Certificate-based signatures: New definitions and a generic construction from certificateless signatures

Certificate-based encryption was introduced in Eurocrypt’03 to solve the certificate management problem in public key encryption. Recently, this idea has been extended to certificate-based signatures. To date, several new schemes and security models of certificate-based signatures have been proposed. In this paper, we first introduce a new security model of certificate-based signatures. Our model is not only more elaborated when compared with the existing ones, but also defines several new types of adversaries in certificate-based signatures. We then investigate the relationship between certificate-based signatures and certificateless signatures, by proposing a generic construction of certificate-based signatures from certificateless signatures. Our generic construction is secure (in the random oracle model) under the security model defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions.

A concrete certificateless signature scheme without pairings

Certificateless public key cryptography was introduced to avoid the inherent key escrow problem in identity-based cryptography, and eliminate the use of certificates in traditional PKI. Most cryptographic schemes in certificateless cryptography are built from bilinear mappings on elliptic curves which need costly operations. Despite the investigation of certificateless public key encryption without pairings, certificateless signature without pairings received much less attention than what it deserves. In this paper, we present a concrete pairing-free certificateless signature scheme for the first time. Our scheme is more computationally efficient than others built from pairings. The new scheme is provably secure in the random oracle model assuming the hardness of discrete logarithm problem.

Efficient and short certificateless signatures secure against realistic adversaries

The notion of certificateless cryptography is aimed to eliminate the use of certificates in traditional public key cryptography and also to solve the key-escrow problem in identity-based cryptography. Many kinds of security models have been designed for certificateless cryptography and many new schemes have been introduced based on the correspondence of the security models. In generally speaking, a stronger security model can ensure a certificateless cryptosystem with a higher security level, but a realistic model can lead to a more efficient scheme. In this paper, we focus on the efficiency of a certificateless signature (CLS) scheme and introduce an efficient CLS scheme with short signature size. On one hand, the security of the scheme is based on a realistic model. In this model, an adversary is not allowed to get any valid signature under false public keys. On the other hand, our scheme is as efficient as BLS short signature scheme in both communication and computation and, therefore, turns out to be more efficient than other CLS schemes proposed so far. We provide a rigorous security proof of our scheme in the random oracle model. The security of our scheme is based on the k-CAA hard problem and a new discovered hard problem, namely the modified k-CAA problem. Our scheme can be applied to systems where signatures are typed in by human or systems with low-bandwidth channels and/or low-computation power.

Certificate-based signatures revisited

Certificate-based encryption was introduced in Eurocrypt '03 to solve the certificate management problem in public key encryption. Recently, this idea was extended to certificate-based signatures. Several new schemes and security models of certificate-based signature by comparing it with digital signatures in other popular public key systems. We introduce a new security model of certificate-based signature, which defines several new types of adversaries against certificate-based signature, which defines several new types of adversaries against certificate-based signatures, along with the security model of certificate-based signatures against them. The new model is clearer and more elaborated compared with other existing ones. We then investigate the relationship between certificate-based signatures and certificate-less signatures, and propose a generic construction of certificate-based signatures and certificate less signatures, and propose a generic construction of certificate-based signatures. We prove that the generic construction is secure (in the random oracle model) against all types of adversaries defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions. Based on our generic construction, we are able to construct new certificate-based signatures schemes, which are more effiecient in comparison with other schemes with similar security levels

Certificateless ignatures: New schemes and security models

We present a study of security in certificateless signatures. We divide potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type I Adversary and Type II Adversary in certificateless cryptography, we then define the security of certificateless signatures in different attack scenarios. Our new security models, together with others in the literature, provide a clear definition of the security in certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proven secure (in the random oracle model) against Normal Type I and Super Type II adversaries, has the shortest signature length among all known certificateless signature schemes. The second scheme is secure (in the random oracle model) against Super Type I and Type II adversaries. Compared with another scheme that has a similar security level, our second scheme requires less operational cost but a little longer signature length. Two server-aided verification protocols are also proposed to reduce the verification cost on the verifier.

Secure universal designated verifier signature without random oracles

In Asiacrypt 2003, the concept of universal designated verifier signature (UDVS) was introduced by Steinfeld, Bull, Wang and Pieprzyk. In the new paradigm, any signature holder (not necessarily the signer) can designate the publicly verifiable signature to any desired designated verifier (using the verifier’s public key), such that only the designated verifier can believe that the signature holder does have a valid publicly verifiable signature, and hence, believes that the signer has signed the message. Any other third party cannot believe this fact because this verifier can use his secret key to create a valid UDVS which is designated to himself. In ACNS 2005, Zhang, Furukawa and Imai proposed the first UDVS scheme without random oracles. In this paper, we give a security analysis to the scheme of Zhang et al. and propose a novel UDVS scheme without random oracles based on Waters’ signature scheme, and prove that our scheme is secure under the Gap Bilinear Diffie Hellman assumption

Short designated verifier signature scheme and its identity-based variant

The notion of strong designated verifier signature was put forth by Jakobsson, Sako and Impagliazzo in 1996, but the formal definition was defined recently by Saeednia, Kremer and Markowitch in 2003 and revisited by Laguil- laumie and Vergnaud in 2004. In this paper, we firstly propose the notion of short strong designated verifier sig- nature scheme, and extend it to the short identity-based strong designated verifier scheme. Then, we propose the first construction of short strong designated verifier sig- nature scheme. We also extend our scheme to construct a short identity-based strong designated verifier signature scheme. The size of the signature of our schemes is the shortest compared to any existing schemes reported in the literature. We provide formal security proofs for our schemes based on the random oracle model. Finally, we also discuss an extension of our scheme to construct a short strong designated verifier signature without random oracle.

Cryptanalysis and improvement of an efficient certificateless signature scheme

In traditional digital signature schemes, certificates signed by a trusted party are required to ensure the authenticity of the public key. In Asiacrypt 2003, the concept of certificateless signature scheme was introduced. The advantage of certificate-less public key cryptography successfully eliminates the necessity of certificates in the traditional public key cryptography and simultaneously solves the inherent key escrow problem suffered in identity-based cryptography. Recently, Yap et al. proposed an efficient certificateless signature scheme and claimed that their scheme is existentially unforgeable in the random oracle model. In this paper, we show that the certificateless signature scheme proposed by Yap et al. is insecure against public key replacement attacks. Furthermore, we propose an improved certificateless signature scheme, which is existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model and provide the security proof of the proposed scheme.

Forgeability of Wang-Zhu-Feng-Yau’s attribute-based signature with policy-and-endorsement mechanism

Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffie-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et al.’s scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.’s proof.

Collagen type-I leads to in vivo matrix mineralization and secondary stabilization of Mg-Zr-Ca alloy implants

Biodegradable magnesium-zirconia-calcium (Mg-Zr-Ca) alloy implants were coated with Collagen type-I (Coll-I) and assessed for their rate and efficacy of bone mineralization and implant stabilization. The phases, microstructure and mechanical properties of these alloys were analyzed using X-ray diffraction (XRD), optical microscopy and compression test, respectively, and the corrosion behavior was established by their hydrogen production rate in simulated body fluid (SBF). Coll-I extracted from rat tail, and characterized using fourier transform infrared (FT-IR) spectroscopy, was used for dip-coating the Mg-based alloys. The coated alloys were implanted into the femur bones of male New Zealand white rabbits. In vivo bone formation around the implants was quantified by measuring the bone mineral content/density (BMC/BMD) using dual-energy X-ray absorptiometry (DXA). Osseointegration of the implant and new bone mineralization was visualized by histological and immunohistochemical analysis. Upon surface coating with Coll-I, these alloys demonstrated high surface energy showing enhanced performance as an implant material that is suitable for rapid and efficient new bone tissue induction with optimal mineral content and cellular properties. The results demonstrate that Coll-I coated Mg-Zr-Ca alloys have a tendency to form superior trabecular bone structure with better osteoinduction around the implants and higher implant secondary stabilization, through the phenomenon of contact osteogenesis, compared to the control and uncoated ones in shorter periods of implantation. Hence, Coll-I surface coating of Mg-Zr-Ca alloys is a promising method for expediting new bone formation in vivo and enhancing osseointegration in load bearing implant applications.

Illusions vary because of the types of decorations at bowers, not male skill at arranging them, in great bowerbirds

Many animals use extended phenotypes to attract mates, but the availability of suitable resources in the environment can affect the size and form of these signals, with unknown consequences for honest signalling. In some populations of the great bowerbird, Ptilonorhynchus nuchalis, males arrange decorations by size, with smaller decorations placed closer to the bower entrance than larger decorations. This may create a more even background pattern from the female's viewpoint within the bower than if decorations were arranged randomly. Males show consistent, individual variation in the size-distance gradient, which could reflect variation among males in the cognitive skills needed to arrange decorations. We examined whether individual consistency in gradient characteristics is related to a male's skill at decoration arrangement or the types of decorations at bowers. We paired 18 males and switched bower decorations between pairs. We measured gradient characteristics before switching and 4 and 8 days after switching. Gradient characteristics after switching were related to those of the bower from which decorations were received, not to those of the male's own bower before switching. Gradient characteristics were also related to the types of decorations received, including bones and snail shells. These results suggest that variation among males in the size-distance gradient is explained by differences in the availability of decorations at bowers, not the cognitive skills required to arrange decorations. Although variation in gradient characteristics could indicate the male's ability to locate and transport particular decorations, it could also reflect local availability of objects, with no relationship to male quality.

Femoroacetabular impingement osteoplasty is any resected amount safe? A laboratory based experiment with sawbones

There is an increased risk of fracture following osteoplasty of the femoral neck for cam-type femoroacetabular impingement (FAI). Resection of up to 30% of the anterolateral head–neck junction has previously been considered to be safe, however, iatrogenic fractures have been reported with resections within these limits. We re-evaluated the amount of safe resection at the anterolateral femoral head–neck junction using a biomechanically consistent model.In total, 28 composite bones were studied in four groups: control, 10% resection, 20% resection and 30% resection. An axial load was applied to the adducted and flexed femur. Peak load, deflection at time of fracture and energy to fracture were assessed using comparison groups.There was a marked difference in the mean peak load to fracture between the control group and the 10% resection group (p < 0.001). The control group also tolerated significantly more deflection before failure (p < 0.04). The mean peak load (p = 0.172), deflection (p = 0.547), and energy to fracture (p = 0.306) did not differ significantly between the 10%, 20%, and 30% resection groups.Any resection of the anterolateral quadrant of the femoral head–neck junction for FAI significantly reduces the load-bearing capacity of the proximal femur. After initial resection of cortical bone, there is no further relevant loss of stability regardless of the amount of trabecular bone resected.Based on our findings we recommend any patients who undergo anterolateral femoral head–neck junction osteoplasty should be advised to modify their post-operative routine until cortical remodelling occurs to minimise the subsequent fracture risk.

The epidemiology of incident fracture from cradle to senescence

To reduce the burden of fracture, not only does bone fragility need to be addressed, but also injury prevention. Thus, fracture epidemiology irrespective of degree of trauma is informative. We aimed to determine age-and-sex-specific fracture incidence rates for the Barwon Statistical Division, Australia, 2006-2007. Using radiology reports, incident fractures were identified for 5342 males and 4512 females, with incidence of 210.4 (95 % CI 204.8, 216.2) and 160.0 (155.3, 164.7)/10,000/year, respectively. In females, spine (clinical vertebral), hip (proximal femoral) and distal forearm fractures demonstrated a pattern of stable incidence through early adult life, with an exponential increase beginning in postmenopausal years for fractures of the forearm followed by spine and hip. A similar pattern was observed for the pelvis, humerus, femur and patella. Distal forearm, humerus, other forearm and ankle fractures showed incidence peaks during childhood and adolescence. For males, age-related changes mimicked the female pattern for fractures of the spine, hip, ribs, pelvis and humerus. Incidence at these sites was generally lower for males, particularly among the elderly. A similar childhood-adolescent peak was seen for the distal forearm and humerus. For ankle fractures, there was an increase during childhood and adolescence but this extended into early adult life; in contrast to females, there were no further age-related increases. An adolescent-young adult peak incidence was observed for fractures of the face, clavicle, carpal bones, hand, fingers, foot and toe, without further age-related increases. Examining patterns of fracture provides the evidence base for monitoring temporal changes in fracture burden, and for identifying high-incidence groups to which fracture prevention strategies could be directed.