抵抗共谋攻击的服务器辅助验证签名方案

为了使服务器辅助验证算法一次能够验证由不同私钥签名的多个消息,提出了一个基于聚合签名的服务器辅助验证方案,由服务器执行验证算法中计算代价大的对运算,有效的减少了验证阶段的计算量。在服务器可知道签名密钥的假设下,证明了该方案在共谋和选择性消息攻击下是安全的。     

一种有效的无证书环签密方案

环签密是一个重要的密码学术语,它结合了加密和环签名的功能,具有保密性、可认证性和匿名性等安全属性。目前已有的无证书环签密方案大都是在随机预言模型下提出的,然而在该模型下可证安全的方案在哈希函数实例化后有时却并不安全。针对这一问题,设计了一个标准模型下可证安全的无证书环签密方案,并通过计算DiffieHellman(CDH)困难问题假设和判定性Diffie-Hellman(DBDH)困难问题假设,证明了方案满足适应性选择密文攻击下的不可区分性以及适应性选择消息攻击下存在的不可伪造性,因而方案是安全有效的。     

分布式无中心授权的属性基可变门限环签名

基于属性的环签名具有表达能力强、使用灵活、便于隐匿签名者身份等优点,因此逐渐成为相关领域的研究热点.分析结果表明,现有方案大多无法同时具备无条件强匿名性和抗合谋攻击性,并且存在属性密钥托管、签名门限固定、验证效率低下等问题.针对上述不足,首先给出分布式属性基门限环签名方案的形式化定义和安全模型,然后提出一个分布式无中心授权的属性基可变门限环签名方案.该方案采用分布式密钥生成协议,分散了属性授权机构权限,解决了属性密钥托管问题;通过在属性密钥中嵌入用户身份标识,在签名中引入用户身份模糊因子的方式,使该方案同时具备无条件强匿名性和抗合谋攻击性.另外,提出了一种适用于该方案的批验证算法,能够将验证计算量由nO（·）降为O（·）+n（其中,n为待验证签名的数量）,有效提高了验证效率.在随机预言机模型和CDH困难问题假设下,该方案被证明在适应性选择消息和断言攻击下是存在性不可伪造的,并且能够抵抗由拥有互补属性集合的恶意成员发动合谋攻击.     

标准模型下可证安全的基于身份门限环签名

在门限环签名中,任意n个成员组中的t个成员可以代表整个成员组产生(t,n)门限环签名,而对实际的签名者却具有匿名性。目前,基于身份的门限环签名方案大都是在随机预言模型下对其安全性进行证明的,然而在随机预言模型下可证安全的方案却未必是安全的,因此设计标准模型下的门限环签名方案更有意义。利用双线性对技术,提出了一种安全、高效的基于身份门限环签名方案,并在标准模型下基于计算Diffie-Hellman难问题证明方案满足适应性选择消息和身份攻击下的存在不可伪造性;同时,也对方案的无条件匿名性进行了证明。     

基于身份的服务器辅助验证部分盲签名方案

为了克服基于身份部分盲签名方案的安全性依赖强和签名验证计算开销大等缺陷,结合基于身份的部分盲签名和服务器辅助验证签名,提出了基于身份的服务器辅助验证部分盲签名体制,将签名验证的大部分计算任务委托服务器执行,有效减少了验证者的计算开销。利用双线性映射,设计了一个具体的基于身份服务器辅助验证部分盲签名方案,并在标准模型下证明所提方案是安全的。分析结果表明,所提方案大幅降低了签名验证算法的计算复杂度,在效率上优于Li方案（LI F,ZHANG M,TAKAGI T.Identity-based partially blind signature in the standard model for electronic cash.Mathematical and Computer Modelling,2013,58(1):196-203）和Zhang方案（ZHANG J,SUN Z.An ID-based server-aided verification short signature scheme avoid key escrow.Journal of Information Science and Engineering,2013,29(3):459-473）。     

抗合谋攻击的服务器辅助验证签名方案

服务器辅助验证签名能有效降低签名验证的计算量,非常适用于计算能力较弱的低端计算设备,但大多数标准模型下的服务器辅助验证签名方案不能抵抗服务器和签名者的合谋攻击。为了改进服务器辅助验证签名方案的安全性能,提出了一个新的服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击和选择消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的同类签名方案。     

基于身份的签名和可验证加密签名方案*

基于双线性对,提出了一个基于身份的签名方案,在计算性D iffie-Hellman问题困难的假设下,证明了该方案在随机预言机模型下抗适应性选择消息和身份攻击。基于提出的方案,构造了一个可证安全的可验证加密签名方案,其不可伪造性依赖于提出的基于身份的签名方案,不透明性依赖于基于身份的签名方案和BLS短签名。与已有方案相比,该方案的优势是基于身份,不需要证书,从而简化了密钥管理。     

基于身份部分盲签名方案的分析与改进

部分盲签名致力于解决匿名性和可控性之间的矛盾，在保护用户隐私的同时又能在必要时追溯用户身份。目前基于身份的部分盲签名方案中普遍存在公共信息被篡改的问题。通过对刘二根的方案的安全性分析，指出其方案中用户可以非法修改公共信息。在此基础上，提出一个改进的基于身份的部分盲签名方案。在随机预言模型下，基于离散对数困难问题，证明了方案在满足部分盲性的同时，能有效抵抗适应性选择消息下的存在性伪造攻击。新方案没有使用计算开销较大的双线性对运算，且克服了公共信息被篡改的缺陷，与现有方案相比，在安全和效率方面都有显著提高。     

Server-aided signatures verification secure against collusion attack

Wireless handheld devices are increasingly popular. The authenticity of the information or a program to be downloaded is important, especially for business uses. In server-aided verification (SAV), a substantial part of the verification computation can be offloaded to an untrusted server. This allows resource-constrained devices to enjoy the security guarantees provided by cryptographic schemes, such as pairing-based signatures, which may be too heavyweight to verify otherwise.To gain unfair advantage, an adversary may bribe (or collude with) the server either to convince that an invalid signature is a valid one or to claim that a valid signature is invalid (say for providing repudiable information/commitment, or spoiling an opponent's offer). However, these concerns are not properly captured by existing models.In this paper, we infer the meaning behind and point out the subtleties in existing models; and propose a new model to capture the collusion attack. We also show that two existing schemes are insecure in their own model. Finally, we provide a generic pairing-based SAV protocol. Compared with the protocol of Girault–Lefranc in Asiacrypt '05, ours provides a higher level of security yet applicable to a much wider class of pairing-based cryptosystems. In particular, it suggests SAV protocols for short signatures in the standard model and aggregate signatures which have not been studied before.     

格上基于身份的代理签名方案

为抵抗量子计算攻击,降低代理签名中用户私钥泄露的风险,构造了一个格上基于身份的代理签名方案.方案的设计基于安全高效的GPV签名框架,结合用户身份信息生成验证公钥,使用格基委派技术生成用户签名私钥,并使用盆景树代理委托算法提升签名效率.方案的安全性可规约至格上最小整数解问题,满足基于身份代理签名的安全属性,且在随机谕言和量子随机谕言下均具有存在性不可伪造性.     

Improved convertible authenticated encryption scheme with provable security

Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated recipient to reveal an ordinary signature for dealing with a later dispute over repudiation. Based on the ElGamal cryptosystem, in 2009, Lee et al. proposed a CAE scheme with only heuristic security analyses. In this paper, we will demonstrate that their scheme is vulnerable to the chosen-plaintext attack and then further propose an improved variant. Additionally, in the random oracle model, we prove that the improved scheme achieves confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA).     

Efficient attribute-based signature and signcryption realizing expressive access structures

This paper addresses the open problem of designing attribute-based signature (ABS) schemes with constant number of bilinear pairing operations for signature verification or short signatures for more general policies posed by Gagné et al. in Pairing 2012. Designing constant-size ABS for expressive access structures is a challenging task. We design two key-policy ABS schemes with constant-size signature for expressive linear secret-sharing scheme (LSSS)-realizable monotone access structures. Both the schemes utilize only 3 pairing operations in signature verification process. The first scheme is small universe construction, while the second scheme supports large universes of attributes. The signing key is computed according to LSSS-realizable access structure over signer’s attributes, and the message is signed with an attribute set satisfying the access structure. Our ABS schemes provide the existential unforgeability in selective attribute set security model and preserve signer privacy. We also propose a new attribute-based signcryption (ABSC) scheme for LSSS-realizable access structures utilizing only 6 pairings and making the ciphertext size constant. Our scheme is significantly more efficient than existing ABSC schemes. While the secret key (signing key or decryption key) size increases by a factor of number of attributes used in the system, the number of pairing evaluations is reduced to constant. Our protocol achieves (a) ciphertext indistinguishability under adaptive chosen ciphertext attacks assuming the hardness of decisional Bilinear Diffie–Hellman Exponent problem and (b) existential unforgeability under adaptive chosen message attack assuming the hardness of computational Diffie–Hellman Exponent problem. The security proofs are in selective attribute set security model without using any random oracle heuristic. In addition, our ABSC achieves public verifiability of the ciphertext, enabling any party to verify the integrity and validity of the ciphertext.     

Certificateless undeniable signature scheme

In this paper, we present the first certificateless undeniable signature scheme. The scheme does not suffer from the key escrow problem, which is inherent in identity based cryptosystems. Also it can avoid the onerous management of certificates. Particularly, by using some cryptographic and mathematical techniques, we guarantee that the scheme’s two component protocols satisfy the properties of zero-knowledge proofs. To address the security issues, we extend security notions of undeniable signatures to the complex certificateless setting, and consider two different types of adversaries. Based on these formally defined security notions, we prove that in the random oracle model, the certificateless undeniable signature scheme is secure in the sense of existential unforgeability under the Bilinear Diffie-Hellman assumption, and is secure in the sense of invisibility under the Decisional Bilinear Diffie-Hellman assumption.     

Simulatability and security of certificateless threshold signatures

We analyze the relationship between the notion of certificateless public key cryptography (CL-PKC) and identity-based schemes without a trusted private key generator (PKG), formally define the security of certificateless threshold signatures, and propose a concrete implementation based on bilinear pairings. To exhibit the security of our proposal, we develop the theory of simulatability and relationship between the certificateless threshold signatures and the underlying (non-threshold) ID-based signatures. We show that the proposed scheme is robust and existentially unforgeable against adaptively chosen message attacks under CDH assumption in the random oracle model.     

An efficient short certificate-based signature scheme

Certificate-based cryptography combines the merits of traditional public key infrastructure (PKI) and identity-based cryptography. It does not have the key escrow problem in identity-based cryptography, and eliminates the certificate revocation problem and third-party queries in traditional PKI. In this paper, we first refine the security model of certificate-based signatures introduced in EuroPKI’07. We then present a short certificate-based signature scheme, which is proven to be existentially unforgeable against adaptive chosen message attacks in the random oracle model. Our scheme requires only one pairing operation (and three pre-computable pairing operations) in signature generation and verification. In addition, the signature size of our scheme is only one group element. To the best of our knowledge, the signature size of our scheme is the shortest and the computational cost is the lowest when compared with other concrete certificate-based signature schemes in the literature. This makes our scheme possess strong applicability in situations with limited bandwidth and power-constrained devices.     

Forgeability of Wang-Zhu-Feng-Yau’s Attribute-Based Signature with Policy-and-Endorsement Mechanism

Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffe-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et al.’s scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.’s proof.     

基于身份聚合签名方案的安全性分析与改进

聚合签名是一种将n个来自不同的签名者对n个不同的消息m的签名聚合成一个单一的签名的数字签名技术。分析了两种签名方案,证明了这两个基于身份聚合签名方案的不安全性。在此基础上,利用双线性技术,提出了改进的基于身份的聚合签名方案。在随机预言模型下,基于Diffie-Hellman问题的计算困难性,证明了提出方案在适应性选择消息和身份攻击下的不可伪造性。     

高效安全的基于身份的部分盲签名方案

部分盲签名允许签名者在盲签名中明确地嵌入预先协商好的公共信息而不失盲性,它克服了完全盲签名和受限盲签名的缺点。对于目前基于身份的部分盲签名方案中普遍存在效率及安全性不高的问题,提出了一个新的高效安全的基于身份的部分盲签名方案。通过利用选择目标计算性Diffie-Hellman假设和有效地使用预计算,使得方案不仅在随机预言机模型下对自适应选择消息和身份攻击具有不可伪造性,而且降低了总的计算复杂度。与现有的随机预言模型下基于身份的部分盲签名方案比较,所提方案效率最高,比Chow方案(CHOW S,HUI L,YIU S. Two improved partially blind signature schemes from bilinear pairings［C］// Proceedings of ACISP'05. Berlin: Springer-Verlag,2005:316-328.)和何方案(何俊杰,孙芳,祁传达.基于身份部分盲签名方案的分析与改进［J］.计算机应用,2013,33(3)：762-765.),计算效率分别提高约64.1%和13.2%。因此,该方案能够提高电子投票、电子现金等系统的效率和安全性。     

一个新的基于身份的聚合签名方案

聚合签名由Boneh等人提出,主要是通过聚合多个签名为一个签名,来提高签名与验证的效率。提出一个新的基于身份的聚合签名方案。与Xu等人的同类方案相比,新方案在签名和验证时各少一次对运算,显著提高了计算效率。在Computational Diffie -Hellman (CDH)问题困难性假设下,提出的聚合签名在随机预言机模型下能抵抗存在性伪造攻击。此外,针对最近由Chcn等人提出的聚合签名方案给出一种攻击方法,指出其不能抵杭存在性伪造攻击。     

一种新的高效的无证书广播多重签名方案

为了克服已有方案存在的计算开销大的缺陷,利用双线性对在广播性质上构造了一种新的无证书多重签名方案,并给出了无证书广播多重签名的形式化定义及安全模型。在计算性Diffie-Hellman困难性假设下,证明了新方案在随机预言模型下满足不可伪造性。最后,由效率分析及仿真实验表明,新方案与同类方案相比,在签名人数增加的同时仍然具有较高效率。此外,扩展了多消息的无证书广播多重签名方案满足正确性与安全性。