We ayptanalyze Kim et. al's one-time proxy signature scheme used in mobileagents, and then a successful forgery is introduced It is showed that a dishonest customer cansuccessfully forge a valid one-time proxy sig...We ayptanalyze Kim et. al's one-time proxy signature scheme used in mobileagents, and then a successful forgery is introduced It is showed that a dishonest customer cansuccessfully forge a valid one-time proxy signature by impersonating the stiver Furthermore, he canrequest the server with responsibility for the forged bidding information.展开更多
The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme...The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.展开更多
The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signi...The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.展开更多
Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir sec...Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.展开更多
In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer's ability and the po...In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer's ability and the power of the proxy signer, and ensure the property of publicly verifiable secret sharing schemes. A new concept "verifiable time period" is also introduced to reduce the time cost in the period of verifications and increases the efficiency of our scheme.展开更多
In this paper, a new restrictive blind signature scheme is proposed. Compared with Brands restrictive blind signature scheme, our scheme is even more restrictive and efficient. And our scheme is proved secure, too. ...In this paper, a new restrictive blind signature scheme is proposed. Compared with Brands restrictive blind signature scheme, our scheme is even more restrictive and efficient. And our scheme is proved secure, too. A new withdrawal protocol of electronic cash system is designed by using our restrictive blind signature scheme, which is more efficient than the withdrawal protocol and is more appropriate for adopting pre processing and post processing.展开更多
Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, t...Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature, based on the variants of E1Gamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.展开更多
An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, b...An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman (CDH) problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt's identity based signature (IBS) scheme is secure, which is proven true based on the CDH assumption in the standard model.展开更多
1 Introduction Identity privacy concerns hinder data sharing by casting doubt on the safeguarding of personal information,eroding trust,and impeding the willingness of individuals and organizations to exchange their d...1 Introduction Identity privacy concerns hinder data sharing by casting doubt on the safeguarding of personal information,eroding trust,and impeding the willingness of individuals and organizations to exchange their data[1,2].The traceable ring signatures(TRSs)addresses the contradiction between identity privacy and regulation[3],no scheme has been developed thus far that is based on SM2,the Chinese cryptographic public key algorithm standard,without relying on centralized trust.展开更多
The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first prese...The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player. However, he cannot forge the players to generate partial blind signatures (Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks). Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient.展开更多
Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for ...Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.展开更多
Lack of efficiency in the initial key generation process is a serious shortcoming of Merkle tree signature scheme with a large number of possible signatures. Based on two kinds of Merkle trees, a new tree type signatu...Lack of efficiency in the initial key generation process is a serious shortcoming of Merkle tree signature scheme with a large number of possible signatures. Based on two kinds of Merkle trees, a new tree type signature scheme is constructed, and it is provably existentially unforgeable under adaptive chosen message attack. By decentralizing the initial key generation process of the original scheme within the signature process, a large Merkle tree with 6.87×10^10 possible signatures can be initialized in 590 milliseconds. Storing some small Merkle trees in hard disk and memory can speed up Merkle tree signature scheme. Mekle tree signature schemes are fit for trusted computing platform in most scenarios.展开更多
Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind...Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind signature from Weil pairing on super-singular elliptic curves or hyper-elliptic curves over finite field and prove that our scheme is provably secure in the random oracle model.展开更多
Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (M...Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (MANETs) very much. Jumin Song, et al. presented an ID-based aggregate signature, applied it to MANETs and proposed a secure routing scheme. In this work, we analyze Jumin Song, et al.’s aggregate signature scheme and find some limitations on its batch verification. In addition, in this work, we apply Craig Gentry, et al.’s ID-based aggregate signature to on-demand routing pro-tocol to present a secure routing scheme. Our scheme not only provides sound authentication and a secure routing protocol in ad hoc networks, but also meets the nature of MANETs.展开更多
Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The g...Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a "single message and signature response" interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.展开更多
E-cash is a type of very important electronic payment systems. The complete anonymity of E-cash can be used for criminal activities, so E-cash should be anonymity controlled.Moreover, Elliptic Curve Cryptography(ECC) ...E-cash is a type of very important electronic payment systems. The complete anonymity of E-cash can be used for criminal activities, so E-cash should be anonymity controlled.Moreover, Elliptic Curve Cryptography(ECC) has been regard as the mainstream of current public cryptography . In this paper, a new anonymity controlled E-cash scheme based on ECC for the first time and using a new technology-one-time key pairs digital signature is designed, and its security and efficiency are analyzed. In our scheme, the coin tracing and owner tracing can be implemented.展开更多
文摘We ayptanalyze Kim et. al's one-time proxy signature scheme used in mobileagents, and then a successful forgery is introduced It is showed that a dishonest customer cansuccessfully forge a valid one-time proxy signature by impersonating the stiver Furthermore, he canrequest the server with responsibility for the forged bidding information.
文摘The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.
基金The National Natural Science Foundation of China (No60403027)
文摘The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.
文摘Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.
基金Supported by the National Natural Science Foundation of China (90104035)
文摘In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer's ability and the power of the proxy signer, and ensure the property of publicly verifiable secret sharing schemes. A new concept "verifiable time period" is also introduced to reduce the time cost in the period of verifications and increases the efficiency of our scheme.
文摘In this paper, a new restrictive blind signature scheme is proposed. Compared with Brands restrictive blind signature scheme, our scheme is even more restrictive and efficient. And our scheme is proved secure, too. A new withdrawal protocol of electronic cash system is designed by using our restrictive blind signature scheme, which is more efficient than the withdrawal protocol and is more appropriate for adopting pre processing and post processing.
基金This work was supported by the National Natural Science Foundation of China for Grant 60673127, the National High Technology Research and Development Program of China (863 Program) for Grant 2007AA01Z404, the Science & Technology Pillar Program of Jiangsu Province for Grant BE2008135, the Electronic Development Foundation of the Ministry of Information Industry, Funding of Jiangsu Innovation Program for Graduate Education for Grant CX10B112Z, Funding for Outstanding Doctoral Dissertation in NUAA for Grant BCXJ10-07, Research Funding of Nanjing University of Aeronautics and Astronautics for Grant NS2010101 and Jiangsu Province Postdoctoral Science Foundation. We wish to thank the above support, under which the present work is possible.
文摘Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature, based on the variants of E1Gamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.
基金The National Hi-Tech Research and Development Program (863) of China (No. 2005AA145110)The Pudong New Area Technology Innovation Public Service Platform of China (No. PDP2005-04)
文摘An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman (CDH) problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt's identity based signature (IBS) scheme is secure, which is proven true based on the CDH assumption in the standard model.
基金supported in part by the National Key R&D Program of China (No.2021YFB2700600)the Finance Science and Technology Project of Hainan Province (No.ZDKJ2020009)+5 种基金the Hainan Province Science and Technology Special Fund (No.GHYF2022010)the National Natural Science Foundation of China (Grant Nos.62163011,62072092,62072093 and U1708262)the Fundamental Research Funds for the Central Universities (No.N2023020)the Natural Science Foundation of Hebei Province (No.F2020501013)the China Postdoctoral Science Foundation (No.2019M653568)the Key Research and Development Project of Hebei Province (No.20310702D).
文摘1 Introduction Identity privacy concerns hinder data sharing by casting doubt on the safeguarding of personal information,eroding trust,and impeding the willingness of individuals and organizations to exchange their data[1,2].The traceable ring signatures(TRSs)addresses the contradiction between identity privacy and regulation[3],no scheme has been developed thus far that is based on SM2,the Chinese cryptographic public key algorithm standard,without relying on centralized trust.
基金Supported by the National 973 Project of China(No.G1999035803)the National Natural Science Foundation of China (No.60373104)the National 863 Project of China (No.2002AA143021)
文摘The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player. However, he cannot forge the players to generate partial blind signatures (Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks). Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient.
基金supported by the National High-Tech Research and Development Plan of China under Grant Nos.863-317-01- 04-99, 2009AA01Z122 (863)the Natural Science Foundation of Shenyang City of China under Grant No. F10-205-1-12
文摘Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘Lack of efficiency in the initial key generation process is a serious shortcoming of Merkle tree signature scheme with a large number of possible signatures. Based on two kinds of Merkle trees, a new tree type signature scheme is constructed, and it is provably existentially unforgeable under adaptive chosen message attack. By decentralizing the initial key generation process of the original scheme within the signature process, a large Merkle tree with 6.87×10^10 possible signatures can be initialized in 590 milliseconds. Storing some small Merkle trees in hard disk and memory can speed up Merkle tree signature scheme. Mekle tree signature schemes are fit for trusted computing platform in most scenarios.
文摘Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind signature from Weil pairing on super-singular elliptic curves or hyper-elliptic curves over finite field and prove that our scheme is provably secure in the random oracle model.
文摘Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (MANETs) very much. Jumin Song, et al. presented an ID-based aggregate signature, applied it to MANETs and proposed a secure routing scheme. In this work, we analyze Jumin Song, et al.’s aggregate signature scheme and find some limitations on its batch verification. In addition, in this work, we apply Craig Gentry, et al.’s ID-based aggregate signature to on-demand routing pro-tocol to present a secure routing scheme. Our scheme not only provides sound authentication and a secure routing protocol in ad hoc networks, but also meets the nature of MANETs.
基金This paper is supported by the National Natural Science Foundation of China under Grant No. 61072140, 61373171 the Program of Introducing Talents of Discipline to Universities NO. B08038 the Specialized Research Fund for the Doctoral Program of Higher Education No. 20100203110003.
文摘Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a "single message and signature response" interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.
基金Supported by the National Natural Science Foundation of China(No.60073052)
文摘E-cash is a type of very important electronic payment systems. The complete anonymity of E-cash can be used for criminal activities, so E-cash should be anonymity controlled.Moreover, Elliptic Curve Cryptography(ECC) has been regard as the mainstream of current public cryptography . In this paper, a new anonymity controlled E-cash scheme based on ECC for the first time and using a new technology-one-time key pairs digital signature is designed, and its security and efficiency are analyzed. In our scheme, the coin tracing and owner tracing can be implemented.