基于并发签名的公平交易协议的分析与改进

针对一个基于完美并发签名的公平交易协议,分析指出此协议在假设参与双方都诚实可信的情况下不满足不可滥用性,即双方交换2个模糊签名及相关交易数据后,在秘密消息公布之前,任何人都能辨认出是谁签了哪一个签名.进而,提出了一个新的改进方案,改进的方案不仅弥补了原方案的缺陷,实现了不可滥用性,同时保持了原协议的公平性、不可否认性以及简洁高效的特性.     

基于签密的多方认证邮件协议

签密方案可以在一个逻辑步骤内同时实现签名和加密,可以有效地减少运算.本文在已有的两方签密方案的基础上结合组可验证的签密方案,提出了一种新的、可用于多方认证邮件协议的签密方案,进而设计出了异步的一对多的认证邮件协议,并证明了该协议的公平性与非否认性.文中还通过与已有协议进行比较,阐述了新协议的优点.     

强不可伪造的基于身份服务器辅助验证签名方案

标准模型下的基于身份签名方案大多数是存在性不可伪造的,无法阻止攻击者对已经签名过的消息重新伪造一个合法的签名,并且验证签名需要执行耗时的双线性对运算。为了克服已有基于身份签名方案的安全性依赖强和计算代价大等缺陷,提出了一个强不可伪造的基于身份服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击、自适应选择身份和消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的基于身份签名方案。     

通用可组合公平安全多方计算协议简

在通用可组合框架下研究安全多方计算的公平性问题。在UC框架下,提出公平安全多方计算的安全模型。在模型中形式化定义了公平安全多方加法计算理想函数 和公平安全多方乘法计算理想函数 。然后,基于双线性对技术和承诺方案理想函数 ,在 -混合模型下分别设计公平加法协议 和公平乘法协议 安全实现理想函数 和 。最后,性能分析表明所提协议的有效性,能更好地满足应用需求。     

一种基于无证书的多方合同签署协议的安全性分析与改进

2019年,曹等人(doi: 10.11999/JEIT190166)提出了一个适用于多方合同签署环境中高效的无证书聚合签名方案,并证明了该方案在随机预言模型下存在不可伪造性。然而,通过安全性分析发现,该方案无法抵抗替换公钥攻击和内部签名者的联合攻击。为了解决上述安全缺陷,该文提出一个改进的无证书聚合签名方案。新方案不仅在随机预言模型下基于计算性Diffie-Hellman问题满足不可伪造性,同时也能够抵抗联合攻击。     

对一种群签名方案的安全性分析

1998年,Lee 和Chang提出了一种基于离散对数问题的群签名方案。Tseng 和Jan,敖等[3]分别在此基础上给出了新的改进方案。本文对Tseng-Jan方案[2]Ⅱ和敖等[3]的方案进行了分析,通过构造伪造签名,指出这两种方案存在着安全漏洞。     

一种新的无证书可认证多方密钥协商协议

Joux提出的三方密钥协商方案虽然简洁、高效,但不能抵抗中间人攻击。基于无证书公钥密码体制,提出一种新的无证书可认证多方密钥协商方案,新方案将Joux的三方协议拓展至多方,并且具有认证功能。由于新方案中所用的签名为短签名,所以整个认证过程计算效率较高,另外,新方案还具有简单证书管理、无密钥托管的优点,新方案满足无密钥控制、抗中间人的主动攻击、前向安全性和抗密钥泄露伪装攻击等多种安全特性。     

一个安全的门限代理签名方案

针对现有的门限代理签名方案中所存在的合谋攻击,提出了一个安全的门限代理签名方案。合谋攻击是指在不知道任何有效的门限代理签名的情况下, 恶意代理成员人数大于或等于门限值时, 他们能合谋重新构造代理群的秘密多项式函数, 得到代理群的秘密参数, 从而可以伪造其他代理成员的代理签名。提出的新方案不仅能满足门限代理签名的性质,而且能抵抗合谋攻击。另外,该方案能根据原始签名人的需要,撤消代理签名人的代理签名权。     

限制联合验证者签名

基于门限的思想,该文提出一种新签名方案限制联合验证者签名的精确定义和安全模型,并构造了一个有效的限制联合验证者签名方案。新方案支持将消息的知情权和签名的验证权控制给t个验证者,并且当且仅当t个验证者合作才能验证签名,同时签名的长度不随验证者的增加而增加。在随机预言模型下,新方案达到了所需的安全要求。     

系统中心控制和多方参与的安全盲签名

为了满足电子现金、电子招投标等特殊系统的安全性需求,在研究分析椭圆曲线密码、自认证公钥、位委托协议和Nyberg-Rueppel签名方案的基础上,设计了一种系统中心控制和多方参与的安全盲签名方案,并对该方案的正确性、安全性进行了必要分析和证明。     

Generalization of perfect concurrent signatures

Recently,Susilo et al.’s perfect concurrent signature scheme(PCS1) and Wang et al.’s improved perfect concurrent signature scheme(iPCS1) are proposed,which are considered as good improvements on concurrent signatures,and they adopt the same algorithms.In this paper,we develop generic perfect concurrent signature algorithms of which Susilo et al.and Wang et al.’s algorithms turn out to be a special instance.We also obtain numerous new,efficient variants from the generic algorithms which have not been proposed before.To display the advantage of these variants,a modified privacy-preserving PCS protocol is given.It shows that the new variants adapt to the protocol well and can form concrete privacy-preserving PCS schemes,while the original algorithms do not.Security proofs and efficiency analysis are also given.     

利用双线性对构造的面向电子商务的同时签密

Concurrent signature was introduced as an efficient approach to solving the problem of fair exchange of signatures. Almost all fair exchange e-commerce protocols based on concurrent signature that have been proposed until now either do not provide message privacy protection or adopt the sign-then-encrypt scheme to provide confidentiality. However, confidentiality is an important requirement of fair exchange e-commerce protocol. In this paper, a new concept called concurrent signcryption which combines the concepts of concurrent signature and signcryption together to resolve the confidentiality problem in e-commerce systems based on concurrent signature. We also propose a concurrent signcryption scheme using bilinear pairings and prove its security in the random oracle model. Compared with the sign-then-encrypt scheme using bilinear pairings, our scheme enjoys shorter message length and less operation cost. Moreover, in our scheme the two ambiguous signcryptions can be published in any order.     

Cryptanalysis of the blind signatures based on the discretelogarithm problem

Carmenisch et al. proposed a blind signature scheme based on the discrete logarithm during the rump session of Eurocrypt '94. Horster et al. generalised this approach to design the Meta blind signature schemes. The author points out that these schemes cannot provide true blind signatures     

New concurrent digital signature scheme based on the computational Diffie-Hellman problem

Based on strong designated verifiers signatures, a new fair concurrent signature scheme is proposed. Compared with the previous concurrent signature schemes, even if a keystone must be chosen by the initial signer, the matching signer will easily get the keystone through an extraction algorithm. Due to the property of strong designate verifying, the initial signer couldn't make use of the keystone prepared carefully to deceive the matching signer. Then the matching signer is able to participate actively the signature scheme. Besides, there aren't bilinear operations in the keystone algorithm to deliver the keystone efficiently. Therefore the efficiency of our signature scheme is also improved.     

基于离散对数的若干新型代理签名方案

本文基于离散对数提出了一个新型代理签名方案和一个代理多重签名方案.新方案满足如下性质:1.签名收方验证代理签名与验证原始签名的方式相同;2.签名收方容易区别代理签名和原始签名,即新方案可以对代理签名者的代理签名权和原始签名权进行有效地分离;3.原始签名人和代理签名人对其签名不可否认;4.多个合法签名人可将签名权同时委托给某个人实施代理多重签名.     

Signing a digital signature without using one-way hash functions and message redundancy schemes

In 2000, Shieh et al. proposed some multisignature schemes based on a new digital signature scheme to satisfy the special requirements of the mobile system. In these schemes, one-way hash functions and message redundancy schemes are not used. Later, Hwang and Li indicated that Shieh et al.'s digital signature scheme suffers from the forgery attacks. They also claimed that message redundancy schemes should still be used to resist some attacks. In this letter, we show another attack on Shieh et al.'s signature scheme and propose a secure digital signature scheme, where neither one-way hash functions nor message redundancy schemes are employed.     

A new efficient ID-based proxy blind signature scheme

In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting, e-payment, etc. Recently, Zheng, etal. presented an IDentity （ID）-based proxy blind signature. In this paper, a new efficient ID-based proxy blind signature scheme from bilinear pairings is proposed, which can satisfy the security properties of both the proxy signatures and the blind signature schemes. Analysis of the scheme efficiency shows that the new scheme is more efficient than Zheng, et al.＇s scheme. The proposed scheme is more practical in the real world.     

A short ID‐based proxy signature scheme

The notion of identity‐based proxy signature with message recovery feature has been proposed to shorten identity‐based proxy signatures and improve their communication overhead because signed messages are not transmitted with these kinds of signatures. There are a few schemes for this notion: the schemes of Singh and Verma and Yoon et al. Unfortunately, Tian et al., by presenting two forgery attacks, show that Singh and Verma scheme is not secure, and also, the scheme of Yoon et al. does not support provable security. The contributions of this paper are twofold. First, we review the scheme by Yoon et al. and discuss why it does not have message recovery property, and consequently, it is not short. Second, we propose a short identity‐based proxy signature scheme with the help of message recovery property and show that it is secure under computational Diffie–Hellman assumption in the random oracle model. Furthermore, our scheme is more efficient than (as efficient as) previous identity‐based proxy signatures. Copyright © 2014 John Wiley & Sons, Ltd.