TY - GEN
T1 - Anonymous signcryption against linear related-key attacks
AU - Cui, Hui
AU - Mu, Yi
AU - Au, Man Ho Allen
PY - 2013/12/27
Y1 - 2013/12/27
N2 - A related-key attack (RKA) occurs when an adversary tampers the private key stored in a cryptographic hardware device and observes the result of the cryptographic primitive under this modified private key. In this paper, we concentrate on the security of anonymous signcryption schemes under related-key attacks, in the sense that a signcryption system should contain no information that identifies the sender of the signcryption and the receiver of the message, and yet be decipherable by the targeted receiver. To achieve this, we consider our anonymous signcryption scheme being semantically secure against chosen ciphertext and related-key attacks (CC-RKA), existentially unforgeable against chosen message and related-key attacks (CM-RKA), and anonymous against chosen ciphertext and related-key attacks (ANON-RKA). Specifically, we require that an anonymous signcryption scheme remains secure even when an adversary is allowed to access the signcryption oracle and the designcryption oracle on linear shifts of the private keys of the sender and the receiver, respectively. After reviewing some basic definitions related to our construction, based on the existing work on cryptographic primitives in the setting of related-key attacks, we give a concrete anonymous signcryption scheme from BDH which achieves CC-RKA security, CM-RKA security, ANON-RKA security in the random oracle model.
AB - A related-key attack (RKA) occurs when an adversary tampers the private key stored in a cryptographic hardware device and observes the result of the cryptographic primitive under this modified private key. In this paper, we concentrate on the security of anonymous signcryption schemes under related-key attacks, in the sense that a signcryption system should contain no information that identifies the sender of the signcryption and the receiver of the message, and yet be decipherable by the targeted receiver. To achieve this, we consider our anonymous signcryption scheme being semantically secure against chosen ciphertext and related-key attacks (CC-RKA), existentially unforgeable against chosen message and related-key attacks (CM-RKA), and anonymous against chosen ciphertext and related-key attacks (ANON-RKA). Specifically, we require that an anonymous signcryption scheme remains secure even when an adversary is allowed to access the signcryption oracle and the designcryption oracle on linear shifts of the private keys of the sender and the receiver, respectively. After reviewing some basic definitions related to our construction, based on the existing work on cryptographic primitives in the setting of related-key attacks, we give a concrete anonymous signcryption scheme from BDH which achieves CC-RKA security, CM-RKA security, ANON-RKA security in the random oracle model.
KW - Anonymity
KW - CC-RKA
KW - CM-RKA
KW - Signcryption
UR - http://www.scopus.com/inward/record.url?scp=84890876581&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-41227-1_10
DO - 10.1007/978-3-642-41227-1_10
M3 - Conference article published in proceeding or book
SN - 9783642412264
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 165
EP - 183
BT - Provable Security - 7th International Conference, ProvSec 2013, Proceedings
T2 - 7th International Conference on Provable Security, ProvSec 2013
Y2 - 23 October 2013 through 25 October 2013
ER -