The mushroom growth of IoT has been accompanied by the generation of massive amounts of data.Subject to the limited storage and computing capabilities ofmost IoT devices,a growing number of institutions and organizati...The mushroom growth of IoT has been accompanied by the generation of massive amounts of data.Subject to the limited storage and computing capabilities ofmost IoT devices,a growing number of institutions and organizations outsource their data computing tasks to cloud servers to obtain efficient and accurate computation while avoiding the cost of local data computing.One of the most important challenges facing outsourcing computing is how to ensure the correctness of computation results.Linearly homomorphic proxy signature(LHPS)is a desirable solution to ensure the reliability of outsourcing computing in the case of authorized signing right.Blockchain has the characteristics of tamper-proof and traceability,and is a new technology to solve data security.However,as far as we know,constructions of LHPS have been few and far between.In addition,the existing LHPS scheme does not focus on homomorphic unforgeability and does not use blockchain technology.Herein,we improve the security model of the LHPS scheme,and the usual existential forgery and homomorphic existential forgery of two types of adversaries are considered.Under the new model,we present a blockchain-based LHPS scheme.The security analysis shows that under the adaptive chosen message attack,the unforgeability of the proposed scheme can be reduced to the CDH hard assumption,while achieving the usual and homomorphic existential unforgeability.Moreover,comparedwith the previous LHPS scheme,the performance analysis shows that our scheme has the same key size and comparable computational overhead,but has higher security.展开更多
The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data ...The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.展开更多
To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signatu...To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signature scheme in this paper. Our construction is inspired by some efficient ID-based ring signature schemes, and uses bilinear pairings as a basic tool. Using a reasonable security model, the unforgeability of the proposed scheme is proven based on the intractability of the computational Diffie-Hellman (CDH) problem. The signature length of the new scheme is only |G2|+n|G1| (|Gi| is the bit length of an element in group Gi, i =1, 2). Compared with other existing certificateless ring signature schemes, the newly proposed scheme has a shorter signature length and is more efficient and practical.展开更多
The Narrow Road to the Deep North,a novel composed by Richard Flanagan,a well-known Australian contemporary nov⁃elist,depicts a grand political picture of Australia,from the lens of individual’s psyche.The domination...The Narrow Road to the Deep North,a novel composed by Richard Flanagan,a well-known Australian contemporary nov⁃elist,depicts a grand political picture of Australia,from the lens of individual’s psyche.The domination of the official history en⁃courages forgetting as a way to deal with the painful history,the Burma camp in the novel,while the minorities,who rise up,fighting against the imposed official history by constructing the counter memory,are trapped in the identity confusion.Literature is used by both the perpetrators and the survivors as means to pursuing for reconciliation but both failed for the perpetrators use it as a way of forgetting which contributes to the prevailing unforgiveness in the novel,and further contributes the victims’failed reconciliation.展开更多
Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method,...Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method, they also give out a concrete instance. A TE-FSig scheme is constructed by the standard signature scheme, forward secures signature scheme and the aggregate signature scheme. It has an additional property of tamper evidence besides the property of forward secure, which can detect the time period when the key is exposed. In the standard model, the scheme constructed in the paper is proved to satisfy the prop- erties of forward secure, strong forward tamper-evidence secure, and strongly unforgeable under the chosen-message attack.展开更多
Current techniques for transforming unforgeable signature schemes (the forged message has never been signed) to strongly unforgeable ones (the forged message could have been signed) require supplementary component...Current techniques for transforming unforgeable signature schemes (the forged message has never been signed) to strongly unforgeable ones (the forged message could have been signed) require supplementary components to be added onto the original key pairs of the schemes. In addition, some of them can only be applied to a certain type of signature schemes. In this paper, we propose a new generic transformation technique which converts any unforgeable signature scheme into a strongly unforgeable one without modifying any component in the original key pair. This makes our technique especially compatible for practical use. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of current ones. Besides, it is shown in this paper that our transformation can further be applied to schemes satisfying only a weak variant of unforgeability without any further modification. Furthermore, our technique can also be used for constructing strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-line signature scheme, which possesses a very efficient signing process.展开更多
With the rapid development of electronic information technology,digital signature has become an indispensable part of our lives.Traditional public key certificate cryptosystems cannot overcome the limitations of certi...With the rapid development of electronic information technology,digital signature has become an indispensable part of our lives.Traditional public key certificate cryptosystems cannot overcome the limitations of certificate management.Identity-based cryptosystems can avoid the certificate management issues.The development of quantum computers has brought serious challenges to traditional cryptography.Post-quantum cryptography research is imperative.At present,almost all post-quantum identity-based signature(IBS)schemes are constructed using Gaussian sampling or trapdoor technologies.However,these two technologies have a great impact on computational efficiency.To overcome this problem,we construct an IBS scheme on lattices by employing Lyubashevsky’s signature scheme.Based on the shortest vector problem on lattices,our scheme does not use Gaussian sampling or trapdoor technologies.In the random oracle model,it is proved that our scheme is strongly unforgeable against adaptive chosen messages and identity attacks.The security level of our scheme is strongly unforgeable,which is a higher level than the existential unforgeability of other schemes.Compared with other efficient schemes,our scheme has advantages in computation complexity and security.展开更多
Because of its wide application in anonymous authentication and attribute-based messaging, the attribute-based signature scheme has attracted the public attention since it was proposed in 2008. However, most of the ex...Because of its wide application in anonymous authentication and attribute-based messaging, the attribute-based signature scheme has attracted the public attention since it was proposed in 2008. However, most of the existing attribute-based signature schemes are no longer secure in quantum era. Fortunately, lattice-based cryptography offers the hope of withstanding quantum computers. And lattices has elevated it to the status of a promising potential alternative to cryptography based on discrete log and factoring, owing to implementation simplicity, provable security reductions and quantum-immune. In this paper, the first lattice attribute-based signature scheme in random oracle model is proposed, which is proved existential unforgeability and perfect privacy. Compared with the current attribute-based signature schemes, our new attribute-based signature scheme can resist quantum attacks and has much shorter public-key size and signature size. Furthermore, this scheme is extended into an attribute-based signature scheme on number theory research unit(NTRU) lattice, which is also secure even in quantum era and has much higher efficiency than the former.展开更多
In this paper a new signature scheme,called Policy-Endorsing Attribute-Based Signature,is developed to correspond with the existing Ciphertext-Policy Attribute-Based Encryption.This signature provides a policy-and-end...In this paper a new signature scheme,called Policy-Endorsing Attribute-Based Signature,is developed to correspond with the existing Ciphertext-Policy Attribute-Based Encryption.This signature provides a policy-and-endorsement mechanism.In this mechanism a single user,whose attributes satisfy the predicate,endorses the message.This signature allows the signer to announce his endorsement using an access policy without having to reveal the identity of the signer.The security of this signature,selfless anonymity and existential unforgeability,is based on the Strong Diffie-Hellman assumption and the Decision Linear assumption in bilinear map groups.展开更多
Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system Very recently, Wang, Tang and Li proposed a neW ID-based restrictive partially blind signature (ID-RPB...Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system Very recently, Wang, Tang and Li proposed a neW ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of unforgeability as claimed. More precisely, a user can forge a valid message-signature pair (ID, msg, info', σ') instead of the original one (ID, msg, info, σ), where info is the original common agreed information and info'≠info. Therefore, it will be much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of $100 to a user, while the user can change the denomination of the coin (bill) to any value, say $100 000 000, at his will.展开更多
In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by h...In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.展开更多
Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffie-Hellma...Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffie-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et alfs scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.'s proof.展开更多
Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptogra...Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptography attracts much attention recently. Several efficient lattice-based ring signatures have been naturally constructed from lattice basis delegation, but all of them have large verification key sizes. Our observation finds that a new concept called the split- small integer solution (SIS) problem introduced by Nguyen et al. at PKC'I 5 is excellent in reducing the public key sizes of lattice-based ring signature schemes from basis delegation. In this research, we first define an extended concept called the extended split-SIS problem, and then prove that the hardness of the extended problem is as hard as the approximating shortest independent vectors problem (SIVP) problem within certain polynomial factor. Moreover, we present an improved ring signature and prove that it is anonymous and unforgeable against the insider corruption. Finally, we give two other improved existing ring signature schemes from lattices. In the end, we show the comparison with the original scheme in terms of the verification key sizes. Our research data illustrate that the public key sizes of the proposed schemes are reduced significantly.展开更多
Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.Th...Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.This property is necessary when the user’s privacy needs protection,such as a bank bill,a trade secret,etc.As an alternative of public key infrastructure,the identity-based system can simplify the key management procedures in certificate-based public key systems.Inspired by the requirement of identity-based blind signature in the post quantum world,we research on identity-based blind signature based on hard lattice problems under the random Oracle model.We propose a construction built upon the blind signature by Rückert,and it is proved to be one-more unforgeable against selective identity and chosen message attacks(s ID-CMA)and unconditionally blind.The proposed scheme has 2 moves,and its security can be reduced to the small integer solution(SIS)problem.展开更多
基金funded by the Special Innovation Project forGeneral Colleges and Universities in Guangdong Province (Grant No.2020KTSCX126).
文摘The mushroom growth of IoT has been accompanied by the generation of massive amounts of data.Subject to the limited storage and computing capabilities ofmost IoT devices,a growing number of institutions and organizations outsource their data computing tasks to cloud servers to obtain efficient and accurate computation while avoiding the cost of local data computing.One of the most important challenges facing outsourcing computing is how to ensure the correctness of computation results.Linearly homomorphic proxy signature(LHPS)is a desirable solution to ensure the reliability of outsourcing computing in the case of authorized signing right.Blockchain has the characteristics of tamper-proof and traceability,and is a new technology to solve data security.However,as far as we know,constructions of LHPS have been few and far between.In addition,the existing LHPS scheme does not focus on homomorphic unforgeability and does not use blockchain technology.Herein,we improve the security model of the LHPS scheme,and the usual existential forgery and homomorphic existential forgery of two types of adversaries are considered.Under the new model,we present a blockchain-based LHPS scheme.The security analysis shows that under the adaptive chosen message attack,the unforgeability of the proposed scheme can be reduced to the CDH hard assumption,while achieving the usual and homomorphic existential unforgeability.Moreover,comparedwith the previous LHPS scheme,the performance analysis shows that our scheme has the same key size and comparable computational overhead,but has higher security.
基金supported by National Key Research and Development Program of China (2020YFB1005404)National Natural Science Foundation of China (62172010)Henan Province Higher Education Key Research Project (22A520048)。
文摘The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.
基金the National Natural Science Foundation of China (60673070)the Natural Science Foundation of Jiangsu Province (BK2006217)
文摘To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signature scheme in this paper. Our construction is inspired by some efficient ID-based ring signature schemes, and uses bilinear pairings as a basic tool. Using a reasonable security model, the unforgeability of the proposed scheme is proven based on the intractability of the computational Diffie-Hellman (CDH) problem. The signature length of the new scheme is only |G2|+n|G1| (|Gi| is the bit length of an element in group Gi, i =1, 2). Compared with other existing certificateless ring signature schemes, the newly proposed scheme has a shorter signature length and is more efficient and practical.
文摘The Narrow Road to the Deep North,a novel composed by Richard Flanagan,a well-known Australian contemporary nov⁃elist,depicts a grand political picture of Australia,from the lens of individual’s psyche.The domination of the official history en⁃courages forgetting as a way to deal with the painful history,the Burma camp in the novel,while the minorities,who rise up,fighting against the imposed official history by constructing the counter memory,are trapped in the identity confusion.Literature is used by both the perpetrators and the survivors as means to pursuing for reconciliation but both failed for the perpetrators use it as a way of forgetting which contributes to the prevailing unforgiveness in the novel,and further contributes the victims’failed reconciliation.
基金the Natural Science Foundation of Shandong Province (Y2007G37)
文摘Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method, they also give out a concrete instance. A TE-FSig scheme is constructed by the standard signature scheme, forward secures signature scheme and the aggregate signature scheme. It has an additional property of tamper evidence besides the property of forward secure, which can detect the time period when the key is exposed. In the standard model, the scheme constructed in the paper is proved to satisfy the prop- erties of forward secure, strong forward tamper-evidence secure, and strongly unforgeable under the chosen-message attack.
基金The first two authors are supported by a grant from City University of Hong Kong(Grant No.7001844)The third author is supported by 2nd stage of Brain Korea 21 Project sponsored by the Ministry of Education and Human Resources Development, KoreaThe fourth author is supported by National Natural Science Foundation of China(Grant No.60573054).
文摘Current techniques for transforming unforgeable signature schemes (the forged message has never been signed) to strongly unforgeable ones (the forged message could have been signed) require supplementary components to be added onto the original key pairs of the schemes. In addition, some of them can only be applied to a certain type of signature schemes. In this paper, we propose a new generic transformation technique which converts any unforgeable signature scheme into a strongly unforgeable one without modifying any component in the original key pair. This makes our technique especially compatible for practical use. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of current ones. Besides, it is shown in this paper that our transformation can further be applied to schemes satisfying only a weak variant of unforgeability without any further modification. Furthermore, our technique can also be used for constructing strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-line signature scheme, which possesses a very efficient signing process.
基金Project supported by the National Natural Science Foundation of China(Nos.61672412 and 61972457)the National Cryptography Development Fund of China(No.MMJJ20170104)the Young and Middle-Aged Teacher Education Research Project of Fujian Province,China(Nos.JT180308 and JAT190372)。
文摘With the rapid development of electronic information technology,digital signature has become an indispensable part of our lives.Traditional public key certificate cryptosystems cannot overcome the limitations of certificate management.Identity-based cryptosystems can avoid the certificate management issues.The development of quantum computers has brought serious challenges to traditional cryptography.Post-quantum cryptography research is imperative.At present,almost all post-quantum identity-based signature(IBS)schemes are constructed using Gaussian sampling or trapdoor technologies.However,these two technologies have a great impact on computational efficiency.To overcome this problem,we construct an IBS scheme on lattices by employing Lyubashevsky’s signature scheme.Based on the shortest vector problem on lattices,our scheme does not use Gaussian sampling or trapdoor technologies.In the random oracle model,it is proved that our scheme is strongly unforgeable against adaptive chosen messages and identity attacks.The security level of our scheme is strongly unforgeable,which is a higher level than the existential unforgeability of other schemes.Compared with other efficient schemes,our scheme has advantages in computation complexity and security.
基金supported by the National Natural Science Foundation of China(61303217,61303217,61472309,61502372 and 61572390)the 111 Project(B08038)+1 种基金the Fundamental Research Funds for the Central Universities(JB140115)the Natural Science Foundation of Shaanxi Province(2013JQ8002,2014JQ8313)
文摘Because of its wide application in anonymous authentication and attribute-based messaging, the attribute-based signature scheme has attracted the public attention since it was proposed in 2008. However, most of the existing attribute-based signature schemes are no longer secure in quantum era. Fortunately, lattice-based cryptography offers the hope of withstanding quantum computers. And lattices has elevated it to the status of a promising potential alternative to cryptography based on discrete log and factoring, owing to implementation simplicity, provable security reductions and quantum-immune. In this paper, the first lattice attribute-based signature scheme in random oracle model is proposed, which is proved existential unforgeability and perfect privacy. Compared with the current attribute-based signature schemes, our new attribute-based signature scheme can resist quantum attacks and has much shorter public-key size and signature size. Furthermore, this scheme is extended into an attribute-based signature scheme on number theory research unit(NTRU) lattice, which is also secure even in quantum era and has much higher efficiency than the former.
基金supported by the National Nature Science Foundation of China under Grant No.10990011the National Science Foundation of US under Grant No.CCF-0725340+1 种基金the National Development and Reform Commission under the project of "A Monitoring Platform for Web Safe Browsing"China Next Generation Internet CNGI Project under Grant No.CNGI-09-01-12
文摘In this paper a new signature scheme,called Policy-Endorsing Attribute-Based Signature,is developed to correspond with the existing Ciphertext-Policy Attribute-Based Encryption.This signature provides a policy-and-endorsement mechanism.In this mechanism a single user,whose attributes satisfy the predicate,endorses the message.This signature allows the signer to announce his endorsement using an access policy without having to reveal the identity of the signer.The security of this signature,selfless anonymity and existential unforgeability,is based on the Strong Diffie-Hellman assumption and the Decision Linear assumption in bilinear map groups.
基金This work is supported by the National Natural Science Foundation of China under Grant Nos.60673077, 60503006, 60773202,and 60633030the National Natural Science Foundation of China-Korea Science and Engineering Foundation Joint Research Project(Grant No.60611140543)the National Grand Fundamental Research 973 Program of China(Grant No.2006CB303104).
文摘Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system Very recently, Wang, Tang and Li proposed a neW ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of unforgeability as claimed. More precisely, a user can forge a valid message-signature pair (ID, msg, info', σ') instead of the original one (ID, msg, info, σ), where info is the original common agreed information and info'≠info. Therefore, it will be much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of $100 to a user, while the user can change the denomination of the coin (bill) to any value, say $100 000 000, at his will.
基金The work was supported by the National Key Technologies R&D Programs of China(2018YFB1402702 and 2017YFB0802500)the“13th”Five-Year National Cryptographic Development Foundation(MMJJ20180208)+1 种基金NSFC-Genertec Joint Fund For Basic Research(U1636104)the National Natural Science Foundation of China(Grant Nos.61572132,61972032 and U1705264).
文摘In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.
基金partially supported by the National High Technology Research and Development 863 Program of China underGrant No.2011AA010803the National Natural Science Foundation of China under Grant Nos.61100225, 61202450+1 种基金the funding of Science and Technology on Information Assurance Laboratory (KJ-13-02)the Key Scientific and Technological Project of Henan Province of China under Grant No. 122102210126
文摘Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffie-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et alfs scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.'s proof.
基金supported by the National Natural Science Foundations of China (61472309, 61572390, 61303198, 61402353)the 111 Project (B08038)+1 种基金National Natural Science Foundations of Ningbo (201601HJ-B01382)Research Program of Anhui Education Committee (KJ2016A626, KJ2016A627)
文摘Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptography attracts much attention recently. Several efficient lattice-based ring signatures have been naturally constructed from lattice basis delegation, but all of them have large verification key sizes. Our observation finds that a new concept called the split- small integer solution (SIS) problem introduced by Nguyen et al. at PKC'I 5 is excellent in reducing the public key sizes of lattice-based ring signature schemes from basis delegation. In this research, we first define an extended concept called the extended split-SIS problem, and then prove that the hardness of the extended problem is as hard as the approximating shortest independent vectors problem (SIVP) problem within certain polynomial factor. Moreover, we present an improved ring signature and prove that it is anonymous and unforgeable against the insider corruption. Finally, we give two other improved existing ring signature schemes from lattices. In the end, we show the comparison with the original scheme in terms of the verification key sizes. Our research data illustrate that the public key sizes of the proposed schemes are reduced significantly.
基金Supported by the National Natural Science Foundation of China(61472309,61572390,61672412,61402353)
文摘Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.This property is necessary when the user’s privacy needs protection,such as a bank bill,a trade secret,etc.As an alternative of public key infrastructure,the identity-based system can simplify the key management procedures in certificate-based public key systems.Inspired by the requirement of identity-based blind signature in the post quantum world,we research on identity-based blind signature based on hard lattice problems under the random Oracle model.We propose a construction built upon the blind signature by Rückert,and it is proved to be one-more unforgeable against selective identity and chosen message attacks(s ID-CMA)and unconditionally blind.The proposed scheme has 2 moves,and its security can be reduced to the small integer solution(SIS)problem.
