Quantum algorithms bring great challenges to classical public key cryptosystems, which makes cryptosystems based on non-commutative algebraic systems hop topic. The braid groups, which are non-commutative, have attrac...Quantum algorithms bring great challenges to classical public key cryptosystems, which makes cryptosystems based on non-commutative algebraic systems hop topic. The braid groups, which are non-commutative, have attracted much attention as a new platform for constructing quantum attack-resistant cryptosystems. A ring signature scheme is proposed based on the difficulty of the root extraction problem over braid groups, which can resist existential forgery against the adaptively cho-sen-message attack under the random oracle model.展开更多
How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divi...How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.展开更多
This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can ...This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can impersonate the double-spender to withdraw from the double-spender’s account. This article utilizes anonymity control and group signature to address this shortcoming. Key words electronic cash - anonymity control - group signature CLC number TP 309 Foundation item: Supported by the National Natural Science Fundation of China (90204015)Biography: SU Yun-xue (1975-), male, Ph. D. research direction: the software and theory of computer and information security.展开更多
In recent years,the issue of preserving the privacy of parties involved in blockchain transactions has garnered significant attention.To ensure privacy protection for both sides of the transaction,many researchers are...In recent years,the issue of preserving the privacy of parties involved in blockchain transactions has garnered significant attention.To ensure privacy protection for both sides of the transaction,many researchers are using ring signature technology instead of the original signature technology.However,in practice,identifying the signer of an illegal blockchain transaction once it has been placed on the chain necessitates a signature technique that offers conditional anonymity.Some illegals can conduct illegal transactions and evade the lawusing ring signatures,which offer perfect anonymity.This paper firstly constructs a conditionally anonymous linkable ring signature using the Diffie-Hellman key exchange protocol and the Elliptic Curve Discrete Logarithm,which offers a non-interactive process for finding the signer of a ring signature in a specific case.Secondly,this paper’s proposed scheme is proven correct and secure under Elliptic Curve Discrete Logarithm Assumptions.Lastly,compared to previous constructions,the scheme presented in this paper provides a non-interactive,efficient,and secure confirmation process.In addition,this paper presents the implementation of the proposed scheme on a personal computer,where the confirmation process takes only 2,16,and 24ms for ring sizes of 4,24 and 48,respectively,and the confirmation process can be combined with a smart contract on the blockchain with a tested millisecond level of running efficiency.In conclusion,the proposed scheme offers a solution to the challenge of identifying the signer of an illegal blockchain transaction,making it an essential contribution to the field.展开更多
Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been develop...Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been developed to reform traditional centralized medical system in recent years.This paper first introduces a data anonymous authentication model to protect user privacy and medical data in BIoMT.Then,a proxy group signature(PGS)scheme has been proposed based on lattice assumption.This scheme can well satisfy the anonymous authentication demand for the proposed model,and provide anti-quantum attack security for BIoMT in the future general quantum computer age.Moreover,the security analysis shows this PGS scheme is secure against the dynamical-almost-full anonymous and traceability.The efficiency comparison shows the proposed model and PGS scheme is more efficient and practical.展开更多
Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concernin...Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concerning revocation of group members is an ideal one if it satisfies forward security which makes it more attractive for not sacrificing the security of past signatures of deleted members. This paper analyses the problem and gives a construction in which the group manager can be un-trustworthy. The scheme is efficient even when the number of revoked members is large.展开更多
During the establishment of group signature scheme,the parameter information used by the group members is often derived from the group center,and the members are likely to lack immune function to the center.To overcom...During the establishment of group signature scheme,the parameter information used by the group members is often derived from the group center,and the members are likely to lack immune function to the center.To overcome this,a new signature scheme with immune function to the group center is proposed.In the scheme,group members and centers each have independent secret information,but they can authenticate each other.A large amount of content in the calculation process is implemented by group members(terminals),which reduces the computation done by the group center.Furthermore,the scheme also features anti-common modulus attack,anti-joint attack,anti-detriment,revocation and so on.展开更多
Blockchain technology provides transparency and reliability by sharing transactions and maintaining the same information through consensus among all participants.However,single-signature applications in transactions c...Blockchain technology provides transparency and reliability by sharing transactions and maintaining the same information through consensus among all participants.However,single-signature applications in transactions can lead to user identification issues due to the reuse of public keys.To address this issue,group signatures can be used,where the same group public key is used to verify signatures from group members to provide anonymity to users.However,in dynamic groups where membership may change,an attack can occur where a user who has left the group can disguise themselves as a group member by leaking a partial key.This problem cannot be traced back to the partial key leaker.In this paper,we propose assigning different partial keys to group members to trace partial key leakers and partially alleviate the damage caused by partial key leaks.Exist schemes have shown that arbitrary tracing issues occurred when a single administrator had exclusive key generation and tracing authority.This paper proposes a group signature scheme that solves the synchronization problem by involving a threshold number of TMs while preventing arbitrary tracing by distributing authority among multiple TMs.展开更多
Electronic check systems, as one of electronic payment systems, are more desirable than other electronic cash systems. In the system, only a single cheek is used to pay any price that is not more than the face value. ...Electronic check systems, as one of electronic payment systems, are more desirable than other electronic cash systems. In the system, only a single cheek is used to pay any price that is not more than the face value. The main problem in check systems is to design an efficient refund mechanism that makes refired cheeks undistinguished from initial checks during payment and deposit. The problem of anonymity control also called fairmess is also an important issue in check systelns. All check systems yet are unconditional anonymity that opens the door to misuse for crime such as laundering and blackmailing. In this paper, the notion of anonylnity revocation is introduced to electronic check system for the fitst thne, and a model of fair electronic check system is proposed. An effieient fair online electronic check system with reusable refund is presented. In the system, a passive trustee is elnployed to revoke the anonymity of unhonest users. Moreover, the system solves the reusability problem of refunds thanks to the RSA-based partially signature. The system is efficient and meets all basic security requirements.展开更多
Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less ...Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t-1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Zq, except the PVSS output.展开更多
Democratic group signatures (DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager. Security results of existing work are based on decisional Diffie-Hel...Democratic group signatures (DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager. Security results of existing work are based on decisional Diffie-Hellman (DDH) assumption. In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman (GDH) group where DDH problem is easily but computational Diffe-Hellman (CDH) problem is hard to be solved. Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key. Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman (DPDH) assumption which is weaker than DDH one.展开更多
This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold traceability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a...This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold traceability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a valid democratic group signature such that any subset with more than t members can jointly reconstruct a secret and reveal the identity of the signer. Any active adversary cannot do this even if he can corrupt up to t - 1 group members.展开更多
Group signature allows the anonymity of a real signer in a group to be revoked by a trusted party called group manager. It also gives the group manager the absolute power of controlling the formation of the group. Rin...Group signature allows the anonymity of a real signer in a group to be revoked by a trusted party called group manager. It also gives the group manager the absolute power of controlling the formation of the group. Ring signature, on the other hand, does not allow anyone to revoke the signer anonymity, while allowing the real signer to form a group (also known as a ring) arbitrarily without being controlled by any other party. In this paper, we propose a new variant for ring signature, called Revocable Ring Signature. The signature allows a real signer to form a ring arbitrarily while allowing a set of authorities to revoke the anonymity of the real signer. This new variant inherits the desirable properties from both group signature and ring signature in such a way that the real signer will be responsible for what it has signed as the anonymity is revocable by authorities while the real signer still has the freedom on ring formation. We provide a formal security model for revocable ring signature and propose an efficient construction which is proven secure under our security model.展开更多
Block chain is widely used in the financial field for its characteristics of decentralization, anonymity and trust. Electronic money payment is an important application hotspot. Ring signature is widely used in strong...Block chain is widely used in the financial field for its characteristics of decentralization, anonymity and trust. Electronic money payment is an important application hotspot. Ring signature is widely used in strong anonymous authentication such as electronic cash and electronic voting because of its unconditional anonymity, spontaneity and flexible group structure. Among them, the correlation ring signature can prove whether two signatures are issued by the same person without revealing the identity of the real signer. Therefore, the signature right breach can be avoided based on the premise of guaranteeing anonymity, such as repeated voting, electronic money repetition cost and so on. Most of the existing correlation ring signature security is based on the discrete logarithm problem, and most of the schemes result in the degradation of anonymity because of strong association. These methods do not apply to the block chain electronic currency transaction scene with strong anonymity. Therefore, this paper first proposes a blockchain-based electronic currency transaction security model. The model ensures not only the anonymity of both parties but also a certain degree of traceability. In order to support these two characteristics, this paper proposes an association ring signature method based on large integer decomposition problem. This method has strong anonymity and can be applied to blockchain scenes. On the other hand, it can be converted into group signatures in specific scenarios. It is therefore traceable. Finally, the adaptive selection message of the scheme and the unforgeability under the selection of public key attack are proved under the random oracle model.展开更多
Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptogra...Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptography attracts much attention recently. Several efficient lattice-based ring signatures have been naturally constructed from lattice basis delegation, but all of them have large verification key sizes. Our observation finds that a new concept called the split- small integer solution (SIS) problem introduced by Nguyen et al. at PKC'I 5 is excellent in reducing the public key sizes of lattice-based ring signature schemes from basis delegation. In this research, we first define an extended concept called the extended split-SIS problem, and then prove that the hardness of the extended problem is as hard as the approximating shortest independent vectors problem (SIVP) problem within certain polynomial factor. Moreover, we present an improved ring signature and prove that it is anonymous and unforgeable against the insider corruption. Finally, we give two other improved existing ring signature schemes from lattices. In the end, we show the comparison with the original scheme in terms of the verification key sizes. Our research data illustrate that the public key sizes of the proposed schemes are reduced significantly.展开更多
For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for...For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for signature verification,and the signers are not involved.As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions,the first lattice-based VLR group signature(VLR-GS)was introduced by Langlois et al.(2014).However,none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability(BU),which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer(i.e.,member)is revoked.In this study,we introduce the first lattice-based VLR-GS scheme with BU security(VLR-GS-BU),and thus resolve a prominent open problem posed by previous works.Our new scheme enjoys an O(log N)factor saving for bit-sizes of the group public-key(GPK)and the member’s signing secret-key,and it is free of any public-key encryption.In the random oracle model,our scheme is proven secure under two well-known hardness assumptions of the short integer solution(SIS)problem and learning with errors(LWE)problem.展开更多
The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2...The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2PN ). The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption (CP-ABE) is proposed and used in this group-key rmnagement protocol to authenticate a peer's at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer's attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.展开更多
基金Supported by the National Natural Science Foundation of China (No. 10501053)
文摘Quantum algorithms bring great challenges to classical public key cryptosystems, which makes cryptosystems based on non-commutative algebraic systems hop topic. The braid groups, which are non-commutative, have attracted much attention as a new platform for constructing quantum attack-resistant cryptosystems. A ring signature scheme is proposed based on the difficulty of the root extraction problem over braid groups, which can resist existential forgery against the adaptively cho-sen-message attack under the random oracle model.
基金supported in part by the National Nature Science Foundation of China under Grant No. 60473027
文摘How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.
文摘This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can impersonate the double-spender to withdraw from the double-spender’s account. This article utilizes anonymity control and group signature to address this shortcoming. Key words electronic cash - anonymity control - group signature CLC number TP 309 Foundation item: Supported by the National Natural Science Fundation of China (90204015)Biography: SU Yun-xue (1975-), male, Ph. D. research direction: the software and theory of computer and information security.
基金funded by the National Natural Science Foundation of China (Grant Number 12171114)National Key R&D Program of China (Grant Number 2021YFA1000600).
文摘In recent years,the issue of preserving the privacy of parties involved in blockchain transactions has garnered significant attention.To ensure privacy protection for both sides of the transaction,many researchers are using ring signature technology instead of the original signature technology.However,in practice,identifying the signer of an illegal blockchain transaction once it has been placed on the chain necessitates a signature technique that offers conditional anonymity.Some illegals can conduct illegal transactions and evade the lawusing ring signatures,which offer perfect anonymity.This paper firstly constructs a conditionally anonymous linkable ring signature using the Diffie-Hellman key exchange protocol and the Elliptic Curve Discrete Logarithm,which offers a non-interactive process for finding the signer of a ring signature in a specific case.Secondly,this paper’s proposed scheme is proven correct and secure under Elliptic Curve Discrete Logarithm Assumptions.Lastly,compared to previous constructions,the scheme presented in this paper provides a non-interactive,efficient,and secure confirmation process.In addition,this paper presents the implementation of the proposed scheme on a personal computer,where the confirmation process takes only 2,16,and 24ms for ring sizes of 4,24 and 48,respectively,and the confirmation process can be combined with a smart contract on the blockchain with a tested millisecond level of running efficiency.In conclusion,the proposed scheme offers a solution to the challenge of identifying the signer of an illegal blockchain transaction,making it an essential contribution to the field.
基金This work was supported by the National Natural Science Foundation of China under Grants 92046001,61962009the Doctor Scientific Research Fund of Zhengzhou University of Light Industry under Grant 2021BSJJ033Key Scientific Research Project of Colleges and Universities in Henan Province(CN)under Grant No.22A413010。
文摘Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been developed to reform traditional centralized medical system in recent years.This paper first introduces a data anonymous authentication model to protect user privacy and medical data in BIoMT.Then,a proxy group signature(PGS)scheme has been proposed based on lattice assumption.This scheme can well satisfy the anonymous authentication demand for the proposed model,and provide anti-quantum attack security for BIoMT in the future general quantum computer age.Moreover,the security analysis shows this PGS scheme is secure against the dynamical-almost-full anonymous and traceability.The efficiency comparison shows the proposed model and PGS scheme is more efficient and practical.
基金the National Natural Science Foundation of China (No.60673081)the National Grand Foundation Research 863 Program of China (No.2006 AA01Z417).
文摘Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concerning revocation of group members is an ideal one if it satisfies forward security which makes it more attractive for not sacrificing the security of past signatures of deleted members. This paper analyses the problem and gives a construction in which the group manager can be un-trustworthy. The scheme is efficient even when the number of revoked members is large.
文摘During the establishment of group signature scheme,the parameter information used by the group members is often derived from the group center,and the members are likely to lack immune function to the center.To overcome this,a new signature scheme with immune function to the group center is proposed.In the scheme,group members and centers each have independent secret information,but they can authenticate each other.A large amount of content in the calculation process is implemented by group members(terminals),which reduces the computation done by the group center.Furthermore,the scheme also features anti-common modulus attack,anti-joint attack,anti-detriment,revocation and so on.
基金supported by Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(RS-2022-00167197,Development of Intelligent 5G/6G Infrastructure Technology for The Smart City)and this work was funded by BK21 FOUR(Fostering Outstanding Universities for Research)(5199990914048)supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(2022R1A2B5B01002490)the Soonchunhyang University Research Fund.
文摘Blockchain technology provides transparency and reliability by sharing transactions and maintaining the same information through consensus among all participants.However,single-signature applications in transactions can lead to user identification issues due to the reuse of public keys.To address this issue,group signatures can be used,where the same group public key is used to verify signatures from group members to provide anonymity to users.However,in dynamic groups where membership may change,an attack can occur where a user who has left the group can disguise themselves as a group member by leaking a partial key.This problem cannot be traced back to the partial key leaker.In this paper,we propose assigning different partial keys to group members to trace partial key leakers and partially alleviate the damage caused by partial key leaks.Exist schemes have shown that arbitrary tracing issues occurred when a single administrator had exclusive key generation and tracing authority.This paper proposes a group signature scheme that solves the synchronization problem by involving a threshold number of TMs while preventing arbitrary tracing by distributing authority among multiple TMs.
基金国家高技术研究发展计划(863计划),the National Natural Science Foundation of China
文摘Electronic check systems, as one of electronic payment systems, are more desirable than other electronic cash systems. In the system, only a single cheek is used to pay any price that is not more than the face value. The main problem in check systems is to design an efficient refund mechanism that makes refired cheeks undistinguished from initial checks during payment and deposit. The problem of anonymity control also called fairmess is also an important issue in check systelns. All check systems yet are unconditional anonymity that opens the door to misuse for crime such as laundering and blackmailing. In this paper, the notion of anonylnity revocation is introduced to electronic check system for the fitst thne, and a model of fair electronic check system is proposed. An effieient fair online electronic check system with reusable refund is presented. In the system, a passive trustee is elnployed to revoke the anonymity of unhonest users. Moreover, the system solves the reusability problem of refunds thanks to the RSA-based partially signature. The system is efficient and meets all basic security requirements.
基金the National Natural Science of Foundation of China (Nos. 61070249, 60970111 and 60873217)the National High Technology Research and Development Program (863) of China (No. 2008AA01Z403)
文摘Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t-1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Zq, except the PVSS output.
基金the National Natural Science Foundation of China (Nos. 60703031, 60703004, 60673076)
文摘Democratic group signatures (DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager. Security results of existing work are based on decisional Diffie-Hellman (DDH) assumption. In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman (GDH) group where DDH problem is easily but computational Diffe-Hellman (CDH) problem is hard to be solved. Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key. Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman (DPDH) assumption which is weaker than DDH one.
基金the National Natural Science Foundation of China(Nos.60703031,60703004,60673076,60672068)
文摘This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold traceability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a valid democratic group signature such that any subset with more than t members can jointly reconstruct a secret and reveal the identity of the signer. Any active adversary cannot do this even if he can corrupt up to t - 1 group members.
基金Dennis Y.W.Liu and Duncan S.Wong were supported by CityU grants(Project Nos.7001844,7001959,7002001).
文摘Group signature allows the anonymity of a real signer in a group to be revoked by a trusted party called group manager. It also gives the group manager the absolute power of controlling the formation of the group. Ring signature, on the other hand, does not allow anyone to revoke the signer anonymity, while allowing the real signer to form a group (also known as a ring) arbitrarily without being controlled by any other party. In this paper, we propose a new variant for ring signature, called Revocable Ring Signature. The signature allows a real signer to form a ring arbitrarily while allowing a set of authorities to revoke the anonymity of the real signer. This new variant inherits the desirable properties from both group signature and ring signature in such a way that the real signer will be responsible for what it has signed as the anonymity is revocable by authorities while the real signer still has the freedom on ring formation. We provide a formal security model for revocable ring signature and propose an efficient construction which is proven secure under our security model.
基金Supported by the National Natural Science Foundation of China(U1304614,U1204703)the Construct Program of the Key Discipline in Zhengzhou Normal UniversityAid Program for Science and Technology Innovative Research Team of Zhengzhou Normal University,Henan Province Education Science Plan General Topic((2018)-JKGHYB-0279)
文摘Block chain is widely used in the financial field for its characteristics of decentralization, anonymity and trust. Electronic money payment is an important application hotspot. Ring signature is widely used in strong anonymous authentication such as electronic cash and electronic voting because of its unconditional anonymity, spontaneity and flexible group structure. Among them, the correlation ring signature can prove whether two signatures are issued by the same person without revealing the identity of the real signer. Therefore, the signature right breach can be avoided based on the premise of guaranteeing anonymity, such as repeated voting, electronic money repetition cost and so on. Most of the existing correlation ring signature security is based on the discrete logarithm problem, and most of the schemes result in the degradation of anonymity because of strong association. These methods do not apply to the block chain electronic currency transaction scene with strong anonymity. Therefore, this paper first proposes a blockchain-based electronic currency transaction security model. The model ensures not only the anonymity of both parties but also a certain degree of traceability. In order to support these two characteristics, this paper proposes an association ring signature method based on large integer decomposition problem. This method has strong anonymity and can be applied to blockchain scenes. On the other hand, it can be converted into group signatures in specific scenarios. It is therefore traceable. Finally, the adaptive selection message of the scheme and the unforgeability under the selection of public key attack are proved under the random oracle model.
基金supported by the National Natural Science Foundations of China (61472309, 61572390, 61303198, 61402353)the 111 Project (B08038)+1 种基金National Natural Science Foundations of Ningbo (201601HJ-B01382)Research Program of Anhui Education Committee (KJ2016A626, KJ2016A627)
文摘Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptography attracts much attention recently. Several efficient lattice-based ring signatures have been naturally constructed from lattice basis delegation, but all of them have large verification key sizes. Our observation finds that a new concept called the split- small integer solution (SIS) problem introduced by Nguyen et al. at PKC'I 5 is excellent in reducing the public key sizes of lattice-based ring signature schemes from basis delegation. In this research, we first define an extended concept called the extended split-SIS problem, and then prove that the hardness of the extended problem is as hard as the approximating shortest independent vectors problem (SIVP) problem within certain polynomial factor. Moreover, we present an improved ring signature and prove that it is anonymous and unforgeable against the insider corruption. Finally, we give two other improved existing ring signature schemes from lattices. In the end, we show the comparison with the original scheme in terms of the verification key sizes. Our research data illustrate that the public key sizes of the proposed schemes are reduced significantly.
基金the National Natural Science Foundation of China(Nos.61802075 and 61772477)the Natural Science Foundation of Henan Province,China(Nos.222300420371 and202300410508)。
文摘For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for signature verification,and the signers are not involved.As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions,the first lattice-based VLR group signature(VLR-GS)was introduced by Langlois et al.(2014).However,none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability(BU),which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer(i.e.,member)is revoked.In this study,we introduce the first lattice-based VLR-GS scheme with BU security(VLR-GS-BU),and thus resolve a prominent open problem posed by previous works.Our new scheme enjoys an O(log N)factor saving for bit-sizes of the group public-key(GPK)and the member’s signing secret-key,and it is free of any public-key encryption.In the random oracle model,our scheme is proven secure under two well-known hardness assumptions of the short integer solution(SIS)problem and learning with errors(LWE)problem.
基金This paper was supported by the National Natural Science Foundation of China under Grant No. 61073042 the Fundamental Research Funds for the Central Universities under Grant No HEUCF100606 the Open Foundation of Network and Data Security Key Laboratory of Sichuan Province under Crant No 201107.
文摘The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2PN ). The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption (CP-ABE) is proposed and used in this group-key rmnagement protocol to authenticate a peer's at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer's attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.
