Weitere Artikel dieser Ausgabe durch Wischen aufrufen
An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by “deniable authentication followed by encryption” method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the “deniable authentication followed by encryption” method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated encryption (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward “deniable authentication followed by encryption” schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.
Maimut, D., & Reyhanitabar, R. (2014). Authenticated encryption: Toward next-generation algorithms. IEEE Security & Privacy, 12(2), 70–72. CrossRef
Wu, T. S., & Lin, H. Y. (2014). Provably secure proxy convertible authenticated encryption scheme based on RSA. Information Sciences, 278, 577–587. CrossRef
Xie, Q. (2012). Provably secure convertible multi-authenticated encryption scheme. IET Information Security, 6(2), 65–70. CrossRef
Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Proc CRYPTO’84, LNCS (Vol. 196, pp. 47–53). Springer.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. In Proc CRYPTO 2001, LNCS (Vol. 2139, pp. 213–229). Springer.
Park, J. H., & Lee, D. H. (2015). An efficient IBE scheme with tight security reduction in the random oracle model. Designs, Codes and Cryptography. doi: 10.1007/s10623-015-0035-0.
Hess, F. (2003). Efficient identity based signature schemes based on pairings. In Proc SAC 2002, LNCS (Vol. 2595, pp. 310–324). Springer.
Cha, J. C., & Cheon, J. H. (2003). An identity-based signature from gap Diffie–Hellman groups. In Proc PKC 2003, LNCS (Vol. 2567, pp. 18–30). Springer.
Hsu, C. L., & Lin, H. Y. (2011). New identity-based key-insulated convertible multi-authenticated encryption scheme. Journal of Network and Computer Applications, 34(5), 1724–1731. CrossRef
Lin, H. Y., & Hsu, C. L. (2011). A novel identity-based key-insulated convertible authenticated encryption scheme. International Journal of Foundations of Computer Science, 22(3), 739–756. CrossRef
Boyen, X. (2003). Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography. In Proc CRYPTO 2003, LNCS (Vol. 2729, pp. 383–399). Springer.
Barreto, P. S. L. M., Libert, B., McCullagh, N., & Quisquater, J. J. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In Proc ASIACRYPT 2005, LNCS (Vol. 3788, pp. 515–532). Springer.
Lin, C., Tang, F., Ke, P., Harn, L., & Zhang, S. (2014). Secure universal designated verifier identity-based signcryption. Security and Communication Networks, 7(2), 434–444. CrossRef
Cramer, R., & Shoup, V. (2003). Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing, 33(1), 167–226. CrossRef
Abe, M., Gennaro, R., & Kurosawa, K. (2008). Tag-KEM/DEM: A new framework for hybrid encryption. Journal of Cryptology, 21(1), 97–130. CrossRef
Manulis, M., Poettering, B., & Stebila, D. (2014). Plaintext awareness in identity-based key encapsulation. International Journal of Information Security, 13(1), 25–49. CrossRef
Kang, L., Tang, X. H., & Liu, J. F. (2014). Tight chosen ciphertext attack (CCA)-secure hybrid encryption scheme with full public verifiability. SCIENCE CHINA Information Sciences, 57(11), 1–14. CrossRef
Bentahar, K., Farshim, P., Malone-Lee, J., & Smart, N. P. (2008). Generic constructions of identity-based and certificateless KEMs. Journal of Cryptology, 21(2), 178–199. CrossRef
Abdalla, M., Catalano, D., & Fiore, D. (2014). Verifiable random functions: Relations to identity-based key encapsulation and new constructions. Journal of Cryptology, 27(3), 544–593. CrossRef
Raimondo, M. D., & Gennaro, R. (2009). New approaches for deniable authentication. Journal of Cryptology, 22(4), 572–615. CrossRef
Li, F., & Takagi, T. (2013). Cryptanalysis and improvement of robust deniable authentication protocol. Wireless Personal Communications, 69(4), 1391–1398. CrossRef
Shi, Y., & Li, J. (2005). Identity-based deniable authentication protocol. Electronics Letters, 41(5), 241–242. CrossRef
Kar, J. (2013). ID-based deniable authentication protocol based on Diffie–Hellman problem on elliptic curve. International Journal of Network Security, 15(5), 357–364.
Li, F., Xiong, P., & Jin, C. (2014). Identity-based deniable authentication for ad hoc networks. Computing, 96(9), 843–853. CrossRef
PBC Library. http://crypto.stanford.edu/pbc/.
Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES—The Advanced Encryption Standard. Berlin: Springer. CrossRef
Shim, K. A. (2012). CPAS: An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Transactions on Vehicular Technology, 61(4), 1874–1883. CrossRef
Shoup, V. (2001). OAEP reconsidered. In Proc CRYPTO 2001, LNCS (Vol. 2139, pp. 239–259). Springer.
Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 361–396. CrossRef
- Identity-based deniable authenticated encryption and its application to e-mail system
- Springer US
Neuer Inhalt/© Filograph | Getty Images | iStock