TY - GEN
T1 - The security model of unidirectional proxy re-signature with private re-signature key
AU - Shao, Jun
AU - Feng, Min
AU - Zhu, Bin
AU - Cao, Zhenfu
AU - Liu, Peng
PY - 2010/12/13
Y1 - 2010/12/13
N2 - In proxy re-signature (PRS), a semi-trusted proxy, with some additional information (a.k.a., re-signature key), can transform Alice's (delegatee) signature into Bob's (delegator) signature on the same message, but cannot produce an arbitrary signature on behalf of either the delegatee or the delegator. In this paper, we investigate the security model of proxy re-signature, and find that the previous security model proposed by Ateniese and Honhenberger at ACM CCS 2005 (referred to as the AH model) is not complete since it does not cover all possible attacks. In particular, the attack on the unidirectional proxy re-signature with private re-signature key. To show this, we artificially design such a proxy re-signature scheme, which is proven secure in the AH model but suffers from a specific attack. Furthermore, we propose a new security model to solve the problem of the AH model. Interestingly, the previous two private re-signature key, unidirectional proxy re-signature schemes (one is proposed by Ateniese and Honhenberger at ACM CCS 2005, and the other is proposed by Libert and Vergnaud at ACM CCS 2008), which are proven secure in the AH model, can still be proven secure in our security model.
AB - In proxy re-signature (PRS), a semi-trusted proxy, with some additional information (a.k.a., re-signature key), can transform Alice's (delegatee) signature into Bob's (delegator) signature on the same message, but cannot produce an arbitrary signature on behalf of either the delegatee or the delegator. In this paper, we investigate the security model of proxy re-signature, and find that the previous security model proposed by Ateniese and Honhenberger at ACM CCS 2005 (referred to as the AH model) is not complete since it does not cover all possible attacks. In particular, the attack on the unidirectional proxy re-signature with private re-signature key. To show this, we artificially design such a proxy re-signature scheme, which is proven secure in the AH model but suffers from a specific attack. Furthermore, we propose a new security model to solve the problem of the AH model. Interestingly, the previous two private re-signature key, unidirectional proxy re-signature schemes (one is proposed by Ateniese and Honhenberger at ACM CCS 2005, and the other is proposed by Libert and Vergnaud at ACM CCS 2008), which are proven secure in the AH model, can still be proven secure in our security model.
UR - http://www.scopus.com/inward/record.url?scp=78649874535&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78649874535&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-14081-5_14
DO - 10.1007/978-3-642-14081-5_14
M3 - Conference contribution
AN - SCOPUS:78649874535
SN - 3642140807
SN - 9783642140808
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 216
EP - 232
BT - Information Security and Privacy - 15th Australasian Conference, ACISP 2010, Proceedings
T2 - 15th Australasian Conference on Information Security and Privacy, ACISP 2010
Y2 - 5 July 2010 through 7 July 2010
ER -