A ccmspiracy attack is proposed to show that Wang-Li's scheme is instcure,because any t or more group members can impersonate other t member to sign any message withoutholding the responsibility. To avoid the cons...A ccmspiracy attack is proposed to show that Wang-Li's scheme is instcure,because any t or more group members can impersonate other t member to sign any message withoutholding the responsibility. To avoid the conspiracy attack, this paper prestentsa new (t,n)threshold signature scheme with traceablt signers. A (t. n) threshold signature scheme allows t ormore group members of the group lo generate a signature on behalf of the group, Any less than tmembers cannot generate a valid signature, andany set of the group cannot impersonate another set ofmembers to sign any message without holding the responsibility. In case of disputes., the thresholdsignature can be opened, so that the original signers ean be traced without repealing the secretkeys.展开更多
Based on tht difficulty of solving the ECDLP (elliptic curve discretelogarithm problem) on the finite field, we present a (t, n) threshold signature scheme and averifiable key agreement scheme without trusted party. A...Based on tht difficulty of solving the ECDLP (elliptic curve discretelogarithm problem) on the finite field, we present a (t, n) threshold signature scheme and averifiable key agreement scheme without trusted party. Applying a modified elliptic curve signatureequation, we gel a more efficient signature scheme than the existing ECDSA (elliptic curve digitalsignature algorithm) from the computability and security view. Our scheme has a shorter key, fastercomputation, and better security.展开更多
The participating wireless mobile node that mobile ad hoc network (MANET) communications need to forward may be malicious. That means not only adversary might be able to acquire some sensitive information of the thr...The participating wireless mobile node that mobile ad hoc network (MANET) communications need to forward may be malicious. That means not only adversary might be able to acquire some sensitive information of the threshold signatures from the compromised node, but also the partial signatures may be fabricated by malicious node, the advantages of threshold signatures would disappear. Signing and encrypting the sensitive information of the threshold signatures, and only the specified receiver can recover it, which will improve the confidentiality of threshold signatures. The security analysis shows the method is suitable for the secure characteristic of MANET that has the malicious nodes, and the message transmission is secure can against the attack.展开更多
This paper proposes a new proactive weighted threshold signature scheme based on Iflene's general secret sharing, the generalized Chinese remainder theorem, and the RSA threshold signature, which is itself based on t...This paper proposes a new proactive weighted threshold signature scheme based on Iflene's general secret sharing, the generalized Chinese remainder theorem, and the RSA threshold signature, which is itself based on the Chinese reminder theorem. In our scheme, group members are divided into different subgroups, and a positive weight is associated to each subgroup, where all members of the same subgroup have the same weight. The group signature can be generated if and only if the sum of the weights of members involved is greater than or equal to a fixed threshold value. Meanwhile, the private key of the group members and the public key of the group can be updated periodically by performing a simple operation aimed at refreshing the group signature message. This periodical refreshed individual signature message can enhance the security of the proposed weighted threshold signature scheme.展开更多
Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. I...Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. In this paper, server-assisted for-ward-secure threshold signature is proposed. The system is composed of n1 servers and n2 users. Each user and each server holds a partial secret, respectively. To produce a valid signature, users and servers need to cooperate to complete the work. The partial secrets of the users and servers are updated by a one-way function at regular intervals, while the public key is always fixed. Even if all the current partial secrets are exposed, the signatures pertaining to previous periods are still valid.展开更多
To prevent active attack, we propose a new threshold signature scheme usingself-certified public keys, which makes use of hash function and discrete logarithm problem. Thescheme has less commutnication and computation...To prevent active attack, we propose a new threshold signature scheme usingself-certified public keys, which makes use of hash function and discrete logarithm problem. Thescheme has less commutnication and computation cost than previous schemes. Furthermore, the signatmeprocess of the proposed scheme is non-interactive.展开更多
Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir sec...Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.展开更多
A threshold signature is a special digital signature in which the N-signer share the private key x and can construct a valid signature for any subset of the included t-signer,but less than t-signer cannot obtain any i...A threshold signature is a special digital signature in which the N-signer share the private key x and can construct a valid signature for any subset of the included t-signer,but less than t-signer cannot obtain any information.Considering the breakthrough achievements of threshold ECDSA signature and threshold Schnorr signature,the existing threshold SM2 signature is still limited to two parties or based on the honest majority setting,there is no more effective solution for the multiparty case.To make the SM2 signature have more flexible application scenarios,promote the application of the SM2 signature scheme in the blockchain system and secure cryptocurrency wallets.This paper designs a non-interactive threshold SM2signature schemebasedon partially homomorphic encryption and zero-knowledge proof.Only the last round requires the message input,so make our scheme non-interactive,and the pre-signing process takes 2 rounds of communication to complete after the key generation.We allow arbitrary threshold t<n and design a key update strategy.It can achieve security with identifiable abort under the malicious majority,which means that if the signature process fails,we can find the failed party.Performance analysis shows that the computation and communication costs of the pre-signing process grows linearly with the parties,and it is only 1/3 of the Canetti's threshold ECDSA(CCS'20).展开更多
Threshold signature is an important branch of the digital signature scheme,which can distribute signature rights and avoid the abuse of signature rights.With the continuous development of quantum computation and quant...Threshold signature is an important branch of the digital signature scheme,which can distribute signature rights and avoid the abuse of signature rights.With the continuous development of quantum computation and quantum information,quantum threshold signatures are gradually becoming more popular.Recently,a quantum(t,n)threshold group signature scheme was analyzed that uses techniques such as quantum-controlled-not operation and quantum teleportation.However,this scheme cannot resist forgery attack and does not conform to the design of a threshold signature in the signing phase.Based on the original scheme,we propose an improved quantum(t,n)threshold signature scheme using quantum(t,n)threshold secret sharing technology.The analysis proves that the improved scheme can resist forgery attack and collusion attack,and it is undeniable.At the same time,this scheme reduces the level of trust in the arbitrator during the signature phase.展开更多
Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Neverthel...Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Nevertheless,most IDTS schemes rely on a trusted key generation center(KGC).Recently,some IDTS schemes can achieve escrow-free security against corrupted KGC,but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting,where cheaters may force the protocol to abort without providing any feedback.In this work,we present a fully decentralized IDTS scheme to resist corrupted KGC and denialof-service attacks.To this end,we design threshold protocols to achieve distributed key generation,private key extraction,and signing generation which can withstand the collusion between KGCs and signers,and then we propose an identification mechanism that can detect the identity of cheaters during key generation,private key extraction and signing generation.Finally,we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks.The experimental results show that the computation time of both key generation and signing generation is<1 s,and private key extraction is about 3 s,which is practical in the distributed environment.展开更多
Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In...Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.展开更多
Threshold signature plays an important role to distribute the power of a single authority in modem electronic society. In order to add functions and improve efficiency of threshold signatures, a multi-policy threshold...Threshold signature plays an important role to distribute the power of a single authority in modem electronic society. In order to add functions and improve efficiency of threshold signatures, a multi-policy threshold signature scheme with distinguished signing authorities is proposed. In the scheme two groups can sign and verify each other, so the scheme is two-way signing and verifying. Moreover, the threshold values of the two groups can change with the security classification of the signing document, every discretionary signatory only signs a small part of the document instead of the whole one, so the bandwidth of data transmission for group signature construction can be reduced and the size of group signature is equivalent to that of any individual signature.展开更多
Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults)...Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults), by gating the critical action on cooperation from t(t ∈Z+) of n(n ∈Z+) users. A (t, n) threshold scheme (t < n) is a method by which a trusted party computes secret shares Γi(1 i n) from an initial secret Γ0 and securely distributes Γi to user. Any t or more users who pool their shares may easily recover Γ0, but any group knowing only t-1 or fewer shares may not. By the ElGamal public key cryptophytes and the Schnorr's signature scheme, this paper proposes a new (t,n) threshold signature scheme with (k,m) (k,m ∈Z+) threshold verification based on the multivariate linear polynomial.展开更多
A group-oriented (t, n) threshold signature scheme employs the cryptographic techniques of secret share, allows any subset of t players out of n players to sign message on behalf of the group and disallows the creat...A group-oriented (t, n) threshold signature scheme employs the cryptographic techniques of secret share, allows any subset of t players out of n players to sign message on behalf of the group and disallows the creation of a valid signature if fewer than t players take part in the signature protocol. In this paper, we proposed a new group-oriented (t, n) threshold signature schemes with traceable signers based on Schnorr signature. The proposed scheme is proved traceable, robust and unforgeable against the "static" adversary with the discrete logarithm assumption in the random oracle model and existence of broadcast channel. The proofs of the strongest security (existential unforgeability against adaptively chosen message attacks under the discrete logarithm assumption) are provided in the random oracle model.展开更多
The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signi...The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.展开更多
Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind...Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind signature from Weil pairing on super-singular elliptic curves or hyper-elliptic curves over finite field and prove that our scheme is provably secure in the random oracle model.展开更多
In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid th...In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.展开更多
Threshold digital signature and blind signature are playing important roles in cryptography as well as in practical applications such as e-cash and e-voting systems. Over the past few years, many cryptographic researc...Threshold digital signature and blind signature are playing important roles in cryptography as well as in practical applications such as e-cash and e-voting systems. Over the past few years, many cryptographic researchers have made considerable headway in this field. However, to our knowledge, most of existing threshold blind signature schemes are based on the discrete logarithm problem. In this paper, we propose a new robust threshold partial blind signature scheme based on improved RSA cryptosystem, This scheme is the first threshold partial blind signature scheme based on factoring, and the robustness of threshold partial blind signature is also introduced. Moreover, in practical application, the proposed scheme will be especially suitable for blind signature-based voting systems with multiple administrators and secure electronic cash systems to prevent their abuse.展开更多
A previous proactive RSA scheme for large-scale ad hoc network has been shown to be faulty. In this paper, we present a new proactive RSA scheme for ad hoc networks, which includes four protocols: the initial key dis...A previous proactive RSA scheme for large-scale ad hoc network has been shown to be faulty. In this paper, we present a new proactive RSA scheme for ad hoc networks, which includes four protocols: the initial key distribution protocol, the share refreshing protocol, the share distribution protocol, and the signature generation protocol. This scheme has two advantages: the building blocks are secure, and the system is efficient.展开更多
文摘A ccmspiracy attack is proposed to show that Wang-Li's scheme is instcure,because any t or more group members can impersonate other t member to sign any message withoutholding the responsibility. To avoid the conspiracy attack, this paper prestentsa new (t,n)threshold signature scheme with traceablt signers. A (t. n) threshold signature scheme allows t ormore group members of the group lo generate a signature on behalf of the group, Any less than tmembers cannot generate a valid signature, andany set of the group cannot impersonate another set ofmembers to sign any message without holding the responsibility. In case of disputes., the thresholdsignature can be opened, so that the original signers ean be traced without repealing the secretkeys.
文摘Based on tht difficulty of solving the ECDLP (elliptic curve discretelogarithm problem) on the finite field, we present a (t, n) threshold signature scheme and averifiable key agreement scheme without trusted party. Applying a modified elliptic curve signatureequation, we gel a more efficient signature scheme than the existing ECDSA (elliptic curve digitalsignature algorithm) from the computability and security view. Our scheme has a shorter key, fastercomputation, and better security.
基金Supported by the National Network and Informa-tion Secure Guarantee Sustainable Development Plan (2004 Research1-917-C-021)
文摘The participating wireless mobile node that mobile ad hoc network (MANET) communications need to forward may be malicious. That means not only adversary might be able to acquire some sensitive information of the threshold signatures from the compromised node, but also the partial signatures may be fabricated by malicious node, the advantages of threshold signatures would disappear. Signing and encrypting the sensitive information of the threshold signatures, and only the specified receiver can recover it, which will improve the confidentiality of threshold signatures. The security analysis shows the method is suitable for the secure characteristic of MANET that has the malicious nodes, and the message transmission is secure can against the attack.
基金supported by the National Natural Science Foundation of China under Grant No. 61103233
文摘This paper proposes a new proactive weighted threshold signature scheme based on Iflene's general secret sharing, the generalized Chinese remainder theorem, and the RSA threshold signature, which is itself based on the Chinese reminder theorem. In our scheme, group members are divided into different subgroups, and a positive weight is associated to each subgroup, where all members of the same subgroup have the same weight. The group signature can be generated if and only if the sum of the weights of members involved is greater than or equal to a fixed threshold value. Meanwhile, the private key of the group members and the public key of the group can be updated periodically by performing a simple operation aimed at refreshing the group signature message. This periodical refreshed individual signature message can enhance the security of the proposed weighted threshold signature scheme.
基金the National Natural Science Foundation of China (60703089)the National High-Technology Research and Development Program of China (863 Program) (2006AA012110)
文摘Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. In this paper, server-assisted for-ward-secure threshold signature is proposed. The system is composed of n1 servers and n2 users. Each user and each server holds a partial secret, respectively. To produce a valid signature, users and servers need to cooperate to complete the work. The partial secrets of the users and servers are updated by a one-way function at regular intervals, while the public key is always fixed. Even if all the current partial secrets are exposed, the signatures pertaining to previous periods are still valid.
文摘To prevent active attack, we propose a new threshold signature scheme usingself-certified public keys, which makes use of hash function and discrete logarithm problem. Thescheme has less commutnication and computation cost than previous schemes. Furthermore, the signatmeprocess of the proposed scheme is non-interactive.
文摘Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.
文摘A threshold signature is a special digital signature in which the N-signer share the private key x and can construct a valid signature for any subset of the included t-signer,but less than t-signer cannot obtain any information.Considering the breakthrough achievements of threshold ECDSA signature and threshold Schnorr signature,the existing threshold SM2 signature is still limited to two parties or based on the honest majority setting,there is no more effective solution for the multiparty case.To make the SM2 signature have more flexible application scenarios,promote the application of the SM2 signature scheme in the blockchain system and secure cryptocurrency wallets.This paper designs a non-interactive threshold SM2signature schemebasedon partially homomorphic encryption and zero-knowledge proof.Only the last round requires the message input,so make our scheme non-interactive,and the pre-signing process takes 2 rounds of communication to complete after the key generation.We allow arbitrary threshold t<n and design a key update strategy.It can achieve security with identifiable abort under the malicious majority,which means that if the signature process fails,we can find the failed party.Performance analysis shows that the computation and communication costs of the pre-signing process grows linearly with the parties,and it is only 1/3 of the Canetti's threshold ECDSA(CCS'20).
基金the National Natural Science Foundation of China(Grant Nos.61771294 and 61972235)。
文摘Threshold signature is an important branch of the digital signature scheme,which can distribute signature rights and avoid the abuse of signature rights.With the continuous development of quantum computation and quantum information,quantum threshold signatures are gradually becoming more popular.Recently,a quantum(t,n)threshold group signature scheme was analyzed that uses techniques such as quantum-controlled-not operation and quantum teleportation.However,this scheme cannot resist forgery attack and does not conform to the design of a threshold signature in the signing phase.Based on the original scheme,we propose an improved quantum(t,n)threshold signature scheme using quantum(t,n)threshold secret sharing technology.The analysis proves that the improved scheme can resist forgery attack and collusion attack,and it is undeniable.At the same time,this scheme reduces the level of trust in the arbitrator during the signature phase.
基金support by the National Key R&D Program of China(No.2021YFB3100400)the National Natural Science Foundation of China(Grant Nos.62172216,U20A201092)+6 种基金the Jiangsu Provincial Key Research and Development Program(Nos.BE2022068,BE2022068-2)the Key R&D Program of Guangdong Province(No.2020B0101090002)the Natural Science Foundation of Jiangsu Province(No.BK20211180)the Research Fund of Guangxi Key Laboratory of Trusted Software(No.KX202034)the Research Fund of State Key Laboratory of Integrated Services Networks(Xidian University)(No.ISN23-20)the Fund of Prospective Layout of Scientific Research for NUAA(Nanjing University of Aeronautics and Astronautics)JSPS Postdoctoral Fellowships(No.P21073).
文摘Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Nevertheless,most IDTS schemes rely on a trusted key generation center(KGC).Recently,some IDTS schemes can achieve escrow-free security against corrupted KGC,but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting,where cheaters may force the protocol to abort without providing any feedback.In this work,we present a fully decentralized IDTS scheme to resist corrupted KGC and denialof-service attacks.To this end,we design threshold protocols to achieve distributed key generation,private key extraction,and signing generation which can withstand the collusion between KGCs and signers,and then we propose an identification mechanism that can detect the identity of cheaters during key generation,private key extraction and signing generation.Finally,we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks.The experimental results show that the computation time of both key generation and signing generation is<1 s,and private key extraction is about 3 s,which is practical in the distributed environment.
基金the National Natural Science Foundation of China (60573043, 60372046).
文摘Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.
基金supported by the National Natural Science Foundation of China (90718001, 60821001)the National Basic Research Program of China (2007CB310704)National S&T Major Program (2009ZX 03004-003-03)
文摘Threshold signature plays an important role to distribute the power of a single authority in modem electronic society. In order to add functions and improve efficiency of threshold signatures, a multi-policy threshold signature scheme with distinguished signing authorities is proposed. In the scheme two groups can sign and verify each other, so the scheme is two-way signing and verifying. Moreover, the threshold values of the two groups can change with the security classification of the signing document, every discretionary signatory only signs a small part of the document instead of the whole one, so the bandwidth of data transmission for group signature construction can be reduced and the size of group signature is equivalent to that of any individual signature.
基金the National Natural Science Foundation of China (No. 10671051)the Natural Science Foundation of Zhejiang Province (No. Y6110782)the Key Laboratory Foundation of Hangzhou(No. 20100331T11)
文摘Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults), by gating the critical action on cooperation from t(t ∈Z+) of n(n ∈Z+) users. A (t, n) threshold scheme (t < n) is a method by which a trusted party computes secret shares Γi(1 i n) from an initial secret Γ0 and securely distributes Γi to user. Any t or more users who pool their shares may easily recover Γ0, but any group knowing only t-1 or fewer shares may not. By the ElGamal public key cryptophytes and the Schnorr's signature scheme, this paper proposes a new (t,n) threshold signature scheme with (k,m) (k,m ∈Z+) threshold verification based on the multivariate linear polynomial.
基金Supported by the National Natural Science Foundation of China (10701040)National Key Technology Research and Development Pro-gram of China (2006BAJ05A01)the Scientific Research Fund of Jiangxi Provincial Education Department, China (273)
文摘A group-oriented (t, n) threshold signature scheme employs the cryptographic techniques of secret share, allows any subset of t players out of n players to sign message on behalf of the group and disallows the creation of a valid signature if fewer than t players take part in the signature protocol. In this paper, we proposed a new group-oriented (t, n) threshold signature schemes with traceable signers based on Schnorr signature. The proposed scheme is proved traceable, robust and unforgeable against the "static" adversary with the discrete logarithm assumption in the random oracle model and existence of broadcast channel. The proofs of the strongest security (existential unforgeability against adaptively chosen message attacks under the discrete logarithm assumption) are provided in the random oracle model.
基金The National Natural Science Foundation of China (No60403027)
文摘The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.
文摘Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind signature from Weil pairing on super-singular elliptic curves or hyper-elliptic curves over finite field and prove that our scheme is provably secure in the random oracle model.
基金Supported by the National Natural Science Foun-dation of China (60473029)
文摘In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.
基金supported by the National Natural Science Foundation of China(Grants Nos.60225007 and 60572155)the National Research Fund for the Doctoral Program of Higher Education of China(Grant No.20020248024)the Science and Technology Research Project of Shanghai(Grant Nos.04JC14055 and 04DZ07067).
文摘Threshold digital signature and blind signature are playing important roles in cryptography as well as in practical applications such as e-cash and e-voting systems. Over the past few years, many cryptographic researchers have made considerable headway in this field. However, to our knowledge, most of existing threshold blind signature schemes are based on the discrete logarithm problem. In this paper, we propose a new robust threshold partial blind signature scheme based on improved RSA cryptosystem, This scheme is the first threshold partial blind signature scheme based on factoring, and the robustness of threshold partial blind signature is also introduced. Moreover, in practical application, the proposed scheme will be especially suitable for blind signature-based voting systems with multiple administrators and secure electronic cash systems to prevent their abuse.
基金Project supported by the National Natural Science Foundation of China(Grant No.60273049)
文摘A previous proactive RSA scheme for large-scale ad hoc network has been shown to be faulty. In this paper, we present a new proactive RSA scheme for ad hoc networks, which includes four protocols: the initial key distribution protocol, the share refreshing protocol, the share distribution protocol, and the signature generation protocol. This scheme has two advantages: the building blocks are secure, and the system is efficient.