In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In ...In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.展开更多
The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature (DVS) provide authentication of a mess...The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature (DVS) provide authentication of a message, we design a DVS scheme with message recovery mechanism and use it as a subliminal channel. In order to share a message among n users securely and allows t or more users can reconstruct the secret in dynamic groups, we combine both subliminal channel and (t, n) threshold cryptography. Then we proposed a threshold subliminal channel which can convey a subliminal message to a group of users based on message-recovery designated verifier signatures. Reconstructing the subliminal message relies on the cooperation of t or more users in the group and they can verify the validity of the subliminal message. Security and performance analysis show that the proposed scheme is secure and efficient.展开更多
Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unabl...Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unable to convince anyone else of this fact. The previous constructions of universal designated verifier signature rely on the underlying public key infrastructure, that needs both signers and verifiers to verify the authenticity of the public keys, and hence, the certificates are required. This article presents the first model and construction of the certificateless universal designated verifier signature scheme, in which the certificates are not needed. The proposed scheme satisfies all the requirements of the universal designated verifier signature in the certificateless system. Security proofs are provided for the scheme based on the random oracle model, assuming that the Bilinear diffie-hellman (BDH) problem is hard to solve.展开更多
Based on strong designated verifiers signatures,a new fair concurrent signature scheme is proposed. Compared with the previous concurrent signature schemes,even if a keystone must be chosen by the initial signer,the m...Based on strong designated verifiers signatures,a new fair concurrent signature scheme is proposed. Compared with the previous concurrent signature schemes,even if a keystone must be chosen by the initial signer,the matching signer will easily get the keystone through an extraction algorithm. Due to the property of strong designate verifying,the initial signer couldn't make use of the keystone prepared carefully to deceive the matching signer. Then the matching signer is able to participate actively the signature scheme. Besides,there aren't bilinear operations in the keystone algorithm to deliver the keystone efficiently. Therefore the efficiency of our signature scheme is also improved.展开更多
In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then the first UDMVS scheme is presented in the standard model (i.e. without random oracles) ba...In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then the first UDMVS scheme is presented in the standard model (i.e. without random oracles) based on Waters' signature scheme. In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed scheme is based on the Gap Bilinear Difffie-Hellman assumption.展开更多
In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by h...In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.展开更多
A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyr...A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.展开更多
∑-protocol has been proved to be a very powerful cryptographic tool and widely used in nnmerous important cryptographic applications. In this paper, the authors make use of ∑-protocol as a main tool to resolve the f...∑-protocol has been proved to be a very powerful cryptographic tool and widely used in nnmerous important cryptographic applications. In this paper, the authors make use of ∑-protocol as a main tool to resolve the following difficult problems 1-3 and to construct three ettlcient cryptographic protocols 4 6:1) How to construct a protocol for proving a secret integer to be a Blum integer with form PQ, where P, Q are two different primes and both -- 3(mod 4);2) How to construct a protocol for proving a secret polynomial with exact degree t - 1 iil a (t, n)- threshold secret sharing scheme:3) How to construct witness indistinguishable and witness hiding protocol not from zero-knowledge proof;4) A publicly verifiable secret sharing scheme with information-theoretic security;5) A delegateable signature scheme under the existence of one-way permutations;6) Non-interactive universal designated verifier signature schemes.展开更多
基金Supported by the National Natural Science Foun-dation of Chinafor Distinguished Young Scholars(60225007) the Na-tional Research Fundfor the Doctoral Programof Higher Education ofChina(20020248024) the Science and Technology Research Pro-ject of Shanghai (04DZ07067)
文摘In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature (DVS) provide authentication of a message, we design a DVS scheme with message recovery mechanism and use it as a subliminal channel. In order to share a message among n users securely and allows t or more users can reconstruct the secret in dynamic groups, we combine both subliminal channel and (t, n) threshold cryptography. Then we proposed a threshold subliminal channel which can convey a subliminal message to a group of users based on message-recovery designated verifier signatures. Reconstructing the subliminal message relies on the cooperation of t or more users in the group and they can verify the validity of the subliminal message. Security and performance analysis show that the proposed scheme is secure and efficient.
基金This work is supported by the National Natural Science Foundation of China (60473027).
文摘Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unable to convince anyone else of this fact. The previous constructions of universal designated verifier signature rely on the underlying public key infrastructure, that needs both signers and verifiers to verify the authenticity of the public keys, and hence, the certificates are required. This article presents the first model and construction of the certificateless universal designated verifier signature scheme, in which the certificates are not needed. The proposed scheme satisfies all the requirements of the universal designated verifier signature in the certificateless system. Security proofs are provided for the scheme based on the random oracle model, assuming that the Bilinear diffie-hellman (BDH) problem is hard to solve.
基金supported by the National Natural Science Foundation of China (10647133)the Natural Science Foundation of Jiangxi Province (2007GQS1906, 2009GQS0080)+1 种基金the Research Foundation of the Education Department of Jiangxi Province ([2007]22, GJJ10070)the Scientific Research Start-up Foundation for the Recruitment Talent of Nanchang University of China
文摘Based on strong designated verifiers signatures,a new fair concurrent signature scheme is proposed. Compared with the previous concurrent signature schemes,even if a keystone must be chosen by the initial signer,the matching signer will easily get the keystone through an extraction algorithm. Due to the property of strong designate verifying,the initial signer couldn't make use of the keystone prepared carefully to deceive the matching signer. Then the matching signer is able to participate actively the signature scheme. Besides,there aren't bilinear operations in the keystone algorithm to deliver the keystone efficiently. Therefore the efficiency of our signature scheme is also improved.
基金Supported by the National Natural Science Foundation of China (60772136)
文摘In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then the first UDMVS scheme is presented in the standard model (i.e. without random oracles) based on Waters' signature scheme. In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed scheme is based on the Gap Bilinear Difffie-Hellman assumption.
基金The work was supported by the National Key Technologies R&D Programs of China(2018YFB1402702 and 2017YFB0802500)the“13th”Five-Year National Cryptographic Development Foundation(MMJJ20180208)+1 种基金NSFC-Genertec Joint Fund For Basic Research(U1636104)the National Natural Science Foundation of China(Grant Nos.61572132,61972032 and U1705264).
文摘In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61003244, 61100224), Doctoral Fund of Ministry of Education of China (20120171110027).Fundamental Research Funds for the Central Universities (1 11gpy71).
文摘A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.
基金supported by the Foundation of tihe National Natural Science of China under Grant Nos 90604034 (Key Project), 10726012, 10871222, 10531040,and 10471156
文摘∑-protocol has been proved to be a very powerful cryptographic tool and widely used in nnmerous important cryptographic applications. In this paper, the authors make use of ∑-protocol as a main tool to resolve the following difficult problems 1-3 and to construct three ettlcient cryptographic protocols 4 6:1) How to construct a protocol for proving a secret integer to be a Blum integer with form PQ, where P, Q are two different primes and both -- 3(mod 4);2) How to construct a protocol for proving a secret polynomial with exact degree t - 1 iil a (t, n)- threshold secret sharing scheme:3) How to construct witness indistinguishable and witness hiding protocol not from zero-knowledge proof;4) A publicly verifiable secret sharing scheme with information-theoretic security;5) A delegateable signature scheme under the existence of one-way permutations;6) Non-interactive universal designated verifier signature schemes.