Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results

The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and Micali show how to realize off-line/on-line digital signature schemes by combining regular digital signatures with efficient one-time signatures. Later, Shamir and Tauman presented an alternative construction (which produces shorter signatures) obtained by combining regular signatures with chameleon hash functions. In this paper, we study off-line/on-line digital signature schemes both from a theoretic and a practical perspective. More precisely, our contribution is threefold. First, we unify the Shamir–Tauman and Even et al. approaches by showing that they can be seen as different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing is basically a one-time signature which satisfies such a weaker security notion. As a by-product of this result, we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call double-trapdoor) is actually a fully secure one-time signature. Next, we consider the task of building, in a generic fashion, threshold variants of known schemes: Crutchfield et al. proposed a generic way to construct a threshold off-line/on-line signature scheme given a threshold regular one. They applied known threshold techniques to the Shamir–Tauman construction using a specific chameleon hash function. Their solution introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. Here, we propose two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function. Our constructions are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption. Finally, we ran experimental tests to measure the difference between the real efficiency of the two known constructions for non-threshold off-line/on-line signatures. Interestingly, we show that, using some optimizations, the two approaches are comparable in efficiency and signature length.     

强不可伪造的在线/离线签名方案

针对标准模型下签名方案效率低的问题,利用目标抗碰撞杂凑函数和变色龙哈希函数,提出了一种在线/离线签名方案。在签名消息到来之前,离线阶段进行重签名的大部分计算,并将这些运算结果保存起来;在签名消息到来时,利用离线阶段保存的数据能在很短的时间内生成消息的在线重签名。在标准模型下,证明了新方案在适应性选择消息攻击下满足强不可伪造性。分析结果表明,新方案在效率上优于已有的标准模型下签名方案,在线签名算法仅需要1次模减法运算和1次模乘法运算,适合于计算能力较弱的低端计算设备。     

Chameleon Hashes Without Key Exposure Based on Factoring

Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem： non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure-free chameleon hashes have been constructed based on RSA assumption and SDH （strong Diffie-Hellman） assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.     

Discrete logarithm based chameleon hashing and signatures without key exposure

Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message. However, the initial constructions of chameleon signatures suffer from the key exposure problem of chameleon hashing. This creates a strong disincentive for the recipient to compute hash collisions, partially undermining the concept of non-transferability. Recently, some constructions of discrete logarithm based chameleon hashing and signatures without key exposure are presented, while in the setting of gap Diffie–Hellman groups with pairings.In this paper, we propose the first key-exposure free chameleon hash and signature scheme based on discrete logarithm systems, without using the gap Diffie–Hellman groups. This provides more flexible constructions of efficient key-exposure free chameleon hash and signature schemes. Moreover, one distinguishing advantage of the resulting chameleon signature scheme is that the property of “message hiding” or “message recovery” can be achieved freely by the signer, i.e., the signer can efficiently prove which message was the original one if he desires.     

一种新的基于身份的变色龙数字签名方案

变色龙签名是一种非交互的数字签名，基于“先哈希后签名”的范式。其中使用的哈希函数是一种特殊的陷门单向哈希函数――变色龙哈希。变色龙签名与普通数字签名的不同之处在于不可传递性。应用双线性对，提出了一个新的基于身份的变色龙签名方案。新方案构造简洁，在随机预言模型下是安全的。     

基于双线性对的Chameleon签名方案

Chameleon签名方案是一种利用Hash-and-Sign模式的非交互签名方案,并且具有不可转移性,只有指定的接收者才可以确信签名的有效性.利用双线性对提出了一种新的Chameleon Hash函数,并在此基础上构建了相应的基于身份的Chameleon签名方案.与传统的Chameleon Hash函数相比,该方案中的Hash函数公钥所有者无须获取相应私钥,除非它企图伪造签名.该方案不但具有通常Chameleon签名方案的所有特点,而且具有基于身份密码系统的诸多优点.     

Generic Transformation from Weakly to Strongly Unforgeable Signatures

Current techniques for transforming unforgeable signature schemes （the forged message has never been signed） to strongly unforgeable ones （the forged message could have been signed） require supplementary components to be added onto the original key pairs of the schemes. In addition, some of them can only be applied to a certain type of signature schemes. In this paper, we propose a new generic transformation technique which converts any unforgeable signature scheme into a strongly unforgeable one without modifying any component in the original key pair. This makes our technique especially compatible for practical use. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of current ones. Besides, it is shown in this paper that our transformation can further be applied to schemes satisfying only a weak variant of unforgeability without any further modification. Furthermore, our technique can also be used for constructing strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-line signature scheme, which possesses a very efficient signing process.     

Chameleon hash without key exposure based on Schnorr signature

Based on the famous Schnorr signature scheme, we propose a new chameleon hash scheme which enjoys all advantages of the previous schemes: collision-resistant, message-hiding, semantic security, and key-exposure-freeness.     

高效的无证书的在线/离线签密方案

在线/离线签密方案具有资源耗费小的特点,但已有的在线/离线签密方案大多是是基于证书的密码体制或者基于身份的密码体制提出的,都存在证书的管理问题或密钥的托管问题。基于无证书密码体制的优点,提出了一种高效的无证书的在线/离线签密方案。分析表明,该方案不需要证书的管理,也没有密钥的托管问题,满足签密所要求的所有性质,且在效率上优于已有的基于身份的在线/离线签密方案以及无证书的签密方案。     

Efficient and provably-secure certificateless short signature scheme from bilinear pairings

Certificateless public key cryptography is a recently proposed attractive paradigm which combines advantages of both certificate-based and ID-based public key cryptosystems as it avoids usage of certificates and does not suffer from key escrow. In this paper, we present a certificateless signature (CLS) scheme that is proved to be secure in the random oracle model under the hardness assumptions of k-CAA and Inv-CDHP. Our scheme upholds all desirable properties of previously proposed CLS schemes, and requires general cryptographic hash functions instead of the MapToPoint hash function which is inefficient. Furthermore, our scheme is significantly more efficient than all known CLS schemes, and the size of signatures generated by our scheme is approximate 160 bits, which is the shortest certificateless signatures so far. So it can be used widely, especially in low-bandwidth communication environments.     

基于群盲签名的离线的公平电子现金方案

电子支付具有传统支付方式(现金、支票、信用卡等)的优点,同时克服了传统货币的一些缺陷,成为电子商务的核心技术和关键环节。近年来,人们提出了许多不同的密码体制用于构造电子现金系统(在线的或离线的)但这些方案要么效率不高,要么安全性能不够好。为了克服这些缺陷,提出了一种有效的基于群(?)签名的离线电子现金系统。该方案能很好地满足效率和安全需求,同时能很好的解决电子现金中遇到的二次付费问题。     

强前向安全的代理签名方案

前向安全代理签名方案无法保证代理者密钥泄漏后未来时段代理签名的安全性。基于单向散列链,对王天银等提出的前向安全代理签名方案进行了改进,使该方案的代理签名具有强前向安全性：即使代理密钥被泄露,攻击者也无法伪造过去和未来时段的代理签名,并且具有密钥泄露检测功能。     

一种基于身份证书的数字签名方案设计

在分析了基本数字签名方法的基础上，本文设计并实现了基于离散对数困难问题（DLP）、辅以Hash函数和公钥证书进行签名和验证签名的数字签名方法。它在随机Oracle模式下是安全的且签名方进行签名只需要一次指数运算、一次模乘运算和一次加法运算，在线计算量则只需一次乘法和一次加法，因而是高效的且适合智能卡的应用。     

一种高效的门限部分盲签名方案

现有的门限签名方案使用一些低效的MapToPoint哈希函数,难以避免因多次使用哈希函数而带来的安全性危害。为此,将门限签名和部分盲签名相结合,提出一种新的基于双线性对的门限部分盲签名方案。分析结果表明,该方案使用高效的普通哈希函数,可提高执行效率,具有满足门限签名和部分盲签名的优点。     

A new electronic traveler’s check scheme based on one-way hash function

Nowadays, electronic commerce is booming on the Internet and becoming more popular. Many kinds of electronic services have been developed. The most successful are the electronic payment systems such as the electronic cash/check and wallet. Most electronic payment systems are based on an elaborate discrete logarithm that raises an important issue regarding efficiency. Therefore, Hsien et al. proposed an electronic traveler’s check system in 2001 using a discrete logarithm. In this paper, we propose a new electronic traveler’s check system based on one-way hash function to improve efficiency and cost. Furthermore, our proposed scheme supports an on-line and off-line electronic traveler’s check system of practical flexibility for use in the real world.     

标准模型下可证安全的基于身份的高效签名方案

基于身份的公钥密码体制克服了传统公钥密码体制所带来的公钥证书存储和管理开销问题;目前大多数基于身份的数字签名方案的安全性足基于随机预言模型进行证明,但随机预言机的实现方式可能会导致方案的不安全,如Hash函数,往往返回的结果并小是随机的.文中提出一种安全、高效的基于身份的签名方案,并且在标准模型下证明该方案对自适应选择消息攻击是存在不可伪造的,方案的安全性可规约为CDH困难假定.与现有的标准模型下安全的基于身份的签名方案相比,方案的通信代价更小,执行效率更高.     

Enhanced short signature scheme with hybrid problems

Short digital signatures are always desirable; for instance, when a human is asked to key in the signature manually or it is necessary to work effectively in low-bandwidth communication, low-storage and low-computation environments. We propose a short signature scheme based on knapsack and Gap Diffie-Hellman (GDH) groups whose security is closely related to the discrete logarithm assumption in the random oracle model. Our new scheme offers a better security guarantee than existing signature schemes. Furthermore, our scheme upholds all desirable properties of previous ID-based signature schemes, and requires general cryptographic hash functions instead of MapToPoint hash function that is inefficient and probabilistic.     

ID-Based Fair Off-Line Electronic Cash System with Multiple Banks

ID-based public key cryptography （ID-PKC） has many advantages over certificate-based public key cryptography （CA-PKC）, and has drawn researchers＇ extensive attention in recent years. However, the existing electronic cash schemes are constructed under CA-PKC, and there seems no electronic cash scheme under ID-PKC up to now to the best of our knowledge. It is important to study how to construct electronic cash schemes based on ID-PKC from views on both practical perspective and pure research issue. In this paper, we present a simpler and provably secure ID-based restrictive partially blind signature （RPBS）, and then propose an ID-based fair off-line electronic cash （ID-FOLC） scheme with multiple banks based on the proposed ID-based RPBS. The proposed ID-FOLC scheme with multiple banks is more efficient than existing electronic cash schemes with multiple banks based on group blind signature.     

可编辑且可追责的区块链方案

随着区块链所承载信息种类和应用场景的不断增加,出于信息监管、隐私保护、数据更新等方面的目的,需要对记录在区块链上的数据进行删除、更新等操作。针对这些需求,基于公开可验证秘密共享、零知识证明、变色龙哈希等技术,本文提出了一个可编辑且可追责的区块链方案。在本方案中,变色龙哈希函数将替换原始区块链中的哈希函数,由领导者将变色龙哈希的陷门密钥通过公开可验证秘密共享分发给多个用户,从而避免由某一方独自持有陷门密钥所带来的中心化问题。持有密钥份额的用户将验证网络中出现的编辑请求,并对编辑请求进行投票。当大多数用户同意进行编辑时,将通过哈希排序的方式在用户中选举出编辑者,编辑者将恢复出变色龙哈希密钥进而进行编辑。为了实现编辑过程的可追责性,全体用户都可以对编辑后的内容进行验证,监管方可以实现相关责任方的追责。本方案还通过零知识证明技术,实现了在密钥分发与验证追责阶段,可以验证密钥份额正确性。安全性分析表明方案满足陷门安全性、可编辑性、可追责性,且陷门子密钥分发时不需要经过秘密通道。仿真实验结果表明,在系统参数已经生成完毕的情况下,方案的运行时间均为毫秒量级。而参数生成算法仅执行一次,而且可以预先执行,因此参数生成算法对方案的整体运行效率影响不大,本方案依然具有较好的运行效率。     

一种基于仲裁者的代理签名方案

目前已知的一些代理签名方案都是由原始签名者、代理签名者和签名验证者三方共同来完成,存在着原始签名者在线的问题。论文引入可信第三方,即仲裁者这一新的角色,并提出了一种由仲裁者、代理签名者和签名验证者参与的代理签名方案,有效地在代理签名方案中弥补了原始签名者在线的不足,并通过证书的“绑定”实现了通信双方的身份验证。