In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, ...In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplication (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest invalid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We also estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice.展开更多
Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are...Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.展开更多
Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir sec...Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.展开更多
The discrete logarithm method is the foundation of many public key algorithms. However, one type of key, defined as a weak-key, reduces the security of public key cryptosystems based on the discrete logarithm method. ...The discrete logarithm method is the foundation of many public key algorithms. However, one type of key, defined as a weak-key, reduces the security of public key cryptosystems based on the discrete logarithm method. The weak-key occurs if the public key is a factor or multiple of the primitive element, in which case the user's private key is not needed but can be obtained based on the character of the public key. An algorithm is presented that can easily test whether there is a weak-key in the cryptosystem. An example is given to show that an attack can be completed for the Elgamal digital signature if a weak-key exists, therefore validating the danger of weak-keys. Methods are given to prevent the generation of these weak-keys.展开更多
In this paper, we discuss the expected number of steps in solving multi-discrete logarithm problems over a group of elliptic curves with prime order by using Pollard's rho method and parallel collision search algorit...In this paper, we discuss the expected number of steps in solving multi-discrete logarithm problems over a group of elliptic curves with prime order by using Pollard's rho method and parallel collision search algorithm. We prove that when using these algorithms to compute discrete logarithms, the knowledge gained through computing many logarithms does not make it easier for finding other logarithms. Hence in an elliptic cryptosystem, it is safe for many users to share the same curve, with different private keys.展开更多
The discrete logarithm problem is analyzed from the perspective of Tate local duality. Local duality in the multiplicative case and the case of Jacobians of curves over p-adic local fields are considered. When the loc...The discrete logarithm problem is analyzed from the perspective of Tate local duality. Local duality in the multiplicative case and the case of Jacobians of curves over p-adic local fields are considered. When the local field contains the necessary roots of unity, the case of curves over local fields is polynomial time reducible to the multiplicative case, and the multiplicative case is polynomial time equivalent to computing discrete logarithm in finite fields. When the local field does not contains the necessary roots of unity, similar results can be obtained at the cost of going to an extension that contains these roots of unity. There was evidence in the analysis that suggests that the minimal extension where the local duality can be rationally and algorithmically defined must contain the roots of unity. Therefore, the discrete logarithm problem appears to be well protected against an attack using local duality. These results are also of independent interest for algorithmic study of arithmetic duality as they explicitly relate local duality in the case of curves over local fields to the multiplicative case and Tate-Lichtenbaum pairing (over finite fields).展开更多
To enhance the security of signature schemes, Wang proposed two signature schemes based on the difficulties of simultaneously solving the factoring and discrete logarithm' problems with almost the same sizes of arith...To enhance the security of signature schemes, Wang proposed two signature schemes based on the difficulties of simultaneously solving the factoring and discrete logarithm' problems with almost the same sizes of arithmetic modulus. This paper, firstly, shows that Wang's signature scheme 1 do not satisfy the claimed properties. Moreover, we will point out that the all variants of Wang's scheme 2 are not secure if attackers can solve discrete logarithm problems.展开更多
The representative collective digital signature,which was suggested by us,is built based on combining the advantages of group digital signature and collective digital signature.This collective digital signature schema...The representative collective digital signature,which was suggested by us,is built based on combining the advantages of group digital signature and collective digital signature.This collective digital signature schema helps to create a unique digital signature that deputizes a collective of people representing different groups of signers and may also include personal signers.The advantage of the proposed collective signature is that it can be built based on most of the well-known difficult problems such as the factor analysis,the discrete logarithm and finding modulo roots of large prime numbers and the current digital signature standards of the United States and Russian Federation.In this paper,we use the discrete logarithmic problem on prime finite fields,which has been implemented in the GOST R34.10-1994 digital signature standard,to build the proposed collective signature protocols.These protocols help to create collective signatures:Guaranteed internal integrity and fixed size,independent of the number of members involved in forming the signature.The signature built in this study,consisting of 3 components(U,R,S),stores the information of all relevant signers in the U components,thus tracking the signer and against the“disclaim of liability”of the signer later is possible.The idea of hiding the signer’s public key is also applied in the proposed protocols.This makes it easy for the signing group representative to specify which members are authorized to participate in the signature creation process.展开更多
In order to improve the security of the signature scheme, a digital signature based on two hard-solved problems is proposed. The discrete logarithm problem and the factoring problem are two well known hard- solved mat...In order to improve the security of the signature scheme, a digital signature based on two hard-solved problems is proposed. The discrete logarithm problem and the factoring problem are two well known hard- solved mathematical problems. Combining the E1Gamal scheme based on the discrete logarithm problem and the OSS scheme based on the factoring problem, a digital signature scheme based on these two cryptographic assumptions is proposed. The security of the proposed scheme is based on the difficulties of simultaneously solving the factoring problem and the discrete logarithm problem. So the signature scheme will be still secure under the situation that any one of the two hard-problems is solved. Compared with previous schemes, the proposed scheme is more efficient in terms of space storage, signature length and computation complexities.展开更多
Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
A proxy signature scheme allows an original signer to delegate his signing capability to a proxy signer who can sign on behalf of the original signer. A blind signature is the concept with a salient feature that the s...A proxy signature scheme allows an original signer to delegate his signing capability to a proxy signer who can sign on behalf of the original signer. A blind signature is the concept with a salient feature that the signer can not make a linkage between the blind signature and the identity of the requester. Proxy signature and blind signature are used widely in electronic commerce. With satisfying the security properties of both two signatures, a new proxy blind signature scheme based on discrete logarithm problem is proposed.展开更多
Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is ...Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is equivalent to partial LUC discrete logarithm problem in ZN, and for the proposed probabilistic encryption scheme, its semantic security is equivalent to decisional LUC Diffie-Hellman problem in ZN. At last, the efficiency of the proposed schemes is briefly analyzed.展开更多
Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure multiparty computat...Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure multiparty computation and electronic commerce. But up to now, study of signature based on general vector space secret sharing is very weak. Aiming at this drawback, the authors did some research on vector space secret sharing against cheaters, and proposed an efficient but secure vector space secret sharing based multi-signature scheme, which is implemented in two channels. In this scheme, the group signature can be easily produced if an authorized subset of participants pool their secret shadows and it is impossible for them to generate a group signature if an unauthorized subset of participants pool their secret shadows. The validity of the group signature can be verified by means of verification equations. A group signature of authorized subset of participants cannot be impersonated by any other set of partici- pants. Moreover, the suspected forgery can be traced, and the malicious participants can be detected in the scheme. None of several possible attacks can successfully break this scheme.展开更多
Although the He Kiesler signature is said to be proposed based on the discrete logarithm problem and the factorization problem, it has been proved that the signature is not as secure as it was stated to be. A new sig...Although the He Kiesler signature is said to be proposed based on the discrete logarithm problem and the factorization problem, it has been proved that the signature is not as secure as it was stated to be. A new signature scheme is here proposed based on the discrete logarithm problem and the factorization problem to enhance the security of the He Kiesler signature.展开更多
Quadratic-field cryptosystem is a cryptosystem built from discrete logarithm problem in ideal class groups of quadratic fields(CL-DLP). The problem on digital signature scheme based on ideal class groups of quadratic ...Quadratic-field cryptosystem is a cryptosystem built from discrete logarithm problem in ideal class groups of quadratic fields(CL-DLP). The problem on digital signature scheme based on ideal class groups of quadratic fields remained open, because of the difficulty of computing class numbers of quadratic fields. In this paper, according to our researches on quadratic fields, we construct the first digital signature scheme in ideal class groups of quadratic fields, using q as modulus, which denotes the prime divisors of ideal class numbers of quadratic fields. Security of the new signature scheme is based fully on CL-DLP. This paper also investigates realization of the scheme, and proposes the concrete technique. In addition, the technique introduced in the paper can be utilized to realize signature schemes of other kinds.展开更多
The design and implementation of fast algorithms related to Elliptic Curve Cryptography (ECC) over the field GF(p), such as modular addition, modular subtraction, point addition, point production, choice of embedding ...The design and implementation of fast algorithms related to Elliptic Curve Cryptography (ECC) over the field GF(p), such as modular addition, modular subtraction, point addition, point production, choice of embedding plaintext to a point, etc. are given. A practical software library has been produced which supports variable length implementation of the ECCbased ElGamal cryptosystem. More importantly, this scalable architecture of the design enables the ECC being used in restricted platforms as well as high-end servers based on Intel Pentium CPU. Applications such as electronic commerce security, data encryption communication, etc.are thus made possible for real time and effective ECC.展开更多
Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selec...Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other partici- pants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each par- ticipant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir’s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.展开更多
A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can genera...A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations.展开更多
Based on the difficulty in computing discrete logarilhm and square 1001 onsome special conditions, we propose a basic threshold seeret sharing scheme for multiple secretswith multiple policies, which allows a group of...Based on the difficulty in computing discrete logarilhm and square 1001 onsome special conditions, we propose a basic threshold seeret sharing scheme for multiple secretswith multiple policies, which allows a group of users to share multiple secrttkeys and only onesecret shadow to be ktpt by each user. An efficient threshold decryption scheme with multiplepolicies is designed on the basis of the basic threshold scheme. This decryption scheme allowsmultiple secret keys to he shared among a groupof users, and each user to ketp only one secretshadow. Different public keys can be used to encrypt documents. If and only if the number ofcooperated users who koop the secret shadows is greater than or c-qual to the threshold value of thecorresponding secret key, they can cooperate to decrypt the documents. It is proved that theproposed scheme has very strong security, unless the attackers can solve the discrete logarithmproblem and the square root problem.展开更多
Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem th...Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.展开更多
基金supported by the National Basic Research Program (973 Program)under Grant No.2013CB834205 the National Natural Science Foundation of China under Grant No.61272035 the Independent Innovation Foundation of Shandong University under Grant No.2012JC020
文摘In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplication (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest invalid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We also estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice.
基金Supported by the National Natural Science Foun-dation of China (60573047)
文摘Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.
文摘Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.
基金Supported by the National Key Basic Research and Development (973) Program (No. 2003CB314805) and the National Natural Science Foundation of China (No. 90304014)
文摘The discrete logarithm method is the foundation of many public key algorithms. However, one type of key, defined as a weak-key, reduces the security of public key cryptosystems based on the discrete logarithm method. The weak-key occurs if the public key is a factor or multiple of the primitive element, in which case the user's private key is not needed but can be obtained based on the character of the public key. An algorithm is presented that can easily test whether there is a weak-key in the cryptosystem. An example is given to show that an attack can be completed for the Elgamal digital signature if a weak-key exists, therefore validating the danger of weak-keys. Methods are given to prevent the generation of these weak-keys.
基金NNSF of China.No.90304012973 Project,No.2004CB318000
文摘In this paper, we discuss the expected number of steps in solving multi-discrete logarithm problems over a group of elliptic curves with prime order by using Pollard's rho method and parallel collision search algorithm. We prove that when using these algorithms to compute discrete logarithms, the knowledge gained through computing many logarithms does not make it easier for finding other logarithms. Hence in an elliptic cryptosystem, it is safe for many users to share the same curve, with different private keys.
文摘The discrete logarithm problem is analyzed from the perspective of Tate local duality. Local duality in the multiplicative case and the case of Jacobians of curves over p-adic local fields are considered. When the local field contains the necessary roots of unity, the case of curves over local fields is polynomial time reducible to the multiplicative case, and the multiplicative case is polynomial time equivalent to computing discrete logarithm in finite fields. When the local field does not contains the necessary roots of unity, similar results can be obtained at the cost of going to an extension that contains these roots of unity. There was evidence in the analysis that suggests that the minimal extension where the local duality can be rationally and algorithmically defined must contain the roots of unity. Therefore, the discrete logarithm problem appears to be well protected against an attack using local duality. These results are also of independent interest for algorithmic study of arithmetic duality as they explicitly relate local duality in the case of curves over local fields to the multiplicative case and Tate-Lichtenbaum pairing (over finite fields).
基金This project is supported by National Natural Science Foundation of China(60673053)
文摘To enhance the security of signature schemes, Wang proposed two signature schemes based on the difficulties of simultaneously solving the factoring and discrete logarithm' problems with almost the same sizes of arithmetic modulus. This paper, firstly, shows that Wang's signature scheme 1 do not satisfy the claimed properties. Moreover, we will point out that the all variants of Wang's scheme 2 are not secure if attackers can solve discrete logarithm problems.
基金supported by Duy Tan University,Da Nang,Vietnam.
文摘The representative collective digital signature,which was suggested by us,is built based on combining the advantages of group digital signature and collective digital signature.This collective digital signature schema helps to create a unique digital signature that deputizes a collective of people representing different groups of signers and may also include personal signers.The advantage of the proposed collective signature is that it can be built based on most of the well-known difficult problems such as the factor analysis,the discrete logarithm and finding modulo roots of large prime numbers and the current digital signature standards of the United States and Russian Federation.In this paper,we use the discrete logarithmic problem on prime finite fields,which has been implemented in the GOST R34.10-1994 digital signature standard,to build the proposed collective signature protocols.These protocols help to create collective signatures:Guaranteed internal integrity and fixed size,independent of the number of members involved in forming the signature.The signature built in this study,consisting of 3 components(U,R,S),stores the information of all relevant signers in the U components,thus tracking the signer and against the“disclaim of liability”of the signer later is possible.The idea of hiding the signer’s public key is also applied in the proposed protocols.This makes it easy for the signing group representative to specify which members are authorized to participate in the signature creation process.
基金The National Natural Science Foundation of China(No60402019)the Science Research Program of Education Bureau of Hubei Province (NoQ200629001)
文摘In order to improve the security of the signature scheme, a digital signature based on two hard-solved problems is proposed. The discrete logarithm problem and the factoring problem are two well known hard- solved mathematical problems. Combining the E1Gamal scheme based on the discrete logarithm problem and the OSS scheme based on the factoring problem, a digital signature scheme based on these two cryptographic assumptions is proposed. The security of the proposed scheme is based on the difficulties of simultaneously solving the factoring problem and the discrete logarithm problem. So the signature scheme will be still secure under the situation that any one of the two hard-problems is solved. Compared with previous schemes, the proposed scheme is more efficient in terms of space storage, signature length and computation complexities.
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金Supported by the National High Technology Research and Development Program of China (2004AA001021), the Anhui Province Educa-tion Department Project (G2006jq1011) and Hefei University of Technology Project (G061105F)
文摘A proxy signature scheme allows an original signer to delegate his signing capability to a proxy signer who can sign on behalf of the original signer. A blind signature is the concept with a salient feature that the signer can not make a linkage between the blind signature and the identity of the requester. Proxy signature and blind signature are used widely in electronic commerce. With satisfying the security properties of both two signatures, a new proxy blind signature scheme based on discrete logarithm problem is proposed.
基金Supported by the 973 State Key Project of China (No.G1999035803)the National Natural Science Foundation of China (No.69931010).
文摘Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is equivalent to partial LUC discrete logarithm problem in ZN, and for the proposed probabilistic encryption scheme, its semantic security is equivalent to decisional LUC Diffie-Hellman problem in ZN. At last, the efficiency of the proposed schemes is briefly analyzed.
文摘Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure multiparty computation and electronic commerce. But up to now, study of signature based on general vector space secret sharing is very weak. Aiming at this drawback, the authors did some research on vector space secret sharing against cheaters, and proposed an efficient but secure vector space secret sharing based multi-signature scheme, which is implemented in two channels. In this scheme, the group signature can be easily produced if an authorized subset of participants pool their secret shadows and it is impossible for them to generate a group signature if an unauthorized subset of participants pool their secret shadows. The validity of the group signature can be verified by means of verification equations. A group signature of authorized subset of participants cannot be impersonated by any other set of partici- pants. Moreover, the suspected forgery can be traced, and the malicious participants can be detected in the scheme. None of several possible attacks can successfully break this scheme.
文摘Although the He Kiesler signature is said to be proposed based on the discrete logarithm problem and the factorization problem, it has been proved that the signature is not as secure as it was stated to be. A new signature scheme is here proposed based on the discrete logarithm problem and the factorization problem to enhance the security of the He Kiesler signature.
文摘Quadratic-field cryptosystem is a cryptosystem built from discrete logarithm problem in ideal class groups of quadratic fields(CL-DLP). The problem on digital signature scheme based on ideal class groups of quadratic fields remained open, because of the difficulty of computing class numbers of quadratic fields. In this paper, according to our researches on quadratic fields, we construct the first digital signature scheme in ideal class groups of quadratic fields, using q as modulus, which denotes the prime divisors of ideal class numbers of quadratic fields. Security of the new signature scheme is based fully on CL-DLP. This paper also investigates realization of the scheme, and proposes the concrete technique. In addition, the technique introduced in the paper can be utilized to realize signature schemes of other kinds.
基金the National Natural Science Foundation of China(No.60271025)
文摘The design and implementation of fast algorithms related to Elliptic Curve Cryptography (ECC) over the field GF(p), such as modular addition, modular subtraction, point addition, point production, choice of embedding plaintext to a point, etc. are given. A practical software library has been produced which supports variable length implementation of the ECCbased ElGamal cryptosystem. More importantly, this scalable architecture of the design enables the ECC being used in restricted platforms as well as high-end servers based on Intel Pentium CPU. Applications such as electronic commerce security, data encryption communication, etc.are thus made possible for real time and effective ECC.
基金Supported by the 973 Project of China(G19990358?04)
文摘Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other partici- pants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each par- ticipant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir’s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.
基金Project (No. 10271037) supported by the National Natural Sci-ence Foundation of China
文摘A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations.
文摘Based on the difficulty in computing discrete logarilhm and square 1001 onsome special conditions, we propose a basic threshold seeret sharing scheme for multiple secretswith multiple policies, which allows a group of users to share multiple secrttkeys and only onesecret shadow to be ktpt by each user. An efficient threshold decryption scheme with multiplepolicies is designed on the basis of the basic threshold scheme. This decryption scheme allowsmultiple secret keys to he shared among a groupof users, and each user to ketp only one secretshadow. Different public keys can be used to encrypt documents. If and only if the number ofcooperated users who koop the secret shadows is greater than or c-qual to the threshold value of thecorresponding secret key, they can cooperate to decrypt the documents. It is proved that theproposed scheme has very strong security, unless the attackers can solve the discrete logarithmproblem and the square root problem.
基金This research is funded by UKM under Grant No.GUP-2020-029.
文摘Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.
