Académique Documents
Professionnel Documents
Culture Documents
KEYWORDS
Revocation, Certificateless signature, Strong
unforgeability, Provable security, Bilinear pairing.
1 INTRODUCTION
The concept of identity (ID)-based public-key
systems was first introduced by Shamir [1] in
1984. Boneh and Franklin [2, 3] realized the
practical construction of ID-based public-key
18
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
19
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
2 PRELIMINARIES
In the section, we briefly review the concept of
bilinear pairings and a related security
assumption on which our scheme is based.
2.1 Bilinear Pairings
Let G1 and G2 be additive and multiplicative
cyclic groups of large prime order q,
respectively. Typically, G1 is a subgroup of a
group of points on an elliptic curve over a finite
field. We call : G1G1 G2 an admissible
bilinear map if it satisfies the following
properties:
(1) Bilinearity: (aP, bQ)= (P, Q)ab for all P,
QG1 and a, bZq*.
(2) Non-degeneracy: There exists PG1 such
that (P, P)1.
(3) Computability: There exists an efficient
algorithm to compute (P, Q) for all P,
QG1.
20
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
21
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
22
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
23
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
5 SECURITY ANALYSIS
In this section, we give the security analysis of
the proposed RCLS scheme. Under the CDH
assumption, Lemmas 1, 2 and 3 below show
that our RCLS scheme is secure against the
adversaries of all three types, respectively, in
Games I, II and III defined in Section 3.2. As a
direct consequence of these lemmas, our scheme
offers strong unforgeability against adaptive
chosen-message attacks in the random oracle
model under the CDH assumption, which is
stated as Theorem 4.
24
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
as response.
(2) Otherwise, C randomly selects a
value u Zq*, sets QID= uP, adds
(ID, u, QID) in L0 and
returns QID as response.
- H1 queries: C keeps an initially empty list
L1 of tuples (ID, t, v, RID,t). When a tuple
(ID, t, P) is submitted to the H1 oracle,
the same response is given if the query
has been asked before. Otherwise, C
selects a random value v Zq*, sets
RID,t= vP, adds (ID, t, v, RID,t) in L1, and
returns RID,t.
- H2 queries: C keeps an initially empty list
L2 of tuples (U, ID, t, PID, m, f). Upon
receiving a query with a tuple (U, ID, t,
PID, m), the same response is given if the
query has been asked before. Otherwise,
C selects a random value f Zq*, adds
(U, ID, t, PID, m, f) in L2, and returns f.
- H3 queries: C keeps an initially empty list
L3 of tuples (U, ID, t, PID, m, h). Upon
receiving a query with a tuple (U, ID, t,
PID, m), the same response is given if the
query has been asked before. Otherwise,
C selects a random value h Zq*, adds
(U, ID, t, PID, m, h) in L3, and returns h.
- Initial-Key-Extract queries: The challenger
C maintains an initially empty list LK of
tuples (ID, DID). When an identity ID is
submitted to this oracle, the same
response is given if the query has been
asked before. Otherwise, the challenger
C performs the following steps.
(1) If ID=ID', C aborts because it cannot
answer the query coherently.
(2) Otherwise, C accesses to the
corresponding tuple (ID, u, QID) in
L0, sets DID= uPpub, adds (ID, DID)
in LK, and returns DID.
Public-Key-Replacement queries: AI
requests to replace the public key PID of
an identity ID with a new public key P'ID
chosen by AI. Upon receiving a pair (ID,
P'ID), C updates the original public key
tuple in LS by (ID, , P'ID). Note that the
public key replacement does not require
the secret value corresponding to the
new public key.
25
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
26
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
27
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
28
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
7 CONCLUSION
In the article, we proposed an efficient RCLS
scheme possessing strong unforgeability.
Performance comparisons were made to
demonstrate that our scheme has better
performance than Sun et al.s RCLS scheme in
terms of the computation costs for both signing
29
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
REFERENCES
[1]
[2]
[3]
[4]
[5]
S. S. Al-Riyami and K. G. Paterson, CBE from CLPKE: A generic construction and efficient schemes,
in Proc. PKC05, LNCS 3386, 2005, pp. 398415.
[6]
[19]
[7]
[20]
30
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
[21]
[22]
[23]
[24]
Y. M. Tseng and T. T. Tsai, Efficient revocable IDbased encryption with a public channel, The
Computer Journal, vol. 55, no. 4, pp. 475486, Apr.
2012.
[25]
[26]
[27]
[28]
[29]
[30]
[31]
31