Malicious KGC Attack in Certificateless Cryptography
نویسندگان
چکیده
Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. Thus, if the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that some previously proposed certificateless encryption/signature schemes still have the key escrow problem, while some other schemes do not. We also give new proofs for the schemes in the latter case.
منابع مشابه
Security analysis of the certificateless signature
In this paper, we show that the certificateless signature scheme proposed by Yap, Heng and Goi at SecUbiq 2006 is insecure against a key replacement attack and a malicious-but-passive KGC attack, respectively. The former implies that anyone who replaces a signer’s public key can forge valid signatures for that signer without knowledge of the signer’s private key. The latter supposes the malicio...
متن کاملDeep Attacks of a Certificateless Signature Scheme
Certificateless public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. proposed a certificateless signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under...
متن کاملAn efficient certificateless signcryption scheme in the standard model
Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which ...
متن کاملCertificateless Public Key Encryption Secure against Malicious KGC Attacks in the Standard Model
We introduce the first secure Certificateless Public Key Encryption (CL-PKE) scheme against a malicious Key Generation Center (KGC) in the standard model. Recently, Au et al. [3] pointed out that the previous security models for CL-PKE schemes cannot guarantee the security against a malicious KGC. They also showed that although some schemes are secure against malicious KGC, they require the ran...
متن کاملGeneric Certificateless Encryption in the Standard Model
Despite the large number of certificateless encryption schemes recently proposed, many of them have been found to be insecure under a practical attack called malicious-but-passive KGC attack, since they all follow the same key generation procedure as that of the one proposed by Al-Riyami and Paterson in ASIACRYPT 2003. The only scheme that remains secure against this attack is due to Libert and...
متن کامل