Strongly secure certificateless key-insulated signature secure in the standard model


To protect signing rights against the compromise of secret key, the key-insulated signature (KIS) has attracted a lot of attention from the industry and academia. It would be interesting to investigate the notion of KIS in the certificateless public key cryptography (CL-PKC) environment to solve the problem of certificate management and key escrow simultaneously. To capture the seeming neglected attack mounted by the malicious key generation center (KGC), a stronger security model for the CL-PKC should be considered. In this paper, we first show that the only known CL-KIS scheme is vulnerable against malicious KGC attack, and then propose the first CL-KIS scheme secure against malicious KGC attack, with security proof in the standard model.

This is a preview of subscription content, access via your institution.

Fig. 1


  1. 1.

    Al-Riyami SS, Paterson KG (2003) Certificateless public key cryptography. In: Advances in Cryptology-ASIACRYPT 2003, LNCS 2849. Springer, Berlin Heidelberg, pp 452–473

  2. 2.

    Ateniese G, Blanton M, Kirsch J (2007) Secret handshakes with dynamic and fuzzy matching. In: Proceedings of the 14th annual network and distributed system security symposium-NDSS, vol 2, pp 159–177

  3. 3.

    Au MH, Chen J, Mu Y et al (2007) Malicious KGC attacks in certificateless cryptography. ACM symposium on Information, computer and communications security (ASIACCS’2007), pp 302–311

  4. 4.

    Balfanz D, Durfee G, Shankar N et al (2003) Secret handshakes from pairing-based key agreements. In: IEEE symposium on security and privacy, pp 180–196

  5. 5.

    Bao F, Deng RH, Zhu H (2003) Variations of Diffie-Hellman problem. In: 5th International conference on information and communication security-ICICS 2003, LNCS 2836. Springer, Berlin Heidelberg, pp 301–312

  6. 6.

    Boneh D, Franklin M (2001) Identity-based encryption from the weil pairing. Advances in Cryptology-CRYPTO 2001, LNCS 2139. Springer, Berlin Heidelberg, pp 213–229

  7. 7.

    Canetti R, Goldreich O, Halevi S (1998) The random oracle methodology, revisited. In: Proceedings 30th annual symposium on theory of computing (STOC’98), pp 209–218

  8. 8.

    Canetti R, Halevi S, Katz J (2003) A forward-secure public-key encryption scheme. Advances in Cryptology-EUROCRYPT 2003, LNCS 2656, pp 255–271

  9. 9.

    Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

    MATH  MathSciNet  Article  Google Scholar 

  10. 10.

    Dodis Y, Katz J, Xu S, YungM(2002) Strong key-insulated public key cryptosystems. Advances in Cryptology-Eurocrypt’ 02, LNCS 2332. Springer, Berlin Heidelberg, pp 65–82

  11. 11.

    Dodis Y, Katz J, Xu S, Yung M (2003) Strong key-insulated signature scheme. In: Proceedings of PKC, LNCS 2567. Springer, Berlin Heidelberg, pp 130–144

  12. 12.

    Du H, Li J, Zhang Y, Li T, Zhang Y (2012) Certificate-based key-insulated signature. In: 3rd International conference on data and knowledge Engineering-ICDKE 2012, LNCS 7696. Springer, Berlin Heidelberg, pp 206–220

  13. 13.

    He D, Chen J, Hu J (2011) An ID-based proxy signature schemes without bilinear pairings. Ann Telecommun 66(11–12):657–662

    Google Scholar 

  14. 14.

    Itkis G, Reyzin L (2001) Forward-secure signatures with optimal signing and verifying. Advances in Cryptology-CRYPTO’ 01, LNCS 2139. Springer, Berlin Heidelberg New York , pp 499–514

    Google Scholar 

  15. 15.

    Itkis G (2002) Intrusion-resilient signature: generic constructions, or defeating a strong adversary with minimal assumption. In: SCN’ 02, LNCS 2576. Springer, Berlin Heidelberg New York, pp 102–118

  16. 16.

    Li J, Du H, Zhang Y, Li T, Zhang Y (2014) Provably secure certificate-based key-insulated signature scheme. Concurrency and Computation: Practice and Experience 26(8):546–1560

  17. 17.

    Liu JK, Au MH, Susilo W (2007) Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In: 2nd ACM symposium on information, computer and communications security (ASIACCS 2007), pp 273–283

  18. 18.

    Miller CK (1999) Multicast networking and applications. Addison Wesley, Reading

    Google Scholar 

  19. 19.

    Ohtake G, Hanaoka G, Ogawa K (2006) Provider authentication for bidirectional broadcasting service with fixed verification key. In: 2008 International symposium on information theory and its applications-ISITA 2006, pp 155–160

  20. 20.

    Ohtake G, Hanaoka G, Ogawa K (2008) An efficient strong key-insulated signature scheme and its application. In: 5th European PKI workshop: theory and Practice-EuroPKI 2008, LNCS 5057. Springer, Berlin Heidelberg New York, pp 150–165

  21. 21.

    Paterson KG, Schuldt JCN (2006) Efficient identity-based signatures secure in the standard model. In: 11th Australasian conference on information security and privacy (ACISP 2006), LNCS 4058. Springer, Berlin Heidelberg, pp 207–222

  22. 22.

    Shamir A (1984) Identity-based cryptosystems and signature schemes. Advances in Cryptology-CRYPTO 1984, LNCS 196. Springer, Berlin Heidelberg, pp 47–53

  23. 23.

    Shao Z (2012) Verifiably encrypted short signatures from bilinear maps. Ann Telecommun 67(9-10):437–445

    Article  Google Scholar 

  24. 24.

    Shim K-A (2014) On the security of verifiably encrypted signature schemes in a multi-user setting. Ann Telecommun 69(11–12): 585–591

    Article  Google Scholar 

  25. 25.

    Tiwari N, Padhye S, He D (2013) Efficient ID-based multiproxy multisignature without bilinear maps in ROM. Ann Telecommun 68(3-4):231–237

    Article  Google Scholar 

  26. 26.

    Wan Z, Lai X, Weng J et al (2009) Certificateless key-insulated signature without random oracles. J Zhejiang Univ (Sci) A 10(12):1790–1800

    MATH  Article  Google Scholar 

  27. 27.

    Waters B (2005) Efficient identity based encryption without random oracles. Advances in Cryptology-EUROCRYPT 2005, LNCS 3494. Springer, Berlin Heidelberg, pp 114–127

  28. 28.

    Weng J, Liu S, Chen K, Li X (2006) Identity-based key-insulated signature with secure key-updates. In: 2nd SKLOIS conference on information security and cryptology (Inscrypt 2006), LNCS 4318, pp 13–26

  29. 29.

    Xiong H, Wu S, Li F, Qin Z (2015) Compact leakage-free ID-based signature scheme with applications to secret handshakes. Wirel Pers Commun 80(4):1671–1685

    Article  Google Scholar 

  30. 30.

    Xu S, Yung M (2004) K-anonymous secret handshakes with reusable credentials. In: Proceedings of the 11th ACM conference on computer and communications security-ACM CCS 2004, pp 158–167

  31. 31.

    Yu J, Kong F, Cheng X et al (2012) Intrusion-resilient identity-based signature: security definition and construction. J Syst Softw 85(2):382–391

    Article  Google Scholar 

  32. 32.

    Zhou Y, Cao Z, Chai Z (2006) Identity based key insulated signature. In: 2nd International conference on information security practice and experience (ISPEC 2006), LNCS 3903, pp 226–234

Download references


This research was supported by the National Natural Science Foundation of China General Projects Grant No. 61272029, 61003230, 61370026 and 61202445, Fundamental Research Funds for the Central Universities under Grant No. ZYGX2013J073, Applied Basic Research Program of Sichuan Province under Grant No. 2014JY0041, and the MOE key Laboratory for Transportation Complex Systems Theory and Technology, School of Traffic and Transportation, Beijing Jiaotong University. The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.

Author information



Corresponding authors

Correspondence to Yanan Chen or Weixiang Xu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Chen, Y., Xu, W. & Xiong, H. Strongly secure certificateless key-insulated signature secure in the standard model. Ann. Telecommun. 70, 395–405 (2015).

Download citation


  • Certificateless cryptosystem
  • Key-insulated signature
  • Malicious-but-passive KGC attack
  • Standard model