The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme...The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.展开更多
The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signi...The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.展开更多
Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir sec...Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.展开更多
In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer's ability and the po...In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer's ability and the power of the proxy signer, and ensure the property of publicly verifiable secret sharing schemes. A new concept "verifiable time period" is also introduced to reduce the time cost in the period of verifications and increases the efficiency of our scheme.展开更多
In this paper, a new restrictive blind signature scheme is proposed. Compared with Brands restrictive blind signature scheme, our scheme is even more restrictive and efficient. And our scheme is proved secure, too. ...In this paper, a new restrictive blind signature scheme is proposed. Compared with Brands restrictive blind signature scheme, our scheme is even more restrictive and efficient. And our scheme is proved secure, too. A new withdrawal protocol of electronic cash system is designed by using our restrictive blind signature scheme, which is more efficient than the withdrawal protocol and is more appropriate for adopting pre processing and post processing.展开更多
Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, t...Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature, based on the variants of E1Gamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.展开更多
An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, b...An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman (CDH) problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt's identity based signature (IBS) scheme is secure, which is proven true based on the CDH assumption in the standard model.展开更多
The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first prese...The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player. However, he cannot forge the players to generate partial blind signatures (Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks). Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient.展开更多
Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for ...Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.展开更多
Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind...Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind signature from Weil pairing on super-singular elliptic curves or hyper-elliptic curves over finite field and prove that our scheme is provably secure in the random oracle model.展开更多
Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (M...Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (MANETs) very much. Jumin Song, et al. presented an ID-based aggregate signature, applied it to MANETs and proposed a secure routing scheme. In this work, we analyze Jumin Song, et al.’s aggregate signature scheme and find some limitations on its batch verification. In addition, in this work, we apply Craig Gentry, et al.’s ID-based aggregate signature to on-demand routing pro-tocol to present a secure routing scheme. Our scheme not only provides sound authentication and a secure routing protocol in ad hoc networks, but also meets the nature of MANETs.展开更多
Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The g...Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a "single message and signature response" interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.展开更多
随着量子计算技术的不断发展,依赖传统公钥密码体制三大功能(密钥协商/数字签名/公钥加密)的各种应用系统将不再安全.为应对量子威胁,以美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)为首的国际标准...随着量子计算技术的不断发展,依赖传统公钥密码体制三大功能(密钥协商/数字签名/公钥加密)的各种应用系统将不再安全.为应对量子威胁,以美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)为首的国际标准组织积极征集与部署后量子密码(Post Quantum Cryptography,PQC)算法的标准化工作,致力于在真正实用型量子计算机问世之前,提前完成传统公钥密码算法到PQC算法的迁移过渡.Crystals-Dilithium是NIST-PQC标准中的一种基于格的数字签名算法,其安全性高,运算速度快,是实现抵抗量子攻击数字签名算法的重要路径之一.本文从主流Crystals-Dilithium数字签名算法的理论基础出发,从底层关键组件的优化方法和整体硬件构架设计方法着手,围绕硬件资源优化和性能优化等现有方法和成果对比展开分析介绍,为研究者们后续研究探明方向,希望为设计性能与硬件资源均衡的后量子数字签名密码芯片提供有力参考.展开更多
1 Introduction Identity privacy concerns hinder data sharing by casting doubt on the safeguarding of personal information,eroding trust,and impeding the willingness of individuals and organizations to exchange their d...1 Introduction Identity privacy concerns hinder data sharing by casting doubt on the safeguarding of personal information,eroding trust,and impeding the willingness of individuals and organizations to exchange their data[1,2].The traceable ring signatures(TRSs)addresses the contradiction between identity privacy and regulation[3],no scheme has been developed thus far that is based on SM2,the Chinese cryptographic public key algorithm standard,without relying on centralized trust.展开更多
The secure issues of APK are very important in Android applications.In order to solve potential secure problems and copyrights issues in redevelopment of APK files,in this paper we propose a new APK redevelopment mech...The secure issues of APK are very important in Android applications.In order to solve potential secure problems and copyrights issues in redevelopment of APK files,in this paper we propose a new APK redevelopment mechanism(APK-SAN).By exploring sanitizable signature technology,APK-SAN allows the original developer to authorize specified modifier who can redevelop the designated source code of APK files.Our scheme does not require interactions between the developer and modifiers.It can reduce the communication overhead and computational overhead for developers.Especially,the signature of redeveloped APK files is valid and maintains the copyrights.The proposed APK-SAN signature can effectively protect the security of the redeveloped APK files and copyrights of the developer and modifier.展开更多
The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provabl...The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols: initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.展开更多
文摘The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.
基金The National Natural Science Foundation of China (No60403027)
文摘The short secret key characteristic of elliptic curve cryptosystem (ECC) are integrated with the ( t, n ) threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang's conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.
文摘Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.
基金Supported by the National Natural Science Foundation of China (90104035)
文摘In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer's ability and the power of the proxy signer, and ensure the property of publicly verifiable secret sharing schemes. A new concept "verifiable time period" is also introduced to reduce the time cost in the period of verifications and increases the efficiency of our scheme.
文摘In this paper, a new restrictive blind signature scheme is proposed. Compared with Brands restrictive blind signature scheme, our scheme is even more restrictive and efficient. And our scheme is proved secure, too. A new withdrawal protocol of electronic cash system is designed by using our restrictive blind signature scheme, which is more efficient than the withdrawal protocol and is more appropriate for adopting pre processing and post processing.
基金This work was supported by the National Natural Science Foundation of China for Grant 60673127, the National High Technology Research and Development Program of China (863 Program) for Grant 2007AA01Z404, the Science & Technology Pillar Program of Jiangsu Province for Grant BE2008135, the Electronic Development Foundation of the Ministry of Information Industry, Funding of Jiangsu Innovation Program for Graduate Education for Grant CX10B112Z, Funding for Outstanding Doctoral Dissertation in NUAA for Grant BCXJ10-07, Research Funding of Nanjing University of Aeronautics and Astronautics for Grant NS2010101 and Jiangsu Province Postdoctoral Science Foundation. We wish to thank the above support, under which the present work is possible.
文摘Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature, based on the variants of E1Gamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.
基金The National Hi-Tech Research and Development Program (863) of China (No. 2005AA145110)The Pudong New Area Technology Innovation Public Service Platform of China (No. PDP2005-04)
文摘An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman (CDH) problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt's identity based signature (IBS) scheme is secure, which is proven true based on the CDH assumption in the standard model.
基金Supported by the National 973 Project of China(No.G1999035803)the National Natural Science Foundation of China (No.60373104)the National 863 Project of China (No.2002AA143021)
文摘The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content. This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player. However, he cannot forge the players to generate partial blind signatures (Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks). Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient.
基金supported by the National High-Tech Research and Development Plan of China under Grant Nos.863-317-01- 04-99, 2009AA01Z122 (863)the Natural Science Foundation of Shenyang City of China under Grant No. F10-205-1-12
文摘Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.
文摘Threshold blind signature is playing an important role in cryptography as well as in practical applications such as e-cash and e-voting systems, etc. In this paper, we present an efficient and practical threshold bind signature from Weil pairing on super-singular elliptic curves or hyper-elliptic curves over finite field and prove that our scheme is provably secure in the random oracle model.
文摘Aggregate signatures are a useful primitive which allows aggregating many signatures on different messages computed by different users into a single and constant-length signature and adapts to Mobile Ad hoc NETwork (MANETs) very much. Jumin Song, et al. presented an ID-based aggregate signature, applied it to MANETs and proposed a secure routing scheme. In this work, we analyze Jumin Song, et al.’s aggregate signature scheme and find some limitations on its batch verification. In addition, in this work, we apply Craig Gentry, et al.’s ID-based aggregate signature to on-demand routing pro-tocol to present a secure routing scheme. Our scheme not only provides sound authentication and a secure routing protocol in ad hoc networks, but also meets the nature of MANETs.
基金This paper is supported by the National Natural Science Foundation of China under Grant No. 61072140, 61373171 the Program of Introducing Talents of Discipline to Universities NO. B08038 the Specialized Research Fund for the Doctoral Program of Higher Education No. 20100203110003.
文摘Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a "single message and signature response" interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.
文摘随着量子计算技术的不断发展,依赖传统公钥密码体制三大功能(密钥协商/数字签名/公钥加密)的各种应用系统将不再安全.为应对量子威胁,以美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)为首的国际标准组织积极征集与部署后量子密码(Post Quantum Cryptography,PQC)算法的标准化工作,致力于在真正实用型量子计算机问世之前,提前完成传统公钥密码算法到PQC算法的迁移过渡.Crystals-Dilithium是NIST-PQC标准中的一种基于格的数字签名算法,其安全性高,运算速度快,是实现抵抗量子攻击数字签名算法的重要路径之一.本文从主流Crystals-Dilithium数字签名算法的理论基础出发,从底层关键组件的优化方法和整体硬件构架设计方法着手,围绕硬件资源优化和性能优化等现有方法和成果对比展开分析介绍,为研究者们后续研究探明方向,希望为设计性能与硬件资源均衡的后量子数字签名密码芯片提供有力参考.
基金supported in part by the National Key R&D Program of China (No.2021YFB2700600)the Finance Science and Technology Project of Hainan Province (No.ZDKJ2020009)+5 种基金the Hainan Province Science and Technology Special Fund (No.GHYF2022010)the National Natural Science Foundation of China (Grant Nos.62163011,62072092,62072093 and U1708262)the Fundamental Research Funds for the Central Universities (No.N2023020)the Natural Science Foundation of Hebei Province (No.F2020501013)the China Postdoctoral Science Foundation (No.2019M653568)the Key Research and Development Project of Hebei Province (No.20310702D).
文摘1 Introduction Identity privacy concerns hinder data sharing by casting doubt on the safeguarding of personal information,eroding trust,and impeding the willingness of individuals and organizations to exchange their data[1,2].The traceable ring signatures(TRSs)addresses the contradiction between identity privacy and regulation[3],no scheme has been developed thus far that is based on SM2,the Chinese cryptographic public key algorithm standard,without relying on centralized trust.
基金This work was supported by the National Natural Science Foundation of China(No.61662004,61772437,61702427)National Natural Science Foundation of Guangxi(No.2016GXNSFAA380215)+1 种基金Sichuan Youth Science and Technique Foundation(No.2017JQ0048)EU ICT COST CryptoAction(No.IC1306).
文摘The secure issues of APK are very important in Android applications.In order to solve potential secure problems and copyrights issues in redevelopment of APK files,in this paper we propose a new APK redevelopment mechanism(APK-SAN).By exploring sanitizable signature technology,APK-SAN allows the original developer to authorize specified modifier who can redevelop the designated source code of APK files.Our scheme does not require interactions between the developer and modifiers.It can reduce the communication overhead and computational overhead for developers.Especially,the signature of redeveloped APK files is valid and maintains the copyrights.The proposed APK-SAN signature can effectively protect the security of the redeveloped APK files and copyrights of the developer and modifier.
文摘The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols: initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.
