• Journal of the Chungcheong Mathematical Society
• /
• v.20 no.4
• /
• pp.355-366
• /
• 2007

In this paper, we propose a new blind group identification protocol and a hidden group signature protocol as its application. These protocols involve many provers and one verifier such that (1) the statement of all the provers are proved simultaneously, (2) and also all the provers using computationally limited devices (e.g. smart cards) have no need of computing the bilinear pairings, (3) but only the verifier uses the bilinear pairings. A. Saxena et al. proposed a two-round blind (group) identification protocol in 2005 using the bilinear pairings. But it reveals weakness in the active-intruder attack, and all the provers as well as the verifier must have devices computing bilinear pairings. Comparing their results, our protocol is secure from the active-intruder attack and has more fit for smart cards. In particular, it is secure under only the assumption of the hardness of the Discrete-Logarithm Problem in bilinear groups.

• Journal of the Chungcheong Mathematical Society
• /
• v.21 no.3
• /
• pp.403-411
• /
• 2008

In 2005, A. Saxena, B. Soh and S. Priymak [10] proposed a two-flow blind identification protocol. But it has a weakness of the active-intruder attack and uses the pairing operation that causes slow implementation in smart cards. In 2008, Y. W. Lee [9] made a method of the active-intruder attack on their identification scheme and proposed a new zero-knowledge blind identification protocol for smart cards. In this paper, we give more simple and fast protocols than above protocols such that the prover using computationally limited devices such as smart cards has no need of computing the bilinear pairings. Computing the bilinear pairings is needed only for the verifier and is secure assuming the hardness of the Discrete-Logarithm Problem (DLP).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.881-896
• /
• 2016

Certificate-based cryptography is a useful public key cryptographic primitive that combines the merits of traditional public key cryptography and identity-based cryptography. It not only solves the key escrow problem inherent in identity-based cryptography, but also simplifies the cumbersome certificate management problem in traditional public key cryptography. In this paper, by giving a concrete attack, we first show that the certificate-based encryption scheme without bilinear pairings proposed by Yao et al. does not achieve either the chosen-ciphertext security or the weaker chosen-plaintext security. To overcome the security weakness in Yao et al.'s scheme, we propose an enhanced certificate-based encryption scheme that does not use the bilinear pairings. In the random oracle model, we formally prove it to be chosen-ciphertext secure under the computational Diffie-Hellman assumption. The experimental results show that the proposed scheme enjoys obvious advantage in the computation efficiency compared with the previous certificate-based encryption schemes. Without costly pairing operations, it is suitable to be employed on the computation-limited or power-constrained devices.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2554-2571
• /
• 2014

Certificate-based cryptography is a new cryptographic paradigm that provides an interesting balance between identity-based cryptography and traditional public key cryptography. It not only simplifies the complicated certificate management problem in traditional public key cryptography, but also eliminates the key escrow problem in identity-based cryptography. As an extension of the signcryption in certificate-based cryptography, certificate-based signcryption provides the functionalities of certificate-based encryption and certificate-based signature simultaneously. However, to the best of our knowledge, all constructions of certificate-based signcryption in the literature so far have to be based on the costly bilinear pairings. In this paper, we propose a certificate-based signcryption scheme that does not depend on the bilinear pairings. The proposed scheme is provably secure in the random oracle model. Due to avoiding the computationally-heavy paring operations, the proposed scheme significantly reduces the cost of computation and outperforms the previous certificate-based signcryption schemes.

• Communications of the Korean Mathematical Society
• /
• v.20 no.4
• /
• pp.849-859
• /
• 2005

We present a new identity based authenticated key agreement protocol from pairings satisfying the required security attributes. The security of our protocol is based on the bilinear Diffie- Hellman assumption.

• Journal of applied mathematics & informatics
• /
• v.26 no.5_6
• /
• pp.1139-1147
• /
• 2008

A. Saxena et al. first proposed a two-flow blind identification protocol in 2005. But it has a weakness of the active-intruder attack and uses the pairing operation that causes slow implementation in smart cards. In this paper, we give a method of the active-intruder attack on their identification scheme and propose a new zero- knowledge blind identification protocol for Smart cards. Our protocol consists of only two message flows and does not rely on any underlying signature or encryption scheme. The prover using computationally limited devices such as smart cards has no need of computing the bilinear pairings. It needs only for the verifier. Our protocol is secure assuming the hardness of the Discrete-Logarithm Problem in bilinear groups.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.12
• /
• pp.5553-5571
• /
• 2016

In this paper, we introduce a new concept called generalized ring signcryption (GRSC), which can achieve ring signature and ring signcryption functions with only one key pair and one algorithm. It is very useful for a system which has a large number of users, or has limited storage space, or whose function requirements may be changed later. We give a formal definition and a security model of GRSC and propose a concrete scheme based on bilinear pairings. In the random oracle model, the scheme's confidentiality can be proved under the GBDH assumption, and its unforgeability can be proved under GDH' assumption, and what is more, this scheme also allows unconditional anonymity. Compared with other identity-based ring signcryption schemes that use bilinear pairings as well, our scheme is a highly efficient one.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1904-1919
• /
• 2015

Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

• Journal of applied mathematics & informatics
• /
• v.31 no.3_4
• /
• pp.425-441
• /
• 2013

In literature, several strong designated verifier signature (SDVS) schemes have been devised using elliptic curve bilinear pairing and map-topoint (MTP) hash function. The bilinear pairing requires a super-singular elliptic curve group having large number of elements and the relative computation cost of it is approximately two to three times higher than that of elliptic curve point multiplication, which indicates that bilinear pairing is an expensive operation. Moreover, the MTP function, which maps a user identity into an elliptic curve point, is more expensive than an elliptic curve scalar point multiplication. Hence, the SDVS schemes from bilinear pairing and MTP hash function are not efficient in real environments. Thus, a cost-efficient SDVS scheme using elliptic curve cryptography with pairingfree operation is proposed in this paper that instead of MTP hash function uses a general cryptographic hash function. The security analysis shows that our scheme is secure in the random oracle model with the hardness assumption of CDH problem. In addition, the formal security validation of the proposed scheme is done using AVISPA tool (Automated Validation of Internet Security Protocols and Applications) that demonstrated that our scheme is unforgeable against passive and active attacks. Our scheme also satisfies the different properties of an SDVS scheme including strongness, source hiding, non-transferability and unforgeability. The comparison of our scheme with others are given, which shows that it outperforms in terms of security, computation cost and bandwidth requirement.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.1C
• /
• pp.14-21
• /
• 2011

Cryptographic protocols based on bilinear pairings provide excellent alternatives to conventional elliptic curve cryptosystems based on discrete logarithm problems. Through active research has been done toward fast computation of the bilinear pairings, it is still believed that the computational cost of one pairing computation is heavier than the cost of one ECC scalar multiplication. However, there have been many progresses in pairing computations over binary fields. In this paper, we compare the cost of BLS signature scheme with ECDSA with equvalent level of security parameters. Analysis shows that the cost of the pairing computation is quite comparable to the cost of ECC scalar multiplication for the case of binary fields.