We present a digital signature scheme based on the computational difficulty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) cannot later forge the sign...

In the paper, we analyze the security vulnerability of the key agreement protocol proposed by Lee et al.'s. We present a forgery attack to their protocol. In this attack, the adversary can modify the signed message and forge a new signature, which can pass the verification. Then, we propose a new group key agreement protocol, which overcomes this security drawback. The new protocol can be prove...

Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with condi...

In a distributed system, it is often important to detect the causal relationships between events, where event e1 is causally before event e2 if e1 happened before e2 and could possibly have aaected the occurrence of e2. In this paper we argue that it can be essential to security that a process determine, in the face of malicious attack, how two events are causally related. We formulate attacks ...

Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0 and/or OpenID Connect-based single sign on. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance, and it has been widely examined both in theory and in practice. Unfortunately, as these studies have shown, real-world implementations of both sc...

Recently, Seo and Lee proposed a modification to the Park and Lee’s nominative proxy signature scheme for mobile communication such that the original signer enables a proxy signer to nominate the verifier. However, the original signer can generate a valid nominative proxy signature without the proxy signer’s knowing. In this paper, we show that Seo and Lee’s modification is insecure against the...

Recently, Boneh and Boyen proposed a new provably secure short signature scheme under the q-strong Diffie-Hellman assumption without random oracles. This scheme is based on bilinear map which is different from Cramer-Shoup signature scheme (which is based on the strong RSA assumption). However, Tan [17] showed that BonehBoyen scheme is subjected to key substitution attacks in the multi-user set...

In this paper we compute the coliision probability of CBC-MAC [3] for suitably chosen messages. We show that the probability is Ω(`q/N) where ` is the number of message block, N is the size of the domain and q is the total number of queries. For random oracle the probability is O(q/N). This improved collision prbability will help us to have an efficient distinguishing attack and MAC-forgery att...

Certificateless cryptography eliminates the need of certificates in the PKI and solves the inherent key escrow problem in the ID-based cryptography. Recently, Du and Wen proposed a short certificateless signature scheme (SCLS) without MapToPoint hash function, and the signature size is short enough with only half of the DSA signature. In this paper, after the detailing the formal of certificate...