TY - GEN
T1 - The security model of unidirectional proxy re-signature with private re-signature key
AU - Shao, Jun
AU - Feng, Min
AU - Zhu, Bin
AU - Cao, Zhenfu
AU - Liu, Peng
PY - 2010
Y1 - 2010
N2 - In proxy re-signature (PRS), a semi-trusted proxy, with some additional information (a.k.a., re-signature key), can transform Alice's (delegatee) signature into Bob's (delegator) signature on the same message, but cannot produce an arbitrary signature on behalf of either the delegatee or the delegator. In this paper, we investigate the security model of proxy re-signature, and find that the previous security model proposed by Ateniese and Honhenberger at ACM CCS 2005 (referred to as the AH model) is not complete since it does not cover all possible attacks. In particular, the attack on the unidirectional proxy re-signature with private re-signature key. To show this, we artificially design such a proxy re-signature scheme, which is proven secure in the AH model but suffers from a specific attack. Furthermore, we propose a new security model to solve the problem of the AH model. Interestingly, the previous two private re-signature key, unidirectional proxy re-signature schemes (one is proposed by Ateniese and Honhenberger at ACM CCS 2005, and the other is proposed by Libert and Vergnaud at ACM CCS 2008), which are proven secure in the AH model, can still be proven secure in our security model.
AB - In proxy re-signature (PRS), a semi-trusted proxy, with some additional information (a.k.a., re-signature key), can transform Alice's (delegatee) signature into Bob's (delegator) signature on the same message, but cannot produce an arbitrary signature on behalf of either the delegatee or the delegator. In this paper, we investigate the security model of proxy re-signature, and find that the previous security model proposed by Ateniese and Honhenberger at ACM CCS 2005 (referred to as the AH model) is not complete since it does not cover all possible attacks. In particular, the attack on the unidirectional proxy re-signature with private re-signature key. To show this, we artificially design such a proxy re-signature scheme, which is proven secure in the AH model but suffers from a specific attack. Furthermore, we propose a new security model to solve the problem of the AH model. Interestingly, the previous two private re-signature key, unidirectional proxy re-signature schemes (one is proposed by Ateniese and Honhenberger at ACM CCS 2005, and the other is proposed by Libert and Vergnaud at ACM CCS 2008), which are proven secure in the AH model, can still be proven secure in our security model.
KW - AH model
KW - Private re-signature key
KW - Security model
KW - Unidirectional PRS
UR - https://www.scopus.com/pages/publications/78649874535
U2 - 10.1007/978-3-642-14081-5_14
DO - 10.1007/978-3-642-14081-5_14
M3 - 会议稿件
AN - SCOPUS:78649874535
SN - 3642140807
SN - 9783642140808
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 216
EP - 232
BT - Information Security and Privacy - 15th Australasian Conference, ACISP 2010, Proceedings
PB - Springer Verlag
ER -