Certificateless Message Recovery Signatures Providing Girault's Level-3 Security

doi:10.1007/s12204-011-1192-6

Abstract

Abstract: Abstract: A digital signature with message recovery is a signature
that the message itself (or partial of the message) is not required to be
transmitted together with the signature. It has the advantage of small data
size of communication comparing with the traditional digital signatures. In
this paper, combining both advantages of the message recovery signatures and
the certificateless cryptography, we propose the first certificatelss
signature scheme with message recovery. The remarkable feature of our scheme
is that it can achieve Girault's Level-3 security while the conventional
certificateless signature scheme only achieves Level-2 security. The
security of the scheme is rigorously proved in the random oracle model based
on the hardness of the k bilinear Diffie-Hellman inverse (k-BDHI) problem.

Key words:

bilinear pairing| certificateless|digital signature|
message recovery| random oracle

摘要： Abstract: A digital signature with message recovery is a signature
that the message itself (or partial of the message) is not required to be
transmitted together with the signature. It has the advantage of small data
size of communication comparing with the traditional digital signatures. In
this paper, combining both advantages of the message recovery signatures and
the certificateless cryptography, we propose the first certificatelss
signature scheme with message recovery. The remarkable feature of our scheme
is that it can achieve Girault's Level-3 security while the conventional
certificateless signature scheme only achieves Level-2 security. The
security of the scheme is rigorously proved in the random oracle model based
on the hardness of the k bilinear Diffie-Hellman inverse (k-BDHI) problem.

关键词:

bilinear pairing| certificateless|digital signature|
message recovery| random oracle

CLC Number:

TP 309

TSO Ray-lin (左瑞麟), KIM Cheonshik, YI Xun (易训). Certificateless Message Recovery Signatures Providing Girault's Level-3 Security[J]. Journal of shanghai Jiaotong University (Science), 2011, 16(5): 577-585.

References

[1] Abe M, Okamoto T. A signature scheme with message recovery as

secure as discrete logarithm [J]. Lecture Notes in Computer

Science, 1999, 1716: 378-389.
[2] Nyberg K, Tuepple R A. A new signature scheme based on the DSA

giving message recovery [C]// Proceedings of the 1st ACM

Conference on Communication and Computer Security. Fairfax, USA: ACM

Press, 1993: 58-61.
[3] Tso R, Gu C, Okamoto T, et al. Efficient ID-based digital

signatures with message recovery [J]. Lecture Notes in Computer

Science, 2007, 4856: 47-59.
[4] Al-Riyami S S, Paterson K G. Certificateless public key

cryptography [J]. Lecture Notes in Computer Science, 2003,

2894: 452-473.
[5] Boneh D, Lynn B, Shacham H. Short signatures from the Weil

pairing [J]. Lecture Notes in Computer Science, 2001,

2248: 514-533.
[6] Shamir A. Identity-based cryptosystems and signature schemes

[J]. Lecture Notes in Computer Science, 1984, 0196: 47-53.
[7] Hu B C, Wong D S, Zhang Z, et al. Certificateless signature: A

new security model and an improved generic construction [J].

International Journal of Designs, Codes and Cryptography, 2007,

42(2): 109-126.
[8] Huang X, Mu Y, Susilo W, et al. Certificateless signature

revisited [J]. Lecture Notes in Computer Science, 2007,

4586: 308-322.
[9] Tso R, Yi X, Huang X. Efficient and short certificateless

signatures [J]. Lecture Notes in Computer Science, 2008,

5339: 64-79.
[10] Yap W L, Heng S H, Goi B M. An efficient certificteless

signature [J]. Lecture Notes in Computer Science, 206,

4097: 322-331.
[11] Zhang Z, Wong D S, Xu J, et al. Certificateless public-key

signature: Security model and efficiet construction [J].

Lecture Notes in Computer Science, 2006, 3989: 293-308.
[12] Girault M. Self-certified public keys [J]. Lecture Notes

in Computer Science, 1991, 547: 490-497.
[13] Barreto P S L M, Kim H Y, Lynn B, et al. Efficient algorithm

for pairing-based cryptosystems [J]. Lecture Notes in Computer

Science, 2002, 2442: 354-369.
[14] Barreto P S L M, Lynn B, Scott M. On the selection of

pairing-friendly groups [J]. Lecture Notes in Computer

Science, 2003, 3006: 17-25.
[15] Boneh D, Boyen X. Efficient selective ID secure identity based

encryption without random oracles [J]. Lecture Notes in

Computer Science, 2004, 3027: 223-238.
[16] Barreto P S L M, Libert B, Mccullagh N, et al. Efficient and

provably-secure identity-based signatures and signcryption from

bilinear maps [J]. Lecture Notes in Computer Science, 2005,

3778: 515-532.
[17] Bellare M, Neven G. Multi-signatures in the plain public-key

model and a general forking lemma [C]// Proceedings of 13th

ACM Conference on Computer and Communication Security. [s.l.]: ACM

Press, 2006: 390-398.
[18] Bellare M, Palacio A. The knowledge of exponent assumptions and

3-round zero-knowledge protocols [J]. Lecture Notes in Computer

Science, 2004, 3152: 273-289.
[19] Hada S, Tanaka T. On the existence of 3-round zero-knowledge

protocols [J]. Lecture Notes in Computer Science, 1998,

1462: 408-423.
[20] Pintcheval D, Stern J. Security arguments for digital

signatures and blind signatures [J]. Journal of Cryptology,

2000, 13(3): 361-396.
[21] Tso R, Yi X, Huang X. Efficient and short certificateless

signatures secure against realistic adversaries [J]. Journal of

Supercomputing, 2011, 55(2): 173-191.
[22] Goldwasser S, Micali S, Rivest R L. A digital signature scheme

secure against adaptive chosen-message attacks [J]. SIAM

Journal of Computing, 1988, 17(2): 281-308.