Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The g...Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a "single message and signature response" interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.展开更多
We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the ...We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the recent GS schemes due to Ateniese et al. The security proofs are provided in the Universally Composable model, which allows the proofs of security valid not only when our scheme is executed in isolation, but also in composition with other secure cryptographic primitives. We also present several new computational assumptions and justify them in the generic group model. These assumptions are useful in the design of high-level protocols and may be of independent interest.展开更多
For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for...For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for signature verification,and the signers are not involved.As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions,the first lattice-based VLR group signature(VLR-GS)was introduced by Langlois et al.(2014).However,none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability(BU),which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer(i.e.,member)is revoked.In this study,we introduce the first lattice-based VLR-GS scheme with BU security(VLR-GS-BU),and thus resolve a prominent open problem posed by previous works.Our new scheme enjoys an O(log N)factor saving for bit-sizes of the group public-key(GPK)and the member’s signing secret-key,and it is free of any public-key encryption.In the random oracle model,our scheme is proven secure under two well-known hardness assumptions of the short integer solution(SIS)problem and learning with errors(LWE)problem.展开更多
Democratic group signatures (DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager. Security results of existing work are based on decisional Diffie-Hel...Democratic group signatures (DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager. Security results of existing work are based on decisional Diffie-Hellman (DDH) assumption. In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman (GDH) group where DDH problem is easily but computational Diffe-Hellman (CDH) problem is hard to be solved. Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key. Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman (DPDH) assumption which is weaker than DDH one.展开更多
Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less ...Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t-1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Zq, except the PVSS output.展开更多
This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold traceability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a...This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold traceability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a valid democratic group signature such that any subset with more than t members can jointly reconstruct a secret and reveal the identity of the signer. Any active adversary cannot do this even if he can corrupt up to t - 1 group members.展开更多
We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems wit...We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.展开更多
A multi-proxy quantum group signature scheme with threshold shared verification is proposed. An original signer may authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy...A multi-proxy quantum group signature scheme with threshold shared verification is proposed. An original signer may authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy group can generate the proxy signature on behalf of the original signer. In the scheme, any t or more of n receivers can verify the message and any t - 1 or fewer receivers cannot verify the validity of the proxy signature.展开更多
Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for ...Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.展开更多
The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signi...The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.展开更多
Xie and Yu (2005) proposed a group signature scheme and claimed that it is the most efficient group signature scheme so far and secure. In this paper, we show that two dishonest group members can collude to launch two...Xie and Yu (2005) proposed a group signature scheme and claimed that it is the most efficient group signature scheme so far and secure. In this paper, we show that two dishonest group members can collude to launch two attacks on the scheme. In the first attack they can derive the group secret key and then generate untraceable group signatures. In the second attack, they can impersonate other group members once they see their signatures. Therefore we conclude that the signature scheme is not secure. We show that some parameters should be carefully selected in the scheme to resist our attacks.展开更多
The concept of generalized group signature scheme will be present. Based on the generalized secret sharing scheme proposed by Lin and Harn, a non interactive approach is designed for realizing such generalized group ...The concept of generalized group signature scheme will be present. Based on the generalized secret sharing scheme proposed by Lin and Harn, a non interactive approach is designed for realizing such generalized group signature scheme. Using the new scheme, the authorized subsets of the group in which the group member can cooperate to produce the valid signature for any message can be randomly specified.展开更多
Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concernin...Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concerning revocation of group members is an ideal one if it satisfies forward security which makes it more attractive for not sacrificing the security of past signatures of deleted members. This paper analyses the problem and gives a construction in which the group manager can be un-trustworthy. The scheme is efficient even when the number of revoked members is large.展开更多
How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divi...How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.展开更多
A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can genera...A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations.展开更多
The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many diff...The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups,each signing group is represented by a group leader.On document M,a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups,each of which is represented by a group leader.The characteristic of this type of letter is that it consists of three elements(U,E,S),one of which(U)is used to store the information of all the signers who participated in the formation of the collective signature on document M.While storing this information is necessary to identify the signer and resolve disputes later,it greatly increases the size of signatures.This is considered a limitation of the collective signature representing 3 elements.In this paper,we propose and build a new type of collective signature,a collective signature representing 2 elements(E,S).In this case,the signature has been reduced in size,but it contains all the information needed to identify the signer and resolve disputes if necessary.To construct the approved group signature scheme,which is the basic scheme for the proposed representative collective signature schemes,we use the discrete logarithm problem on the prime finite field.At the end of this paper,we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.展开更多
There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field.In this study,we use the elliptic curve discrete logarithm problem to build new collective signat...There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field.In this study,we use the elliptic curve discrete logarithm problem to build new collective signature schemes.The cryptosystem on elliptic curve allows to generate digital signatures with the same level of security as other cryptosystems but with smaller keys.To extend practical applicability and enhance the security level of the group signature protocols,we propose two new types of collective digital signature schemes based on the discrete logarithm problem on the elliptic curve:i)the collective digital signature scheme shared by several signing groups and ii)the collective digital signature scheme shared by several signing groups and several individual signers.These two new types of collective signatures have combined the advantages of group digital signatures and collective digital signatures.These signatures have a fixed size and do not depend on the number of members participating in the creation of the final collective signature.One of the advantages of the proposed collective signature protocols is that they can be deployed on top of the available public key infrastructures.展开更多
In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effo...In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effort for signing, verifying and opening are very small and independent of the number of group members and deleted group members. So it is efficient.展开更多
This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can ...This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can impersonate the double-spender to withdraw from the double-spender’s account. This article utilizes anonymity control and group signature to address this shortcoming. Key words electronic cash - anonymity control - group signature CLC number TP 309 Foundation item: Supported by the National Natural Science Fundation of China (90204015)Biography: SU Yun-xue (1975-), male, Ph. D. research direction: the software and theory of computer and information security.展开更多
Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Insp...Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.展开更多
基金This paper is supported by the National Natural Science Foundation of China under Grant No. 61072140, 61373171 the Program of Introducing Talents of Discipline to Universities NO. B08038 the Specialized Research Fund for the Doctoral Program of Higher Education No. 20100203110003.
文摘Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a "single message and signature response" interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.
基金This work is supported by the National Natural Science Foundation of China under Grant No.60473027ARC Discovery Grant of Australia under Grant No.DP0557493China Postdoctoral Science Foundation(Grant No.20060400035).
文摘We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the recent GS schemes due to Ateniese et al. The security proofs are provided in the Universally Composable model, which allows the proofs of security valid not only when our scheme is executed in isolation, but also in composition with other secure cryptographic primitives. We also present several new computational assumptions and justify them in the generic group model. These assumptions are useful in the design of high-level protocols and may be of independent interest.
基金the National Natural Science Foundation of China(Nos.61802075 and 61772477)the Natural Science Foundation of Henan Province,China(Nos.222300420371 and202300410508)。
文摘For group signature(GS)supporting membership revocation,verifier-local revocation(VLR)mechanism seems to be a more flexible choice,because it requires only that verifiers download up-to-date revocation information for signature verification,and the signers are not involved.As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions,the first lattice-based VLR group signature(VLR-GS)was introduced by Langlois et al.(2014).However,none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability(BU),which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer(i.e.,member)is revoked.In this study,we introduce the first lattice-based VLR-GS scheme with BU security(VLR-GS-BU),and thus resolve a prominent open problem posed by previous works.Our new scheme enjoys an O(log N)factor saving for bit-sizes of the group public-key(GPK)and the member’s signing secret-key,and it is free of any public-key encryption.In the random oracle model,our scheme is proven secure under two well-known hardness assumptions of the short integer solution(SIS)problem and learning with errors(LWE)problem.
基金the National Natural Science Foundation of China (Nos. 60703031, 60703004, 60673076)
文摘Democratic group signatures (DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager. Security results of existing work are based on decisional Diffie-Hellman (DDH) assumption. In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman (GDH) group where DDH problem is easily but computational Diffe-Hellman (CDH) problem is hard to be solved. Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key. Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman (DPDH) assumption which is weaker than DDH one.
基金the National Natural Science of Foundation of China (Nos. 61070249, 60970111 and 60873217)the National High Technology Research and Development Program (863) of China (No. 2008AA01Z403)
文摘Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t-1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Zq, except the PVSS output.
基金the National Natural Science Foundation of China(Nos.60703031,60703004,60673076,60672068)
文摘This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold traceability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a valid democratic group signature such that any subset with more than t members can jointly reconstruct a secret and reveal the identity of the signer. Any active adversary cannot do this even if he can corrupt up to t - 1 group members.
基金Supported by National Natural Science Foundation of China (No.60503006 and No.60403007) and Natural Science Foundation of Guangdong, China (No. 04205407).
文摘We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.
基金Project supported by the National Basic Research Program of China (973 Program) (Grant No 2007CB311100)the National High Technology Research and Development Program of China (Grant Nos 2006AA01Z419 and 20060101Z4015)+4 种基金the Major Research plan of the National Natural Science Foundation of China (Grant No 90604023)2008 Scientific Research Common Program of Beijing Municipal Commission of Education The Scientific Research Foundation for the Youth of Beijing University of Technology (Grant No 97007016200701)the National Research Foundation for the Doctoral Program of Higher Educationof China (Grant No 20040013007)the National Laboratory for Modern Communications Science Foundation of China (GrantNo 9140C1101010601)the Doctor Scientific Research Activation Foundation of Beijing University of Technology (Grant No 52007016200702)
文摘A multi-proxy quantum group signature scheme with threshold shared verification is proposed. An original signer may authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy group can generate the proxy signature on behalf of the original signer. In the scheme, any t or more of n receivers can verify the message and any t - 1 or fewer receivers cannot verify the validity of the proxy signature.
基金supported by the National High-Tech Research and Development Plan of China under Grant Nos.863-317-01- 04-99, 2009AA01Z122 (863)the Natural Science Foundation of Shenyang City of China under Grant No. F10-205-1-12
文摘Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.
基金The National Natural Science Foundation of China (No60403027)
文摘The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.
基金Project (No. 60472032) supported by the National Natural Science Foundation of China
文摘Xie and Yu (2005) proposed a group signature scheme and claimed that it is the most efficient group signature scheme so far and secure. In this paper, we show that two dishonest group members can collude to launch two attacks on the scheme. In the first attack they can derive the group secret key and then generate untraceable group signatures. In the second attack, they can impersonate other group members once they see their signatures. Therefore we conclude that the signature scheme is not secure. We show that some parameters should be carefully selected in the scheme to resist our attacks.
基金Supported by the National973Project(G19980 30 42 0 )
文摘The concept of generalized group signature scheme will be present. Based on the generalized secret sharing scheme proposed by Lin and Harn, a non interactive approach is designed for realizing such generalized group signature scheme. Using the new scheme, the authorized subsets of the group in which the group member can cooperate to produce the valid signature for any message can be randomly specified.
基金the National Natural Science Foundation of China (No.60673081)the National Grand Foundation Research 863 Program of China (No.2006 AA01Z417).
文摘Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concerning revocation of group members is an ideal one if it satisfies forward security which makes it more attractive for not sacrificing the security of past signatures of deleted members. This paper analyses the problem and gives a construction in which the group manager can be un-trustworthy. The scheme is efficient even when the number of revoked members is large.
基金supported in part by the National Nature Science Foundation of China under Grant No. 60473027
文摘How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.
基金Project (No. 10271037) supported by the National Natural Sci-ence Foundation of China
文摘A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations.
文摘The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups,each signing group is represented by a group leader.On document M,a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups,each of which is represented by a group leader.The characteristic of this type of letter is that it consists of three elements(U,E,S),one of which(U)is used to store the information of all the signers who participated in the formation of the collective signature on document M.While storing this information is necessary to identify the signer and resolve disputes later,it greatly increases the size of signatures.This is considered a limitation of the collective signature representing 3 elements.In this paper,we propose and build a new type of collective signature,a collective signature representing 2 elements(E,S).In this case,the signature has been reduced in size,but it contains all the information needed to identify the signer and resolve disputes if necessary.To construct the approved group signature scheme,which is the basic scheme for the proposed representative collective signature schemes,we use the discrete logarithm problem on the prime finite field.At the end of this paper,we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.
文摘There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field.In this study,we use the elliptic curve discrete logarithm problem to build new collective signature schemes.The cryptosystem on elliptic curve allows to generate digital signatures with the same level of security as other cryptosystems but with smaller keys.To extend practical applicability and enhance the security level of the group signature protocols,we propose two new types of collective digital signature schemes based on the discrete logarithm problem on the elliptic curve:i)the collective digital signature scheme shared by several signing groups and ii)the collective digital signature scheme shared by several signing groups and several individual signers.These two new types of collective signatures have combined the advantages of group digital signatures and collective digital signatures.These signatures have a fixed size and do not depend on the number of members participating in the creation of the final collective signature.One of the advantages of the proposed collective signature protocols is that they can be deployed on top of the available public key infrastructures.
基金Supported by the Scientific Research Plan Projectof the Education Department of Shaanxi Province (06JK197)
文摘In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effort for signing, verifying and opening are very small and independent of the number of group members and deleted group members. So it is efficient.
文摘This paper describes the research results and development of fair off-line e-cash systems so far, and points out that in these systems, the bank can compute the double-spender’s account secret key, thus the bank can impersonate the double-spender to withdraw from the double-spender’s account. This article utilizes anonymity control and group signature to address this shortcoming. Key words electronic cash - anonymity control - group signature CLC number TP 309 Foundation item: Supported by the National Natural Science Fundation of China (90204015)Biography: SU Yun-xue (1975-), male, Ph. D. research direction: the software and theory of computer and information security.
基金supported by the National Natural Science Foundation of China(61802117)Support Plan of Scientific and Technological Innovation Team in Universities of Henan Province(20IRTSTHN013)the Youth Backbone Teacher Support Program of Henan Polytechnic University under Grant(2018XQG-10).
文摘Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.
