Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Secure Integration of Asymmetric and Symmetric Encryption Schemes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Generic Constructions of Identity-Based and Certificateless KEMs
Journal of Cryptology
A survey of certificateless encryption schemes and security models
International Journal of Information Security
Efficient One-Round Key Exchange in the Standard Model
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Generic certificateless key encapsulation mechanism
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Strongly secure certificateless public key encryption without pairing
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
Generic certificateless encryption in the standard model
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Certificateless encryption schemes strongly secure in the standard model
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Certificateless public key encryption without pairing
ISC'05 Proceedings of the 8th international conference on Information Security
On constructing certificateless cryptosystems from identity based encryption
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Making the diffie-hellman protocol identity-based
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
On security of a certificateless signcryption scheme
Information Sciences: an International Journal
Hi-index | 5.23 |
The certificateless encryption (CLE) scheme proposed by Baek, Safavi-Naini and Susilo is computation-friendly since it does not require any pairing operation. Unfortunately, an error was later discovered in their security proof and so far the provable security of the scheme remains unknown. Recently, Fiore, Gennaro and Smart showed a generic way (referred to as the FGS transformation) to transform identity-based key agreement protocols to certificateless key encapsulation mechanisms (CL-KEMs). As a typical example, they showed that the pairing-free CL-KEM underlying Baek et al.'s CLE can be ''generated'' by applying their transformation to the Fiore-Gennaro (FG) identity-based key agreement (IB-KA) protocol. In this paper, we show that directly applying the Fiore-Gennaro-Smart (FGS) transformation to the original FG IB-KA protocol in fact results in an insecure CL-KEM scheme against strong adversaries, we also give a way to fix the problem without adding any computational cost. The reason behind our attack is that the FGS transformation requires the underlying IB-KA protocol to be secure in a model that is stronger than the conventional security models where existing IB-KA protocols are proved secure, and the FG IB-KA protocol is in fact insecure in the new model. This motivates us to construct a new generic transformation from IB-KA protocols to CLE schemes. In the paper we present such a transformation which only requires the underlying IB-KA protocol to be secure in a security model that is weaker than the existing security models for IB-KA protocols. We illustrate our transformation by generating a new pairing-free CLE scheme that is obtained by directly applying our transformation to the original FG IB-KA protocol.