The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signi...The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.展开更多
In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effo...In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effort for signing, verifying and opening are very small and independent of the number of group members and deleted group members. So it is efficient.展开更多
A multi-proxy quantum group signature scheme with threshold shared verification is proposed. An original signer may authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy...A multi-proxy quantum group signature scheme with threshold shared verification is proposed. An original signer may authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy group can generate the proxy signature on behalf of the original signer. In the scheme, any t or more of n receivers can verify the message and any t - 1 or fewer receivers cannot verify the validity of the proxy signature.展开更多
The concept of generalized group signature scheme will be present. Based on the generalized secret sharing scheme proposed by Lin and Harn, a non interactive approach is designed for realizing such generalized group ...The concept of generalized group signature scheme will be present. Based on the generalized secret sharing scheme proposed by Lin and Harn, a non interactive approach is designed for realizing such generalized group signature scheme. Using the new scheme, the authorized subsets of the group in which the group member can cooperate to produce the valid signature for any message can be randomly specified.展开更多
How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divi...How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.展开更多
Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Insp...Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.展开更多
This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can ...This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can impersonate the double-spender to withdraw from the double-spender’s account. This article utilizes anonymity control and group signature to address this shortcoming. Key words electronic cash - anonymity control - group signature CLC number TP 309 Foundation item: Supported by the National Natural Science Fundation of China (90204015)Biography: SU Yun-xue (1975-), male, Ph. D. research direction: the software and theory of computer and information security.展开更多
During the establishment of group signature scheme,the parameter information used by the group members is often derived from the group center,and the members are likely to lack immune function to the center.To overcom...During the establishment of group signature scheme,the parameter information used by the group members is often derived from the group center,and the members are likely to lack immune function to the center.To overcome this,a new signature scheme with immune function to the group center is proposed.In the scheme,group members and centers each have independent secret information,but they can authenticate each other.A large amount of content in the calculation process is implemented by group members(terminals),which reduces the computation done by the group center.Furthermore,the scheme also features anti-common modulus attack,anti-joint attack,anti-detriment,revocation and so on.展开更多
Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been develop...Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been developed to reform traditional centralized medical system in recent years.This paper first introduces a data anonymous authentication model to protect user privacy and medical data in BIoMT.Then,a proxy group signature(PGS)scheme has been proposed based on lattice assumption.This scheme can well satisfy the anonymous authentication demand for the proposed model,and provide anti-quantum attack security for BIoMT in the future general quantum computer age.Moreover,the security analysis shows this PGS scheme is secure against the dynamical-almost-full anonymous and traceability.The efficiency comparison shows the proposed model and PGS scheme is more efficient and practical.展开更多
A forward-secure group signature(FSGS)ensures the unforgeability of signatures in the past time period despite signing secret key is leaked in the current time period.As we know,traditional FSGS schemes are mostly rel...A forward-secure group signature(FSGS)ensures the unforgeability of signatures in the past time period despite signing secret key is leaked in the current time period.As we know,traditional FSGS schemes are mostly relying on number-theoretic assumptions unable to resist quantum attacks.Therefore,we present an efficient lattice-based fully dynamic(ie.users can flexibly join or quit the group)forward-secure group signature(DFSGS)by combining an improved version of FSGS scheme proposed by Ling.Based on an efficient zero-knowledge argument,we construct argument of knowledge of the committed value and the plaintext that help with privacy protection.Our DFSGS scheme is proved to be anonymous and forward-secure traceable relying on short integer solution and learning with errors assumptions in random oracle model.Moreover,the lengths of group public key and signature of our DFSGS scheme have been improved,and the length of user secret key has no connection with the quantity of group members.展开更多
We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the ...We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the recent GS schemes due to Ateniese et al. The security proofs are provided in the Universally Composable model, which allows the proofs of security valid not only when our scheme is executed in isolation, but also in composition with other secure cryptographic primitives. We also present several new computational assumptions and justify them in the generic group model. These assumptions are useful in the design of high-level protocols and may be of independent interest.展开更多
The group signature scheme is an important primitive in cryptography,it allows members in a group to generate signatures anonymously on behalf of the whole group.In view of the practical application of such schemes,it...The group signature scheme is an important primitive in cryptography,it allows members in a group to generate signatures anonymously on behalf of the whole group.In view of the practical application of such schemes,it is necessary to allow users’registration and revocation when necessary,which makes the construction of dynamic group signature schemes become a significant direction.On the basis of(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017),we present the first full dynamic group signature scheme over ring,and under the premise of ensuring security,the efficiency of the scheme is improved mainly from the following three aspects:the size of keys,the dynamic construction of a Merkle hash tree that used to record the information of registered users,and the reuse of the leaves in this tree.In addition,the public and secret keys of both group manager and trace manager are generated by a trusted third party,which prevents the situation that the two managers generate their respective public key and secret key maliciously.Compared with the counterpart of the scheme in(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017)over ring,the expected space complexity of the Merkle tree used in our work down almost by half,and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.展开更多
For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for...For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for signature verification,and the signers are not involved.As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions,the first lattice-based VLR group signature(VLR-GS)was introduced by Langlois et al.(2014).However,none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability(BU),which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer(i.e.,member)is revoked.In this study,we introduce the first lattice-based VLR-GS scheme with BU security(VLR-GS-BU),and thus resolve a prominent open problem posed by previous works.Our new scheme enjoys an O(log N)factor saving for bit-sizes of the group public-key(GPK)and the member’s signing secret-key,and it is free of any public-key encryption.In the random oracle model,our scheme is proven secure under two well-known hardness assumptions of the short integer solution(SIS)problem and learning with errors(LWE)problem.展开更多
Message-dependent opening is one of the solutions to solve the problem of the tracing manager owns excessive power.In this paper,we present a new lattice-based fully dynamic group signature scheme with message-depende...Message-dependent opening is one of the solutions to solve the problem of the tracing manager owns excessive power.In this paper,we present a new lattice-based fully dynamic group signature scheme with message-dependent opening by combining an improved version of the fully dynamic group signature scheme proposed by Ling et al and the double encryption paradigm.In addition,we propose an improved underlying zero knowledge protocol,it has a soundness error 1 max(n,p)+1 that is better than the Stern-like protocol,which helps to bring down the communication complexity of the protocol and hence the signature scheme.Our scheme constrains the power of group managers by adding an admitter,and the signature size has a logarithmic relationship with the group size.展开更多
Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less ...Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t-1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Zq, except the PVSS output.展开更多
The group signature scheme is an important primitive in cryptography,it allows members in a group to generate signatures anonymously on behalf of the whole group.In view of the practical application of such schemes,it...The group signature scheme is an important primitive in cryptography,it allows members in a group to generate signatures anonymously on behalf of the whole group.In view of the practical application of such schemes,it is necessary to allow users’registration and revocation when necessary,which makes the construction of dynamic group signature schemes become a significant direction.On the basis of(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017),we present the first full dynamic group signature scheme over ring,and under the premise of ensuring security,the efficiency of the scheme is improved mainly from the following three aspects:the size of keys,the dynamic construction of a Merkle hash tree that used to record the information of registered users,and the reuse of the leaves in this tree.In addition,the public and secret keys of both group manager and trace manager are generated by a trusted third party,which prevents the situation that the two managers generate their respective public key and secret key maliciously.Compared with the counterpart of the scheme in(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017)over ring,the expected space complexity of the Merkle tree used in our work down almost by half,and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.展开更多
The representative collective digital signature,which was suggested by us,is built based on combining the advantages of group digital signature and collective digital signature.This collective digital signature schema...The representative collective digital signature,which was suggested by us,is built based on combining the advantages of group digital signature and collective digital signature.This collective digital signature schema helps to create a unique digital signature that deputizes a collective of people representing different groups of signers and may also include personal signers.The advantage of the proposed collective signature is that it can be built based on most of the well-known difficult problems such as the factor analysis,the discrete logarithm and finding modulo roots of large prime numbers and the current digital signature standards of the United States and Russian Federation.In this paper,we use the discrete logarithmic problem on prime finite fields,which has been implemented in the GOST R34.10-1994 digital signature standard,to build the proposed collective signature protocols.These protocols help to create collective signatures:Guaranteed internal integrity and fixed size,independent of the number of members involved in forming the signature.The signature built in this study,consisting of 3 components(U,R,S),stores the information of all relevant signers in the U components,thus tracking the signer and against the“disclaim of liability”of the signer later is possible.The idea of hiding the signer’s public key is also applied in the proposed protocols.This makes it easy for the signing group representative to specify which members are authorized to participate in the signature creation process.展开更多
The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many diff...The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups,each signing group is represented by a group leader.On document M,a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups,each of which is represented by a group leader.The characteristic of this type of letter is that it consists of three elements(U,E,S),one of which(U)is used to store the information of all the signers who participated in the formation of the collective signature on document M.While storing this information is necessary to identify the signer and resolve disputes later,it greatly increases the size of signatures.This is considered a limitation of the collective signature representing 3 elements.In this paper,we propose and build a new type of collective signature,a collective signature representing 2 elements(E,S).In this case,the signature has been reduced in size,but it contains all the information needed to identify the signer and resolve disputes if necessary.To construct the approved group signature scheme,which is the basic scheme for the proposed representative collective signature schemes,we use the discrete logarithm problem on the prime finite field.At the end of this paper,we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.展开更多
There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field.In this study,we use the elliptic curve discrete logarithm problem to build new collective signat...There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field.In this study,we use the elliptic curve discrete logarithm problem to build new collective signature schemes.The cryptosystem on elliptic curve allows to generate digital signatures with the same level of security as other cryptosystems but with smaller keys.To extend practical applicability and enhance the security level of the group signature protocols,we propose two new types of collective digital signature schemes based on the discrete logarithm problem on the elliptic curve:i)the collective digital signature scheme shared by several signing groups and ii)the collective digital signature scheme shared by several signing groups and several individual signers.These two new types of collective signatures have combined the advantages of group digital signatures and collective digital signatures.These signatures have a fixed size and do not depend on the number of members participating in the creation of the final collective signature.One of the advantages of the proposed collective signature protocols is that they can be deployed on top of the available public key infrastructures.展开更多
Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for ...Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.展开更多
基金The National Natural Science Foundation of China (No60403027)
文摘The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.
基金Supported by the Scientific Research Plan Projectof the Education Department of Shaanxi Province (06JK197)
文摘In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effort for signing, verifying and opening are very small and independent of the number of group members and deleted group members. So it is efficient.
基金Project supported by the National Basic Research Program of China (973 Program) (Grant No 2007CB311100)the National High Technology Research and Development Program of China (Grant Nos 2006AA01Z419 and 20060101Z4015)+4 种基金the Major Research plan of the National Natural Science Foundation of China (Grant No 90604023)2008 Scientific Research Common Program of Beijing Municipal Commission of Education The Scientific Research Foundation for the Youth of Beijing University of Technology (Grant No 97007016200701)the National Research Foundation for the Doctoral Program of Higher Educationof China (Grant No 20040013007)the National Laboratory for Modern Communications Science Foundation of China (GrantNo 9140C1101010601)the Doctor Scientific Research Activation Foundation of Beijing University of Technology (Grant No 52007016200702)
文摘A multi-proxy quantum group signature scheme with threshold shared verification is proposed. An original signer may authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy group can generate the proxy signature on behalf of the original signer. In the scheme, any t or more of n receivers can verify the message and any t - 1 or fewer receivers cannot verify the validity of the proxy signature.
基金Supported by the National973Project(G19980 30 42 0 )
文摘The concept of generalized group signature scheme will be present. Based on the generalized secret sharing scheme proposed by Lin and Harn, a non interactive approach is designed for realizing such generalized group signature scheme. Using the new scheme, the authorized subsets of the group in which the group member can cooperate to produce the valid signature for any message can be randomly specified.
基金supported in part by the National Nature Science Foundation of China under Grant No. 60473027
文摘How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.
基金supported by the National Natural Science Foundation of China(61802117)Support Plan of Scientific and Technological Innovation Team in Universities of Henan Province(20IRTSTHN013)the Youth Backbone Teacher Support Program of Henan Polytechnic University under Grant(2018XQG-10).
文摘Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.
文摘This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can impersonate the double-spender to withdraw from the double-spender’s account. This article utilizes anonymity control and group signature to address this shortcoming. Key words electronic cash - anonymity control - group signature CLC number TP 309 Foundation item: Supported by the National Natural Science Fundation of China (90204015)Biography: SU Yun-xue (1975-), male, Ph. D. research direction: the software and theory of computer and information security.
文摘During the establishment of group signature scheme,the parameter information used by the group members is often derived from the group center,and the members are likely to lack immune function to the center.To overcome this,a new signature scheme with immune function to the group center is proposed.In the scheme,group members and centers each have independent secret information,but they can authenticate each other.A large amount of content in the calculation process is implemented by group members(terminals),which reduces the computation done by the group center.Furthermore,the scheme also features anti-common modulus attack,anti-joint attack,anti-detriment,revocation and so on.
基金This work was supported by the National Natural Science Foundation of China under Grants 92046001,61962009the Doctor Scientific Research Fund of Zhengzhou University of Light Industry under Grant 2021BSJJ033Key Scientific Research Project of Colleges and Universities in Henan Province(CN)under Grant No.22A413010。
文摘Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been developed to reform traditional centralized medical system in recent years.This paper first introduces a data anonymous authentication model to protect user privacy and medical data in BIoMT.Then,a proxy group signature(PGS)scheme has been proposed based on lattice assumption.This scheme can well satisfy the anonymous authentication demand for the proposed model,and provide anti-quantum attack security for BIoMT in the future general quantum computer age.Moreover,the security analysis shows this PGS scheme is secure against the dynamical-almost-full anonymous and traceability.The efficiency comparison shows the proposed model and PGS scheme is more efficient and practical.
基金This work is supported by the Major Program of Guangdong Basic and Applied Research(2019B030302008)National Natural Science Foundation of China(61872152)Science and Technology Program of Guangzhou(201902010081)。
文摘A forward-secure group signature(FSGS)ensures the unforgeability of signatures in the past time period despite signing secret key is leaked in the current time period.As we know,traditional FSGS schemes are mostly relying on number-theoretic assumptions unable to resist quantum attacks.Therefore,we present an efficient lattice-based fully dynamic(ie.users can flexibly join or quit the group)forward-secure group signature(DFSGS)by combining an improved version of FSGS scheme proposed by Ling.Based on an efficient zero-knowledge argument,we construct argument of knowledge of the committed value and the plaintext that help with privacy protection.Our DFSGS scheme is proved to be anonymous and forward-secure traceable relying on short integer solution and learning with errors assumptions in random oracle model.Moreover,the lengths of group public key and signature of our DFSGS scheme have been improved,and the length of user secret key has no connection with the quantity of group members.
基金This work is supported by the National Natural Science Foundation of China under Grant No.60473027ARC Discovery Grant of Australia under Grant No.DP0557493China Postdoctoral Science Foundation(Grant No.20060400035).
文摘We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the recent GS schemes due to Ateniese et al. The security proofs are provided in the Universally Composable model, which allows the proofs of security valid not only when our scheme is executed in isolation, but also in composition with other secure cryptographic primitives. We also present several new computational assumptions and justify them in the generic group model. These assumptions are useful in the design of high-level protocols and may be of independent interest.
基金This work was supported by National Natural Science Foundation of China(Grant No.61379141 and No.61772521)Key Research Program of Frontier Sciences,CAS(Grant No.QYZDB-SSW-SYS035),and the Open Project Program of the State Key Laboratory of Cryptology.
文摘The group signature scheme is an important primitive in cryptography,it allows members in a group to generate signatures anonymously on behalf of the whole group.In view of the practical application of such schemes,it is necessary to allow users’registration and revocation when necessary,which makes the construction of dynamic group signature schemes become a significant direction.On the basis of(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017),we present the first full dynamic group signature scheme over ring,and under the premise of ensuring security,the efficiency of the scheme is improved mainly from the following three aspects:the size of keys,the dynamic construction of a Merkle hash tree that used to record the information of registered users,and the reuse of the leaves in this tree.In addition,the public and secret keys of both group manager and trace manager are generated by a trusted third party,which prevents the situation that the two managers generate their respective public key and secret key maliciously.Compared with the counterpart of the scheme in(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017)over ring,the expected space complexity of the Merkle tree used in our work down almost by half,and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.
基金the National Natural Science Foundation of China(Nos.61802075 and 61772477)the Natural Science Foundation of Henan Province,China(Nos.222300420371 and202300410508)。
文摘For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for signature verification,and the signers are not involved.As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions,the first lattice-based VLR group signature(VLR-GS)was introduced by Langlois et al.(2014).However,none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability(BU),which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer(i.e.,member)is revoked.In this study,we introduce the first lattice-based VLR-GS scheme with BU security(VLR-GS-BU),and thus resolve a prominent open problem posed by previous works.Our new scheme enjoys an O(log N)factor saving for bit-sizes of the group public-key(GPK)and the member’s signing secret-key,and it is free of any public-key encryption.In the random oracle model,our scheme is proven secure under two well-known hardness assumptions of the short integer solution(SIS)problem and learning with errors(LWE)problem.
基金the National Natural Science Foundation of China(Grant No.61932019,No.61772521,No.61772522)the Key Research Program of Frontier Sciences,CAS(Grant No.QYZDB-SSW-SYS035).
文摘Message-dependent opening is one of the solutions to solve the problem of the tracing manager owns excessive power.In this paper,we present a new lattice-based fully dynamic group signature scheme with message-dependent opening by combining an improved version of the fully dynamic group signature scheme proposed by Ling et al and the double encryption paradigm.In addition,we propose an improved underlying zero knowledge protocol,it has a soundness error 1 max(n,p)+1 that is better than the Stern-like protocol,which helps to bring down the communication complexity of the protocol and hence the signature scheme.Our scheme constrains the power of group managers by adding an admitter,and the signature size has a logarithmic relationship with the group size.
基金the National Natural Science of Foundation of China (Nos. 61070249, 60970111 and 60873217)the National High Technology Research and Development Program (863) of China (No. 2008AA01Z403)
文摘Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t-1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Zq, except the PVSS output.
基金supported by National Natural Science Foundation of China(Grant No.61379141 and No.61772521)Key Research Program of Frontier Sciences,CAS(Grant No.QYZDB-SSW-SYS035)the Open Project Program of the State Key Laboratory of Cryptology.
文摘The group signature scheme is an important primitive in cryptography,it allows members in a group to generate signatures anonymously on behalf of the whole group.In view of the practical application of such schemes,it is necessary to allow users’registration and revocation when necessary,which makes the construction of dynamic group signature schemes become a significant direction.On the basis of(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017),we present the first full dynamic group signature scheme over ring,and under the premise of ensuring security,the efficiency of the scheme is improved mainly from the following three aspects:the size of keys,the dynamic construction of a Merkle hash tree that used to record the information of registered users,and the reuse of the leaves in this tree.In addition,the public and secret keys of both group manager and trace manager are generated by a trusted third party,which prevents the situation that the two managers generate their respective public key and secret key maliciously.Compared with the counterpart of the scheme in(Ling et al.,Lattice-based group signatures:achieving full dynamicity with ease,2017)over ring,the expected space complexity of the Merkle tree used in our work down almost by half,and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.
基金supported by Duy Tan University,Da Nang,Vietnam.
文摘The representative collective digital signature,which was suggested by us,is built based on combining the advantages of group digital signature and collective digital signature.This collective digital signature schema helps to create a unique digital signature that deputizes a collective of people representing different groups of signers and may also include personal signers.The advantage of the proposed collective signature is that it can be built based on most of the well-known difficult problems such as the factor analysis,the discrete logarithm and finding modulo roots of large prime numbers and the current digital signature standards of the United States and Russian Federation.In this paper,we use the discrete logarithmic problem on prime finite fields,which has been implemented in the GOST R34.10-1994 digital signature standard,to build the proposed collective signature protocols.These protocols help to create collective signatures:Guaranteed internal integrity and fixed size,independent of the number of members involved in forming the signature.The signature built in this study,consisting of 3 components(U,R,S),stores the information of all relevant signers in the U components,thus tracking the signer and against the“disclaim of liability”of the signer later is possible.The idea of hiding the signer’s public key is also applied in the proposed protocols.This makes it easy for the signing group representative to specify which members are authorized to participate in the signature creation process.
文摘The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups,each signing group is represented by a group leader.On document M,a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups,each of which is represented by a group leader.The characteristic of this type of letter is that it consists of three elements(U,E,S),one of which(U)is used to store the information of all the signers who participated in the formation of the collective signature on document M.While storing this information is necessary to identify the signer and resolve disputes later,it greatly increases the size of signatures.This is considered a limitation of the collective signature representing 3 elements.In this paper,we propose and build a new type of collective signature,a collective signature representing 2 elements(E,S).In this case,the signature has been reduced in size,but it contains all the information needed to identify the signer and resolve disputes if necessary.To construct the approved group signature scheme,which is the basic scheme for the proposed representative collective signature schemes,we use the discrete logarithm problem on the prime finite field.At the end of this paper,we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.
文摘There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field.In this study,we use the elliptic curve discrete logarithm problem to build new collective signature schemes.The cryptosystem on elliptic curve allows to generate digital signatures with the same level of security as other cryptosystems but with smaller keys.To extend practical applicability and enhance the security level of the group signature protocols,we propose two new types of collective digital signature schemes based on the discrete logarithm problem on the elliptic curve:i)the collective digital signature scheme shared by several signing groups and ii)the collective digital signature scheme shared by several signing groups and several individual signers.These two new types of collective signatures have combined the advantages of group digital signatures and collective digital signatures.These signatures have a fixed size and do not depend on the number of members participating in the creation of the final collective signature.One of the advantages of the proposed collective signature protocols is that they can be deployed on top of the available public key infrastructures.
基金supported by the National High-Tech Research and Development Plan of China under Grant Nos.863-317-01- 04-99, 2009AA01Z122 (863)the Natural Science Foundation of Shenyang City of China under Grant No. F10-205-1-12
文摘Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.