Results 1  10
of
76
Short Signatures without Random Oracles
, 2004
"... We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#eHellman assumption. This assumption has similar properties to the Strong RS ..."
Abstract

Cited by 393 (11 self)
 Add to MetaCart
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#eHellman assumption. This assumption has similar properties to the Strong RSA assumption, hence the name. Strong RSA was previously used to construct signature schemes without random oracles. However, signatures generated by our scheme are much shorter and simpler than signatures from schemes based on Strong RSA.
Efficient and provablysecure identitybased signatures and signcryption from bilinear maps
 Advances in cryptology –ASIACRYPT’05, Lecture Notes in Computer Science 3778
, 2005
"... ..."
Security Proof of SakaiKasahara's IdentityBased Encryption Scheme
 In Proceedings of Cryptography and Coding 2005, LNCS 3706
, 2005
"... Identitybased encryption (IBE) is a special asymmetric encryption method where a public encryption key can be an arbitrary identifier and the corresponding private decryption key is created by binding the identifier with a system's master secret. In 2003 Sakai and Kasahara proposed a new I ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
(Show Context)
Identitybased encryption (IBE) is a special asymmetric encryption method where a public encryption key can be an arbitrary identifier and the corresponding private decryption key is created by binding the identifier with a system's master secret. In 2003 Sakai and Kasahara proposed a new IBE scheme, which has the potential to improve performance.
Efficient identity based ring signature
 In Applied Cryptography and Network Security, Third International Conference, ACNS  2005
"... Abstract. Identitybased (IDbased) cryptosystems eliminate the need for validity checking of the certificates and the need for registering for a certificate before getting the public key. These two features are desirable especially for the efficiency and the real spontaneity of ring signature, wher ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
Abstract. Identitybased (IDbased) cryptosystems eliminate the need for validity checking of the certificates and the need for registering for a certificate before getting the public key. These two features are desirable especially for the efficiency and the real spontaneity of ring signature, where a user can anonymously sign a message on behalf of a group of spontaneously conscripted users including the actual signer. In this paper, we propose a novel construction of IDbased ring signature which only needs two pairing computations for any group size. The proposed scheme is proven to be existential unforgeable against adaptive chosen messageandidentity attack under the random oracle model, using the forking lemma for generic ring signature schemes. We also consider its extension to support the general access structure. Key words: Identitybased signature, ring signature, bilinear pairings, efficiency, real spontaneity, general access structure, anonymity 1
Pi: A Practical Incentive Protocol for Delay Tolerant Networks
"... Abstract—Delay Tolerant Networks (DTNs) are a class of networks characterized by lack of guaranteed connectivity, typically low frequency of encounters between DTN nodes and long propagation delays within the network. As a result, the message propagation process in DTNs follows a storecarryandforw ..."
Abstract

Cited by 26 (5 self)
 Add to MetaCart
Abstract—Delay Tolerant Networks (DTNs) are a class of networks characterized by lack of guaranteed connectivity, typically low frequency of encounters between DTN nodes and long propagation delays within the network. As a result, the message propagation process in DTNs follows a storecarryandforward manner, and the intransit bundle messages can be opportunistically routed towards the destinations through intermittent connections under the hypothesis that each individual DTN node is willing to help with forwarding. Unfortunately, there may exist some selfish nodes, especially in a cooperative network likeDTN,andthepresenceofselfish DTN nodes could cause catastrophic damage to any well designed opportunistic routing scheme and jeopardize the whole network. In this paper, to address the selfishness problem in DTNs, we propose a practical incentive protocol, called Pi, such that when a source node sends a bundle message, it also attaches some incentive on the bundle, which is not only attractive but also fair to all participating DTN nodes. With the fair incentive, the selfish DTN nodes couldbestimulatedtohelpwithforwardingbundlestoachieve better packet delivery performance. In addition, the proposed Pi protocol can also thwart various attacks, which could be launched by selfish DTN nodes, such as free ride attack, layer removing and adding attacks. Extensive simulation results demonstrate the effectiveness of the proposed Pi protocol in terms of high delivery ratio and lower average delay. Index Terms—Delay tolerant networks, selfish node, fairness, practical incentive. I.
Efficient and provably secure trapdoorfree group signature schemes from bilinear pairings
 In ASIACRYPT 2004, volume 3329 of LNCS
, 2004
"... Abstract. We propose a group signature scheme with constantsize public key and signature length that does not require trapdoor. So system parameters can be shared by multiple groups belonging to different organizations. The scheme is provably secure in the formal model recently proposed by Bellare, ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a group signature scheme with constantsize public key and signature length that does not require trapdoor. So system parameters can be shared by multiple groups belonging to different organizations. The scheme is provably secure in the formal model recently proposed by Bellare, Shi and Zhang (BSZ04), using random oracle model, Decisional Bilinear DiffieHellman and Strong DiffieHellman assumptions. We give a more efficient variant scheme and prove its security in a formal model which is a modification of BSZ04 model and has a weaker anonymity requirement. Both schemes are very efficient and the sizes of signatures are approximately one half and one third, respectively, of the sizes of the wellknown ACJT00 scheme. We also use the schemes to construct a traceable signature scheme. 1
On constructing certificateless cryptosystems from identity based encryption
 In PKC 2006
, 2006
"... Abstract. Certificateless cryptography (CLPKC) is a concept that aims at enjoying the advantages of identity based cryptography without suffering from its inherent key escrow. Several methods were recently suggested to generically construct a certificateless encryption (CLE) scheme by combining ide ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Certificateless cryptography (CLPKC) is a concept that aims at enjoying the advantages of identity based cryptography without suffering from its inherent key escrow. Several methods were recently suggested to generically construct a certificateless encryption (CLE) scheme by combining identity based schemes with ordinary public key cryptosystems. Whilst the security of one of these generic compositions was proved in a relaxed security model, we show that all them are insecure against chosenciphertext attacks in the strongest model of AlRiyami and Paterson. We show how to easily fix these problems and give a method to achieve generic CLE constructions which are provably CCAsecure in the random oracle model. We finally propose a new efficient pairingbased scheme that performs better than previous proposals without precomputation. We also prove its security in the random oracle model.
Vergnaud ―Multidesignated verifiers signatures: anonymity without encryption
 Information Processing Letters 102
, 2007
"... ..."
Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings
, 2004
"... Verifiably encrypted signatures are used when Alice wants to sign a message for Bob but does not want Bob to possess her signature on the message until a later date. Such signatures are used in optimistic contact signing to provide fair exchange. Partially blind signature schemes are an extension of ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
(Show Context)
Verifiably encrypted signatures are used when Alice wants to sign a message for Bob but does not want Bob to possess her signature on the message until a later date. Such signatures are used in optimistic contact signing to provide fair exchange. Partially blind signature schemes are an extension of blind signature schemes that allows a signer to sign a partially blinded message that include preagreed information such as expiry date or collateral conditions in unblinded form. These signatures are used...