Efficient key insulated attribute based signature without bilinear pairings for mobile communications

Attribute based signature (ABS) is a significant cryptographic notion providing secure authentication during data sharing. A signer can sign a message using the private keys he processes. However, user’s private key exposure may happen from time to time and this will bring potential threat to the whole system. Thus, key evolving mechanism should be introduced into ABS schemes. Besides, the efficiency of existing ABS schemes can be further improved since the process of signing and verification require massive bilinear pairings, which occupies costly computing resources on mobile terminal devices. To better tackle the above problems and provides a more secure data authentication method in mobile communication systems, in this paper, we firstly propose a key insulated attribute based signature scheme without pairings (KI-ABS-WP). Then we give the formalized definition as well as the concreted constructions of our scheme. In our KI-ABS-WP, uses needn’t run any bilinear pairings, thus the total computation cost has been reduced to a large extent. If key exposure occurs, key insulation mechanism guarantees system’s both backward and forward security. Finally, by security proof and efficiency comparison, our KI-ABS-WP is shown to be more superior for data authentication in mobile communication systems.     

Design of DL-based certificateless digital signatures

Public-key cryptosystems without requiring digital certificates are very attractive in wireless communications due to limitations imposed by communication bandwidth and computational resource of the mobile wireless communication devices. To eliminate public-key digital certificate, Shamir introduced the concept of the identity-based (ID-based) cryptosystem. The main advantage of the ID-based cryptosystem is that instead of using a random integer as each user’s public key as in the traditional public-key systems, the user’s real identity, such as user’s name or email address, becomes the user’s public key. However, all identity-based signature (IBS) schemes have the inherent key escrow problem, that is private key generator (PKG) knows the private key of each user. As a result, the PKG is able to sign any message on the users’ behalf. This nature violates the “non-repudiation” requirement of digital signatures. To solve the key escrow problem of the IBS while still taking advantage of the benefits of the IBS, certificateless digital signature (CDS) was introduced. In this paper, we propose a generalized approach to construct CDS schemes. In our proposed CDS scheme, the user’s private key is known only to the user himself, therefore, it can eliminate the key escrow problem from the PKG. The proposed construction can be applied to all Discrete Logarithm (DL)-based signature schemes to convert a digital signature scheme into a CDS scheme. The proposed CDS scheme is secure against adaptive chosen-message attack in the random oracle model. In addition, it is also efficient in signature generation and verification.     

Attribute-based authentication on the cloud for thin clients

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.     

基于SM2的两方协作盲签名协议

SM2是我国于2010年发布的椭圆曲线公钥密码标准,由于其具有比RSA签验速度快、存储空间小和运算复杂度低的特点被广泛应用于金融、社保等领域。随着国密算法的推广应用,密钥安全和数据隐私问题备受关注。单密钥签名模式的签名权力过于集中,无法满足分布式环境的应用需求,密钥泄露将威胁整个密码系统的安全,密钥的安全存储和合理利用问题亟待解决。此外,标准 SM2 数字签名算法无法实现消息内容的隐私保护功能,国密算法的签名消息的隐私保护有待进一步探究。针对签名算法的密钥安全和数据隐私问题,已有对SM2的协作签名研究和盲签名研究,然而,没有对SM2盲签名的协作设计,提出一种两方协作的盲签名协议,允许除用户以外的两方执行签名操作,签名过程无须恢复完整私钥,不会泄露部分私钥和秘密数的信息,密钥分散存储提升密钥安全性,盲签名性质保护消息隐私。在安全性方面,协议满足不可伪造性和不可链接性;在效率方面,使用C语言进行仿真测试,系统中各个参与者在本地的运行耗时均在可承受范围内,在签名者诚实执行协议的情况下,协作签名阶段中各个实体的时间损耗与执行一次轻量级的 SM2 盲签名的时间损耗基本一致。因此,该协议在功能和效率上具备一定的实用前景。     

具有私钥可恢复能力的云存储完整性检测方案

共享数据云存储完整性检测用来验证一个群体共享在云端数据的完整性,是最常见的云存储完整性检测方式之一.在云存储完整性检测中,用户用于生成数据签名的私钥可能会因为存储介质的损坏、故障等原因而无法使用.然而,目前已有的共享数据云存储完整性检测方案均没有考虑到这个现实问题.本文首次探索了如何解决共享数据云存储完整性检测中私钥不可用的问题,提出了第一个具有私钥可恢复能力的共享数据云存储完整性检测方案.在方案中,当一个群用户的私钥不可用时,可以通过群里的t个或者t个以上的用户帮助他恢复私钥.同时,设计了一个随机遮掩技术,用于确保参与成员私钥的安全性.用户也可验证被恢复私钥的正确性.最后,给出安全性和实验结果的分析,结果显示提出方案是安全高效的.     

Cryptanalysis of a sessional blind signature based on quantum cryptography

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed to protect the privacy of the message from the signatory. For signing quantum messages, some quantum blind signature protocols have been proposed. Recently, Khodambashi et al. (Quantum Inf Process 13:121, 2014) proposed a sessional blind signature based on quantum cryptography. It was claimed that these protocol could guarantee unconditional security. However, after our analysis, we find that the signature protocol will cause the key information leakage in the view of information theory. Taking advantage of loophole, the message sender can succeed in forging the signature without the knowledge of the whole exact key between the verifier and him. To conquer this shortcoming, we construct an improved protocol based on it and the new protocol can resist the key information leakage attacks.     

A privacy problem on Hu–Huang's proxy key generation protocol

A proxy signature scheme enables an original signer to delegate his signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, several ID-based proxy signature schemes have been proposed. ID-based Cryptosystems (ID-Cs) are advantageous than the traditional Public Key Cryptosystems (PKCs), as the key distribution is not required. But, an inherent problem of ID-Cs is the key escrow. Hu and Huang also proposed an ID-based proxy signature scheme with proxy key generation protocol. In Hu–Huang's scheme, whenever the original signer requests the Public Key Generation Center (PKG) to generate a proxy derivation key for a designated proxy signer, it generates a proxy key using the proxy signer's private key without his agreement. Thus, the PKG gets to infringe general privacy laws and regulations. Also, this is an example of PKG's misuse of the user's private key due to ID-C's key escrow problem. To solve these problems we propose an improvement of Hu–Huang's scheme.     

Cloud data integrity checking with an identity-based auditing mechanism from RSA

Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life.     

基于SM2的双方共同签名协议及其应用

移动互联网近年来发展迅速,移动智能设备的持有率大大增加,使用范围也不断扩大,保护用户信息安全的重要性也随之提升,但由于设备的计算能力有限,增加了密钥泄露的威胁,移动设备中存储的敏感信息也日益成为攻击目标,导致在移动设备上生成的数字签名在司法举证时难以认定是私钥的所有人签署.随着5G技术和物联网技术的发展,移动设备的应用将更加广泛,该问题亟待解决.5G技术的特点包括高带宽和低延迟,这为该问题的解决提供了可能性.双方共同签名是门限群签名的特殊形式,双方共同签名协议要求签名所用私钥的一部分存储在服务器中,增加了服务器认证用户的机会,进而加强了所生成数字签名的法律效力.SM2是国家密码管理局于2010年发布的椭圆曲线公钥密码算法,是国家公钥密码算法标准GM/T 0003.2-2012,包含了数字签名算法,密钥交换协议和公钥加密算法.基于SM2的共同签名协议依旧较少,缺乏高效的可证明安全的共同签名协议.因此本文提出了一个基于SM2的双方共同签名协议.该协议适用于单个服务节点服务大量客户端的场景,例如5G环境下的物联网场景.技术上看,该协议是可证明安全的,且服务器在进行一次共同签名时可以只进行一次标量乘计算.在基本协议的基础上,考虑实际需求,我们给出了一个扩展的应用协议,增加了服务器对客户端的认证和数字证书颁发的流程.     

Generic Transformation from Weakly to Strongly Unforgeable Signatures

Current techniques for transforming unforgeable signature schemes （the forged message has never been signed） to strongly unforgeable ones （the forged message could have been signed） require supplementary components to be added onto the original key pairs of the schemes. In addition, some of them can only be applied to a certain type of signature schemes. In this paper, we propose a new generic transformation technique which converts any unforgeable signature scheme into a strongly unforgeable one without modifying any component in the original key pair. This makes our technique especially compatible for practical use. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of current ones. Besides, it is shown in this paper that our transformation can further be applied to schemes satisfying only a weak variant of unforgeability without any further modification. Furthermore, our technique can also be used for constructing strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-line signature scheme, which possesses a very efficient signing process.     

An efficient user authentication and key exchange protocol for mobile client–server environment

Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client–server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client–server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client–server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks.     

Efficient forward secure identity-based shorter signature from lattice

All regular cryptographic schemes rely on the security of the secret key. However, with the explosive use of some relatively insecure mobile devices, the key exposure problem has become more aggravated. In this paper, we propose an efficient forward secure identity-based signature (FSIBS) scheme from lattice assumption, with its security based on the small integer solution problem (SIS) in the random oracle model. Our scheme can guarantee the unforgeability of the past signatures even if the current signing secret key is revealed. Moreover, the signature size and the secret key size of our scheme are unchanged and much shorter. To the best of our knowledge, our construction is the first FSIBS scheme based on lattice which can resist quantum attack. Furthermore, we extend our FSIBS scheme to a forward secure identity-based signature scheme in the standard model.     

Provably secure server-aided verification signatures

A server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. With the server-aided verification protocol, some computational tasks for a signature verification are carried out by a server, which is generally untrusted; therefore, it is very useful for low-power computational devices. In this paper, we first define three security notions for server-aided verification signatures, i.e., existential unforgeability, security against collusion attacks and security against strong collusion attacks. The definition of existential unforgeability includes the existing security requirements in server-aided verification signatures. We then present, on the basis of existing signature schemes, two novel existentially unforgeable server-aided verification signature schemes. The existential unforgeability of our schemes can be formally proved both without the random oracle model and using the random oracle model. We also consider the security of server-aided verification signatures under collusion attacks and strong collusion attacks. For the first time, we formally define security models for capturing (strong) collusion attacks, and propose concrete server-aided verification signature schemes that are secure against such attacks.     

Fully distributed identity-based threshold signatures with identifiable aborts

Identity-based threshold signature (IDTS) is a forceful primitive to protect identity and data privacy, in which parties can collaboratively sign a given message as a signer without reconstructing a signing key. Nevertheless, most IDTS schemes rely on a trusted key generation center (KGC). Recently, some IDTS schemes can achieve escrow-free security against corrupted KGC, but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting, where cheaters may force the protocol to abort without providing any feedback. In this work, we present a fully decentralized IDTS scheme to resist corrupted KGC and denial-of-service attacks. To this end, we design threshold protocols to achieve distributed key generation, private key extraction, and signing generation which can withstand the collusion between KGCs and signers, and then we propose an identification mechanism that can detect the identity of cheaters during key generation, private key extraction and signing generation. Finally, we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks. The experimental results show that the computation time of both key generation and signing generation is <1 s, and private key extraction is about 3 s, which is practical in the distributed environment.     

An efficient quantum blind digital signature scheme

Recently, many quantum digital signature (QDS) schemes have been proposed to authenticate the integration of a message. However, these quantum signature schemes just consider the situation for bit messages, and the signing-verifying of one-bit modality. So, their signature efficiency is very low. In this paper, we propose a scheme based on an application of Fibonacci-, Lucas- and Fibonacci-Lucas matrix coding to quantum digital signatures based on a recently proposed quantum key distribution (QKD) system. Our scheme can sign a large number of digital messages every time. Moreover, these special matrices provide a method to verify the integration of information received by the participants, to authenticate the identity of the participants, and to improve the efficiency for signing-verifying. Therefore, our signature scheme is more practical than the existing schemes.     

A Key Escrow-Free Identity-Based Signature Scheme without using Secure Channel

Abstract

Over the years, several identity-based signature schemes using bilinear pairings have been proposed, but most of them suffer from key escrow problems and require a secure channel during the private key issuance stage. In this paper, we present an identity-based signature scheme variant using bilinear pairings. We use a binding-blinding technique to eliminate key escrow problems and to avoid using a secure channel in the key issuance stage. We then extend the proposed scheme to a multi-signature scheme. We show that both schemes are secure against chosen message attacks.     

A Novel Post-Quantum Blind Signature for Log System in Blockchain

In recent decades, log system management has been widely studied for data security management. System abnormalities or illegal operations can be found in time by analyzing the log and provide evidence for intrusions. In order to ensure the integrity of the log in the current system, many researchers have designed it based on blockchain. However, the emerging blockchain is facing significant security challenges with the increment of quantum computers. An attacker equipped with a quantum computer can extract the user's private key from the public key to generate a forged signature, destroy the structure of the blockchain, and threaten the security of the log system. Thus, blind signature on the lattice in post-quantum blockchain brings new security features for log systems. In our paper, to address these, firstly, we propose a novel log system based on post-quantum blockchain that can resist quantum computing attacks. Secondly, we utilize a post-quantum blind signature on the lattice to ensure both security and blindness of log system, which makes the privacy of log information to a large extent. Lastly, we enhance the security level of lattice-based blind signature under the random oracle model, and the signature size grows slowly compared with others. We also implement our protocol and conduct an extensive analysis to prove the ideas. The results show that our scheme signature size edges up subtly compared with others with the improvement of security level.     

An efficient certificateless undeniable signature scheme

Certificateless cryptography addresses the private key escrow problem in identity-based systems, while overcoming the costly issues in traditional public key cryptography. Undeniable signature schemes were proposed with the aim of limiting the public verifiability of ordinary digital signatures. The first certificateless undeniable signature scheme was put forth by Duan. The proposed scheme can be considered as the certificateless version of the identity-based undeniable signature scheme which was introduced by Libert and Quisquater. In this paper, we propose a new scheme which is much more efficient comparing to Duan's scheme. Our scheme requires only one pairing evaluation for signature generation and provides more efficient confirmation and disavowal protocols for both the signer and the verifier. We also prove the security of our scheme in the strong security model based on the intractability of some well-known pairing-based assumptions in the random oracle model.     

Security of the design of time-stamped signatures

To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp, we can neither trust signed documents when the signers' signature key was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that has accidentally lost his signature key. To withstand forward forgery suffered by linking schemes and to reduce verification cost, Sun et al. proposed four time-stamped signature schemes that are based on absolute temporal authentication. Though Sun et al. claimed that these schemes are quite secure against the forward forgery, we find that they suffered from substitution attacks, by which the signer can backward/forward forge signatures and the time-stamping service can also forge signatures. Finally, we also propose four time-stamped signature schemes to overcome these security flaws. Moreover, the proposed new schemes are more efficient than the Sun et al. schemes.     

基于群签名与属性加密的区块链可监管隐私保护方案

区块链技术的去中心化、数据难篡改等特性使其在溯源问题上体现出明显优势,基于区块链的溯源系统可以解决传统系统中信息孤岛、共享程度低以及数据可篡改等问题,从而保证数据的可追溯性。然而,区块链溯源系统中的数据可追溯性与用户隐私保护之间难以取得平衡。提出一种结合群签名、隐私地址协议、零知识证明以及属性加密的分布式可监管隐私保护方案。对群签名的群管理员机制进行改进,设置多群管理员生成用户私钥片段,用户根据返回的私钥片段计算自身私钥,并根据需要有选择性地对溯源数据进行属性加密,同时为链上数据设置特定的访问结构,以实现数据与用户的“一对多”通信。群管理员利用群公钥对交易双方的身份进行追踪与追责。符合数据特定访问结构的用户通过自身的属性私钥对密文进行解密从而获取数据信息。实验结果表明,该方案能在保证数据可追溯并实现交易双方监管的同时,提高链上数据的隐私保护水平,与现有隐私保护方案相比安全性更高。