We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems wit...We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.展开更多
Ring signature and proxy signature are of vital importance to secure electronic commerce. Recently, the bilinear pairing such as Well pairing or Tate pairing on elliptic curves and hyperelliptic curves is playing an i...Ring signature and proxy signature are of vital importance to secure electronic commerce. Recently, the bilinear pairing such as Well pairing or Tate pairing on elliptic curves and hyperelliptic curves is playing an important role in security solutions. Several ID-based signature schemes have been put forward, many of which are based on bilinear pairings. In key management and moderate security demand scenarios, ID-based public key cryptosystem is more preferable than other public key infrastructure based systems. In this paper, an improved ID-based proxy ring signature scheme from bilinear pairings is proposed which combines the advantages of proxy signature and of ring signatures. Our scheme can guarantee the profits of the proxy signer via preventing the original signer form generating the proxy ring signature. Furthermore, bilinear pairings are introduced to minimize the computation overhead and to improve the related performance of our scheme. In contrast with Zhang's scheme, our scheme is a computational efficiency improvement for signature verification because the computational cost of bilinear pairings required is reduced from O(n) to O( 1 ). In addition, the proxy ring signature presented in this paper can perfectly satisfy all the security requirements of proxy ring signature, i. e. signer-ambiguity, non-forgeability, verification, non-deniability and distinguishability.展开更多
To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signatu...To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signature scheme in this paper. Our construction is inspired by some efficient ID-based ring signature schemes, and uses bilinear pairings as a basic tool. Using a reasonable security model, the unforgeability of the proposed scheme is proven based on the intractability of the computational Diffie-Hellman (CDH) problem. The signature length of the new scheme is only |G2|+n|G1| (|Gi| is the bit length of an element in group Gi, i =1, 2). Compared with other existing certificateless ring signature schemes, the newly proposed scheme has a shorter signature length and is more efficient and practical.展开更多
Recently, proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. Although many proxy ring signature schemes have been pro-posed, there a...Recently, proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. Although many proxy ring signature schemes have been pro-posed, there are only two identity-based proxy ring signature schemes have been proposed until now, i. e., Cheng's scheme and Lang's scheme. It's unlucky that the two identity-based proxy ring signature schemes are unfeasible. This paper points out the reasons why the two identity-based proxy ring signature schemes are unfeasible. In order to design feasible and efficient identity-based proxy ring signature schemes from bilinear pairings, we have to search for other methods.展开更多
A fair electronic cash system is a system that allows customers to make payments anonymously. Furthermore the trusted third party can revoke the anonymity when the customers did illegal transactions. In this paper, a ...A fair electronic cash system is a system that allows customers to make payments anonymously. Furthermore the trusted third party can revoke the anonymity when the customers did illegal transactions. In this paper, a new fair electronic cash system based on group signature scheme by using elliptic curve cryptography is proposed, which satisfies properties of secure group signature scheme (correctness, unforgeability, etc). Moreover, our electronic cash contains group members (users, merchants and banks) and trusted third party which is acted by central bank as group manager.展开更多
Bitcoin has gained its popularity for almost 10 years as a "secure and anonymous digital currency". However, according to several recent researches, we know that it can only provide pseudonymity rather than real ano...Bitcoin has gained its popularity for almost 10 years as a "secure and anonymous digital currency". However, according to several recent researches, we know that it can only provide pseudonymity rather than real anonymity, and privacy has been one of the main concerns in the system similar to Bitcoin. Ring signature is a good method for those users who need better anonymity in cryptocurrency. It was first proposed by Rivest et al. based upon the discrete logarithm problem (DLP) assumption in 2006, which allows a user to sign a message anonymously on behalf of a group of users even without their coordination. The size of ring signature is one of the dominating parameters, and constant-size ring signature (where signature size is independent of the ring size) is much desirable. Otherwise, when the ring size is large, the resultant ring signature becomes unbearable for power limited devices or leads to heavy burden over the communication network. Though being extensively studied, currently there are only two approaches for constant-size ring signature. Achieving practical constant-size ring signature is a long-standing open problem since its introduction. In this work, we solve this open question. We present a new constant-size ring signature scheme based on bilinear pairing and accumulator, which is provably secure under the random oracle (RO) model. To the best of our knowledge, it stands for the most practical ring signature up to now.展开更多
基金Supported by National Natural Science Foundation of China (No.60503006 and No.60403007) and Natural Science Foundation of Guangdong, China (No. 04205407).
文摘We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.
基金Sponsored by the National Natural Science Foundation of China(Grant No.90104033).
文摘Ring signature and proxy signature are of vital importance to secure electronic commerce. Recently, the bilinear pairing such as Well pairing or Tate pairing on elliptic curves and hyperelliptic curves is playing an important role in security solutions. Several ID-based signature schemes have been put forward, many of which are based on bilinear pairings. In key management and moderate security demand scenarios, ID-based public key cryptosystem is more preferable than other public key infrastructure based systems. In this paper, an improved ID-based proxy ring signature scheme from bilinear pairings is proposed which combines the advantages of proxy signature and of ring signatures. Our scheme can guarantee the profits of the proxy signer via preventing the original signer form generating the proxy ring signature. Furthermore, bilinear pairings are introduced to minimize the computation overhead and to improve the related performance of our scheme. In contrast with Zhang's scheme, our scheme is a computational efficiency improvement for signature verification because the computational cost of bilinear pairings required is reduced from O(n) to O( 1 ). In addition, the proxy ring signature presented in this paper can perfectly satisfy all the security requirements of proxy ring signature, i. e. signer-ambiguity, non-forgeability, verification, non-deniability and distinguishability.
基金the National Natural Science Foundation of China (60673070)the Natural Science Foundation of Jiangsu Province (BK2006217)
文摘To overcome the drawbacks such as high computational cost, unreasonable security model and long signature length in existing certificateless ring signature schemes, we propose an efficient certificateless ring signature scheme in this paper. Our construction is inspired by some efficient ID-based ring signature schemes, and uses bilinear pairings as a basic tool. Using a reasonable security model, the unforgeability of the proposed scheme is proven based on the intractability of the computational Diffie-Hellman (CDH) problem. The signature length of the new scheme is only |G2|+n|G1| (|Gi| is the bit length of an element in group Gi, i =1, 2). Compared with other existing certificateless ring signature schemes, the newly proposed scheme has a shorter signature length and is more efficient and practical.
基金Supported by the National Natural Science Foundation of China (No.60432040).
文摘Recently, proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. Although many proxy ring signature schemes have been pro-posed, there are only two identity-based proxy ring signature schemes have been proposed until now, i. e., Cheng's scheme and Lang's scheme. It's unlucky that the two identity-based proxy ring signature schemes are unfeasible. This paper points out the reasons why the two identity-based proxy ring signature schemes are unfeasible. In order to design feasible and efficient identity-based proxy ring signature schemes from bilinear pairings, we have to search for other methods.
文摘A fair electronic cash system is a system that allows customers to make payments anonymously. Furthermore the trusted third party can revoke the anonymity when the customers did illegal transactions. In this paper, a new fair electronic cash system based on group signature scheme by using elliptic curve cryptography is proposed, which satisfies properties of secure group signature scheme (correctness, unforgeability, etc). Moreover, our electronic cash contains group members (users, merchants and banks) and trusted third party which is acted by central bank as group manager.
基金This work is supported in part by the National Key Research and Development Program of China under Grant No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. 61472084 and U1536205, the Shanghai Innovation Action Project under Grant No. 16DZ1100200, the Shanghai Science and Technology Development Funds under Grant No. 6JC1400801, and the Shandong Provincial Key Research and Development Program of China under Grant No. 2017CXG0701.
文摘Bitcoin has gained its popularity for almost 10 years as a "secure and anonymous digital currency". However, according to several recent researches, we know that it can only provide pseudonymity rather than real anonymity, and privacy has been one of the main concerns in the system similar to Bitcoin. Ring signature is a good method for those users who need better anonymity in cryptocurrency. It was first proposed by Rivest et al. based upon the discrete logarithm problem (DLP) assumption in 2006, which allows a user to sign a message anonymously on behalf of a group of users even without their coordination. The size of ring signature is one of the dominating parameters, and constant-size ring signature (where signature size is independent of the ring size) is much desirable. Otherwise, when the ring size is large, the resultant ring signature becomes unbearable for power limited devices or leads to heavy burden over the communication network. Though being extensively studied, currently there are only two approaches for constant-size ring signature. Achieving practical constant-size ring signature is a long-standing open problem since its introduction. In this work, we solve this open question. We present a new constant-size ring signature scheme based on bilinear pairing and accumulator, which is provably secure under the random oracle (RO) model. To the best of our knowledge, it stands for the most practical ring signature up to now.
