新的基于身份的变色龙签名体制

变色龙签名体制是基于传统的哈希一签名范例,它使用变色龙哈希函数,具有性质：任何知道公钥的人都可以计算相应的哈希值;在通常情况下,对于不知道陷门信息的人,函数是抗碰撞的;但是,陷门信息的持有者可以对于任意给定的输入找到碰撞。变色龙签名体制是不可否认签名的一种新方法,一个安全的变色龙签名体制应该具备非交互性、不可传递性和不可否认性。本文利用双线性对,提出一个新的基于身份的变色龙签名,在随机预言机下是安全的。     

基于格的变色龙签名方案

与普通数字签名相比,变色龙签名不仅满足不可否认性,而且具有非交互式、不可传递的特点。然而,基于传统数学难题构造的变色龙签名方案不能抵杭量子计算机的攻击。为了设计在量子计算机环境下依然安全的变色龙签名,利用格上小整数解问题SIS(Small Integer Solution)和非齐次小整数解问题ISIS(Inhomogeneous Small Integer Solution)的困难性假设,构造了基于格的变色龙签名方案。在随机预言模型下,证明了该方案在适应性选择消息攻击下 是安全的。     

移动环境下的一种基于双向认证的哈希链签名方案*

在基于哈希函数的签名方案的基础上,提出了一种新的基于双向认证的哈希链签名方案,能够防止用户双方作弊及外部攻击。并对其签名和认证的速度进行了实验测试,相对于基于公钥算法的数字签名方案,该方案的执行速度有明显提高。     

一种基于身份的不可传递性环签名

网络环境中的某些应用(如匿名电子举报)要求数字签名同时具备签名者身份模糊性和签名不可传递性,而现存的签名方案都不能完全满足此类需求.为此,提出了一种新的签名方案即基于身份的不可传递性环签名方案,设计了一个基于双线性对的特殊哈希函数,并将该哈希函数引入到环签名中,使方案很好地满足了上述需求.形式化分析表明,方案生成的签名在随机预言模型(Random Oracle Model,ROM)下具有不可伪造性.     

强不可伪造的在线/离线签名方案

针对标准模型下签名方案效率低的问题,利用目标抗碰撞杂凑函数和变色龙哈希函数,提出了一种在线/离线签名方案。在签名消息到来之前,离线阶段进行重签名的大部分计算,并将这些运算结果保存起来;在签名消息到来时,利用离线阶段保存的数据能在很短的时间内生成消息的在线重签名。在标准模型下,证明了新方案在适应性选择消息攻击下满足强不可伪造性。分析结果表明,新方案在效率上优于已有的标准模型下签名方案,在线签名算法仅需要1次模减法运算和1次模乘法运算,适合于计算能力较弱的低端计算设备。     

具有完全保密性的高效可净化数字签名方案*

现有的基于变色龙散列函数的方案均未达到完全保密性,而基于群签名的可净化数字签名方案满足完全保密性,但因效率较低而不够实用。为此,提出一个新的可净化数字签名方案,它基于传统数字签名方案、BLS签名方案和公钥加密方案构造,且满足可净化数字签名的所有基本安全性需求,即不可伪造性、不可变性、透明性、完全保密性及可审计性,同时具有比基于群签名方案更高的运算效率,继而具有更高的实用性。     

一种基于变色龙签名的电子选举机制

本文分析当前电子选举的基本要求,针对目前电子选举方案中存在的选票碰撞及伪造选票问题,提出了一种基于变色龙签名的电子选举机制,通过双线性映射实现变色龙签名,进而定义电子选举方案,证明了所提方案具备不可否认性、不可传递性、非交互性的安全特性,有效增强了电子选举的安全性和实用性。     

一次变色龙哈希函数及其在可修正区块链中的应用

提出了称作一次变色龙哈希函数的新密码学原语:同一哈希值的2个原像(一次碰撞)不会暴露任何陷门信息,而同一哈希值的3个原像(二次碰撞)则会暴露部分陷门信息,但足以导致严重的安全危害.基于经典的RSA困难问题构造了简单高效的一次变色龙哈希函数方案,并在随机预言模型下证明了其安全性.应用该一次变色龙哈希函数方案,进一步高效实现了对每个区块仅允许至多一次修正的可修正区块链,而任何区块的二次修改都将导致区块链崩溃的惩罚.对区块链进行有效治理是网络空间安全治理的关键领域,而可修正区块链则构成了区块链监管和治理的最核心技术.所提出的可修正区块链方案具有高效和修正权限契合实际需求的两大特点,有望为区块链监管(尤其是链上有害数据的事后治理)提供有力的技术参考.     

一种基于变色龙签名的电子选举机制

本文分析当前电子选举的基本要求,针对目前电子选举方案中存在的选票碰撞及伪造选票问题,提出了一种基于变色龙签名的电子选举机制,通过双线性映射实现变色龙签名,进而定义电子选举方案,证明了所提方案具备不可否认性、不可传递性、非交互性的安全特性,有效增强了电子选举的安全性和实用性。     

一种高效的门限部分盲签名方案

现有的门限签名方案使用一些低效的MapToPoint哈希函数,难以避免因多次使用哈希函数而带来的安全性危害。为此,将门限签名和部分盲签名相结合,提出一种新的基于双线性对的门限部分盲签名方案。分析结果表明,该方案使用高效的普通哈希函数,可提高执行效率,具有满足门限签名和部分盲签名的优点。     

基于双线性对的Chameleon签名方案

Chameleon签名方案是一种利用Hash-and-Sign模式的非交互签名方案,并且具有不可转移性,只有指定的接收者才可以确信签名的有效性.利用双线性对提出了一种新的Chameleon Hash函数,并在此基础上构建了相应的基于身份的Chameleon签名方案.与传统的Chameleon Hash函数相比,该方案中的Hash函数公钥所有者无须获取相应私钥,除非它企图伪造签名.该方案不但具有通常Chameleon签名方案的所有特点,而且具有基于身份密码系统的诸多优点.     

Efficient generic on-line/off-line (threshold) signatures without key exposure

The “hash–sign–switch” paradigm was firstly proposed by Shamir and Tauman with the aim to design an efficient on-line/off-line signature scheme. Nonetheless, all existing on-line/off-line signature schemes based on this paradigm suffer from the key exposure problem of chameleon hashing. To avoid this problem, the signer should pre-compute and store a plenty of different chameleon hash values and the corresponding signatures on the hash values in the off-line phase, and send the collision and the signature for a certain hash value in the on-line phase. Hence, the computation and storage cost for the off-line phase and the communication cost for the on-line phase in Shamir–Tauman’s signature scheme are still a little more overload. In this paper, we first introduce a special double-trapdoor hash family based on the discrete logarithm assumption and then incorporate it to construct a more efficient generic on-line/off-line signature scheme without key exposure. Furthermore, we also present the first key-exposure-free generic on-line/off-line threshold signature scheme without a trusted dealer. Additionally, we prove that the proposed schemes have achieved the desired security requirements.     

Discrete logarithm based chameleon hashing and signatures without key exposure

Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message. However, the initial constructions of chameleon signatures suffer from the key exposure problem of chameleon hashing. This creates a strong disincentive for the recipient to compute hash collisions, partially undermining the concept of non-transferability. Recently, some constructions of discrete logarithm based chameleon hashing and signatures without key exposure are presented, while in the setting of gap Diffie–Hellman groups with pairings.In this paper, we propose the first key-exposure free chameleon hash and signature scheme based on discrete logarithm systems, without using the gap Diffie–Hellman groups. This provides more flexible constructions of efficient key-exposure free chameleon hash and signature schemes. Moreover, one distinguishing advantage of the resulting chameleon signature scheme is that the property of “message hiding” or “message recovery” can be achieved freely by the signer, i.e., the signer can efficiently prove which message was the original one if he desires.     

Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results

The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and Micali show how to realize off-line/on-line digital signature schemes by combining regular digital signatures with efficient one-time signatures. Later, Shamir and Tauman presented an alternative construction (which produces shorter signatures) obtained by combining regular signatures with chameleon hash functions. In this paper, we study off-line/on-line digital signature schemes both from a theoretic and a practical perspective. More precisely, our contribution is threefold. First, we unify the Shamir–Tauman and Even et al. approaches by showing that they can be seen as different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing is basically a one-time signature which satisfies such a weaker security notion. As a by-product of this result, we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call double-trapdoor) is actually a fully secure one-time signature. Next, we consider the task of building, in a generic fashion, threshold variants of known schemes: Crutchfield et al. proposed a generic way to construct a threshold off-line/on-line signature scheme given a threshold regular one. They applied known threshold techniques to the Shamir–Tauman construction using a specific chameleon hash function. Their solution introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. Here, we propose two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function. Our constructions are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption. Finally, we ran experimental tests to measure the difference between the real efficiency of the two known constructions for non-threshold off-line/on-line signatures. Interestingly, we show that, using some optimizations, the two approaches are comparable in efficiency and signature length.     

基于Chameleon哈希改进的平台配置远程证明机制

为了进一步提高平台配置远程证明机制的实用性,针对RAMT(remote attestation based on Merkle hashtree)方案的不足,基于Chameleon哈希算法,采用软件分组的思想,改进了RAMT方案,给出了实验证明。认真讨论了RAMT方案的特点,详细描述了改进后的RAMT方案的体系结构、度量及验证过程,并深入讨论了新机制的特点。实验结果表明,新机制不仅提高了远程证明机制的可伸缩性,而且进一步增强了隐私保护能力,从而进一步提高了方案的实用性。     

Chameleon Hashes Without Key Exposure Based on Factoring

Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem： non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure-free chameleon hashes have been constructed based on RSA assumption and SDH （strong Diffie-Hellman） assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.     

可编辑且可追责的区块链方案

随着区块链所承载信息种类和应用场景的不断增加,出于信息监管、隐私保护、数据更新等方面的目的,需要对记录在区块链上的数据进行删除、更新等操作。针对这些需求,基于公开可验证秘密共享、零知识证明、变色龙哈希等技术,本文提出了一个可编辑且可追责的区块链方案。在本方案中,变色龙哈希函数将替换原始区块链中的哈希函数,由领导者将变色龙哈希的陷门密钥通过公开可验证秘密共享分发给多个用户,从而避免由某一方独自持有陷门密钥所带来的中心化问题。持有密钥份额的用户将验证网络中出现的编辑请求,并对编辑请求进行投票。当大多数用户同意进行编辑时,将通过哈希排序的方式在用户中选举出编辑者,编辑者将恢复出变色龙哈希密钥进而进行编辑。为了实现编辑过程的可追责性,全体用户都可以对编辑后的内容进行验证,监管方可以实现相关责任方的追责。本方案还通过零知识证明技术,实现了在密钥分发与验证追责阶段,可以验证密钥份额正确性。安全性分析表明方案满足陷门安全性、可编辑性、可追责性,且陷门子密钥分发时不需要经过秘密通道。仿真实验结果表明,在系统参数已经生成完毕的情况下,方案的运行时间均为毫秒量级。而参数生成算法仅执行一次,而且可以预先执行,因此参数生成算法对方案的整体运行效率影响不大,本方案依然具有较好的运行效率。     

基于身份的卡梅隆数字签名方案

卡梅隆签名是一种非交互式的数字签名,其使用的Hash函数是一种特殊的陷门单向Hash函数——卡梅隆Hash。卡梅隆数字签名具有不可传递性和不可否认性等优点。该文利用基于身份和双线性对的签名方案,结合卡梅隆Hash函数,构造了基于身份的卡梅隆数字签名方案。与传统的卡梅隆方案相比,该方案中公开Hash密钥的所有者无须恢复相应的私钥,且是指定验证者的方案。     

Chameleon hash without key exposure based on Schnorr signature

Based on the famous Schnorr signature scheme, we propose a new chameleon hash scheme which enjoys all advantages of the previous schemes: collision-resistant, message-hiding, semantic security, and key-exposure-freeness.