systems, vol. 95, pp. 560-569, 2019. https://doi.org/10.1016/j.future.2019.01.034
- H.Xiong, Y.Zhao, L.Peng, H.Zhang, and K.H.Yeh, "Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing,'' Future Generation Computer Systems, vol.97, pp. 453-461, 2019. https://doi.org/10.1016/j.future.2019.03.008
Cited by
- Cost-Effective Proxy Signcryption Scheme for Internet of Things vol.2021, 2020, https://doi.org/10.1155/2021/2427434
- Secure outsourced attribute-based signcryption for cloud-based Internet of Vehicles in a smart city vol.76, pp.9, 2020, https://doi.org/10.1007/s12243-021-00833-3