抗合谋攻击的服务器辅助验证签名方案

服务器辅助验证签名能有效降低签名验证的计算量,非常适用于计算能力较弱的低端计算设备,但大多数标准模型下的服务器辅助验证签名方案不能抵抗服务器和签名者的合谋攻击。为了改进服务器辅助验证签名方案的安全性能,提出了一个新的服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击和选择消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的同类签名方案。     

Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results

The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and Micali show how to realize off-line/on-line digital signature schemes by combining regular digital signatures with efficient one-time signatures. Later, Shamir and Tauman presented an alternative construction (which produces shorter signatures) obtained by combining regular signatures with chameleon hash functions. In this paper, we study off-line/on-line digital signature schemes both from a theoretic and a practical perspective. More precisely, our contribution is threefold. First, we unify the Shamir–Tauman and Even et al. approaches by showing that they can be seen as different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing is basically a one-time signature which satisfies such a weaker security notion. As a by-product of this result, we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call double-trapdoor) is actually a fully secure one-time signature. Next, we consider the task of building, in a generic fashion, threshold variants of known schemes: Crutchfield et al. proposed a generic way to construct a threshold off-line/on-line signature scheme given a threshold regular one. They applied known threshold techniques to the Shamir–Tauman construction using a specific chameleon hash function. Their solution introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. Here, we propose two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function. Our constructions are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption. Finally, we ran experimental tests to measure the difference between the real efficiency of the two known constructions for non-threshold off-line/on-line signatures. Interestingly, we show that, using some optimizations, the two approaches are comparable in efficiency and signature length.     

Security of the design of time-stamped signatures

To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp, we can neither trust signed documents when the signers' signature key was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that has accidentally lost his signature key. To withstand forward forgery suffered by linking schemes and to reduce verification cost, Sun et al. proposed four time-stamped signature schemes that are based on absolute temporal authentication. Though Sun et al. claimed that these schemes are quite secure against the forward forgery, we find that they suffered from substitution attacks, by which the signer can backward/forward forge signatures and the time-stamping service can also forge signatures. Finally, we also propose four time-stamped signature schemes to overcome these security flaws. Moreover, the proposed new schemes are more efficient than the Sun et al. schemes.     

An efficient and secure event signature (EASES) protocol for peer-to-peer massively multiplayer online games

In recent years, massively multiplayer online games (MMOGs) have become very popular by providing more entertainment and sociability than single-player games. In order to prevent cheaters to gain unfair advantages in peer-to-peer (P2P)-based MMOGs, several cheat-proof schemes have been proposed by using digital signatures. However, digital signatures generally require a large amount of computations and thus may not be practical for interactive real-time applications such as games. Based on the concept of one-time signature, we propose an efficient and secure event signature (EASES) protocol to efficiently sign discrete event messages with hash-chain keys. As most messages need only two hash operations to achieve non-repudiation and event commitment, usage of digital signatures is greatly reduced. We also describe a dynamic version of EASES that does not require the pre-production of hash-chain keys to reduce key preparation time and memory usage at the expense of a slight delay of message commitment. As shown by both analysis and experiments, the computation, memory, and bandwidth footprints of EASES are low, making it readily applicable to P2P-based MMOGs.     

Provably secure server-aided verification signatures

A server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. With the server-aided verification protocol, some computational tasks for a signature verification are carried out by a server, which is generally untrusted; therefore, it is very useful for low-power computational devices. In this paper, we first define three security notions for server-aided verification signatures, i.e., existential unforgeability, security against collusion attacks and security against strong collusion attacks. The definition of existential unforgeability includes the existing security requirements in server-aided verification signatures. We then present, on the basis of existing signature schemes, two novel existentially unforgeable server-aided verification signature schemes. The existential unforgeability of our schemes can be formally proved both without the random oracle model and using the random oracle model. We also consider the security of server-aided verification signatures under collusion attacks and strong collusion attacks. For the first time, we formally define security models for capturing (strong) collusion attacks, and propose concrete server-aided verification signature schemes that are secure against such attacks.     

VCFL: A verifiable and collusion attack resistant privacy preserving framework for cross-silo federated learning

To prevent privacy information leakage through model parameters in federated learning, many works use homomorphic encryption to protect clients’ updates. However, most of them result in significant computation and communication overhead. Even worse, few of them have considered the correctness of the aggregated results and collusion attack between internal curious clients and the server. In this paper, we propose VCFL, an efficient verifiable and collusion attack resistant privacy preserving framework for cross-silo federated learning. Firstly, we design a homomorphic signcryption mechanism to sign and encrypt model parameters in one go. Secondly, we employ the blinding technique to resist collusion attack between clients and the server. Moreover, we leverage the batching approach to further reduce its computation and communication overhead. Finally, we simulate VCFL in FedML on real world datasets and models. Extensive experimental results show that VCFL can guarantee model performance while protecting privacy, and it is more efficient in both computation and communication than similar frameworks.     

A New Batch Verifying Scheme for Identifying Illegal Signatures

The concept of batch verifying multiple digital signatures is to find a method by which multiple digital signatures can be verified simultaneously in a lower time complexity than separately verifying all the signatures.In this article,we analyze the complexity of the batch verifying schemes defined by Li,Hwang and Chen in 2010,and propose a new batch verifying multiple digital signature scheme,in two variants:one for RSA-by completing the Harn’s schema with an identifying illegal signatures algorithm,and the other adapted for a modified Elliptic Curve Digital Signature Algorithm protocol.     

Fair exchange signature schemes

In this paper a new class of fair exchange signature scheme (FESS) is proposed that allows two players to exchange digital signatures in a fair way. The new signature scheme is a general model and has various implementations based on most of the existing signature schemes; thus it may also be considered as an interesting extension of concurrent signature presented in EUROCRYPT 2004 that is constructed from ring signatures. In FESS, two unwakened signatures signed respectively by two participants can be veri...     

一种基于数字签名的网页原始性鉴别方法*

针对传统网页原始性鉴别方法效率低、安全性差等不足,基于数字签名技术提出了一种改进方案.确认管理员身份无误后,通过数字签名保证上传网页真实、可靠;Web服务器用自己的密钥对接收的文件进行数字签名;用户申请访问网页时,服务器通过验证数字签名鉴别网页的原始性.实验结果表明该方法是可行的,具有安全性好、准确率高等特点,为网页防窜改系统的设计提供了一种新方案.     

Secure biometric template generation for multi-factor authentication

In the light of recent security incidents, leading to compromise of services using single factor authentication mechanisms, industry and academia researchers are actively investigating novel multi-factor authentication schemes. Moreover, exposure of unprotected authentication data is a high risk threat for organizations with online presence. The challenge is how to ensure security of multi-factor authentication data without deteriorating the performance of an identity verification system? To solve this problem, we present a novel framework that applies random projections to biometric data (inherence factor), using secure keys derived from passwords (knowledge factor), to generate inherently secure, efficient and revocable/renewable biometric templates for users? verification. We evaluate the security strength of the framework against possible attacks by adversaries. We also undertake a case study of deploying the proposed framework in a two-factor authentication setup that uses users? passwords and dynamic handwritten signatures. Our system preserves the important biometric information even when the user specific password is compromised – a highly desirable feature but not existent in the state-of-the-art transformation techniques. We have evaluated the performance of the framework on three publicly available signature datasets. The results prove that the proposed framework does not undermine the discriminating features of genuine and forged signatures and the verification performance is comparable to that of the state-of-the-art benchmark results.     

An efficient quantum blind digital signature scheme

Recently, many quantum digital signature (QDS) schemes have been proposed to authenticate the integration of a message. However, these quantum signature schemes just consider the situation for bit messages, and the signing-verifying of one-bit modality. So, their signature efficiency is very low. In this paper, we propose a scheme based on an application of Fibonacci-, Lucas- and Fibonacci-Lucas matrix coding to quantum digital signatures based on a recently proposed quantum key distribution (QKD) system. Our scheme can sign a large number of digital messages every time. Moreover, these special matrices provide a method to verify the integration of information received by the participants, to authenticate the identity of the participants, and to improve the efficiency for signing-verifying. Therefore, our signature scheme is more practical than the existing schemes.     

数字签名批验证的新方法

文章提出了一种关于数字签名批验证的新方法,按此方法设计的批验证方程是动态方程,而以前的批验证方程是静态方程,仅是新的批验证方程的一个特例.按以前的批验证方法,只有少数几种数字签名被设计成批验证方式,结果都存在伪造攻击,是不安全的,而按新的批验证方法,每一种数字签名都可以被设计成批验证方式,而且符合安全批验证协议的要求.在执行新的批验证时,不会改变验证的计算模式和复杂度,只是可能会增加少许计算量,因此新的批验证设计方法是可行的.     

Fair exchange of valuable information: A generalised framework

This paper aims to propose a general framework for fair exchanges of valuable information through digital signatures and cryptographic keys over networks, which are essential for e-commerce (electronic commerce) applications to prevent fraudulent or unfair on-line activities. This new framework incorporates a set of signature schemes as primitives, offers three generalised functions for the generation, verification and recovery of verifiably encrypted signatures and keys using these signature schemes, and provides a generic protocol built on these thee functions to accomplish various fair exchange scenarios of valuable information. The security analysis of the framework is also presented to confirm its assurance of fairness in exchange. Moreover, a comparison with related work is carried out to demonstrate the novel features of the framework, which can be highlighted by a good blend of generality, flexibility, efficiency and simplicity offered by the framework.     

Universal forgery on Sekhar's signature scheme with message recovery

Owing to the abundance of electronic applications of digital signatures, many additional properties are needed. Recently, Sekhar [Sekhar, M. R. (2004). Signature scheme with message recovery and its application. Int. J. Comput. Math., 81(3), 285–289.] proposed three signature schemes with message recovery designed to protect the identity of the signer. In this setting, only a specific verifier can check the validity of a signature, and he can transmit this conviction to a third party. In this note, we show that this protocol is totally insecure, as it is universally forgeable under a no-message attack. In other words, we show that anyone can forge a valid signature of a user on an arbitrary message. The forged signatures are unconditionally indistinguishable (in an information theoretical sense) from properly formed signatures.     

Reactively secure signature schemes

Protocols for problems like Byzantine agreement, clock synchronization, or contract signing often use digital signatures as the only cryptographic operation. Proofs of such protocols are frequently based on an idealizing “black-box” model of signatures. We show that the standard cryptographic security definition for digital signatures is not sufficient to ensure that such proofs are still valid if the idealized signatures are implemented with real, provably secure signatures. We propose a definition of signature security suitable for general reactive, asynchronous environments, called reactively secure signature schemes, and prove that, for signature schemes where signing just depends on a counter as state, the standard security definition implies our definition. We further propose an idealization of digital signatures that can be used in a reactive and composable fashion, and we show that reactively secure signature schemes constitute a secure implementation of our idealization.     

封闭阈下信道的若干新型签名方案

1983年,Simmons[1]提出了阈下信道的概念,并阐述了如何在一个可认证的消息中隐藏一个秘密信息。1985年和1994年,Simmons分别描述了如何利用EIGamal签名方案和DSS建立阈下信道并指出了阈下信道的若干应用[2-5],1998年笔者在参考文献[6]中建立了三个封闭阈下信道的签名方案。该文又利用有向签名、代理签名和多重签名方法建立了三个封闭阈下信道签名的新型方案。     

Scalable trusted online dissemination of JPEG2000 images

An important aspect of JPEG2000 is its “compress once, decompress many ways” property [1], i.e., it allows users with different preferences, privileges or capabilities to extract various sub-images all from a single compressed image code-stream. In this paper, we present a flexible and scalable scheme to authenticate JPEG2000 images disseminated by a untrusted third-party server over open networks. The proposed scheme is fully compatible with JPEG2000 and possesses a “sign once, verify many ways” property, i.e., it allows users to verify the authenticity and integrity of different sub-images extracted from a single compressed code-stream protected with a single digital signature. Furthermore, the use of aggregated digital signatures reduces both computation and communication overhead on the user side for batch image authentication.     

代理签名与阈下信道的封闭

1983年,Simmons1提出了阈下信道的概念,并阐述了如何在一个可认证的消息中隐藏一个秘密信息.1985年和1994年,Simmons分别描述了如何利用ElGamal签名方案和 DSS建立阈下信道并指出了阈下信道的若干应用2－3,1998年和2000年笔者分别在文献4和文献5中共建立了六个封闭阈下信道的签名方案.文章将基于代理多重签名和一次性代理签名又建立了两个封闭阈下信道的新型签名方案.     

Server-aided signatures verification secure against collusion attack

Wireless handheld devices are increasingly popular. The authenticity of the information or a program to be downloaded is important, especially for business uses. In server-aided verification (SAV), a substantial part of the verification computation can be offloaded to an untrusted server. This allows resource-constrained devices to enjoy the security guarantees provided by cryptographic schemes, such as pairing-based signatures, which may be too heavyweight to verify otherwise.To gain unfair advantage, an adversary may bribe (or collude with) the server either to convince that an invalid signature is a valid one or to claim that a valid signature is invalid (say for providing repudiable information/commitment, or spoiling an opponent's offer). However, these concerns are not properly captured by existing models.In this paper, we infer the meaning behind and point out the subtleties in existing models; and propose a new model to capture the collusion attack. We also show that two existing schemes are insecure in their own model. Finally, we provide a generic pairing-based SAV protocol. Compared with the protocol of Girault–Lefranc in Asiacrypt '05, ours provides a higher level of security yet applicable to a much wider class of pairing-based cryptosystems. In particular, it suggests SAV protocols for short signatures in the standard model and aggregate signatures which have not been studied before.     

具有消息认证功能的多重数字签名方案

根据具有消息认证功能的数字签名方案设计了两种新的基于离散对数问题的有序多重数字签名方案和广播多重数字签名方案。新的方案具有简单的初始化过程，在签名时具有随机性，在签字和验证方程中无须求逆，且具有消息认证功能。具有更高的实用性和安全性。