共查询到20条相似文献,搜索用时 125 毫秒
1.
Current techniques for transforming unforgeable signature schemes (the forged message has never been signed) to strongly unforgeable ones (the forged message could have been signed) require supplementary components to be added onto the original key pairs of the schemes. In addition, some of them can only be applied to a certain type of signature schemes. In this paper, we propose a new generic transformation technique which converts any unforgeable signature scheme into a strongly unforgeable one without modifying any component in the original key pair. This makes our technique especially compatible for practical use. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of current ones. Besides, it is shown in this paper that our transformation can further be applied to schemes satisfying only a weak variant of unforgeability without any further modification. Furthermore, our technique can also be used for constructing strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-line signature scheme, which possesses a very efficient signing process. 相似文献
2.
WANG ChangJi 《中国科学:信息科学(英文版)》2012,(9):2139-2148
To use biometrics identities in an identity based encryption system,Sahai and Waters first introduced the notion of fuzzy identity based encryption(FIBE) in 2005.Yang et al.extended it to digital signature and introduced the concept of fuzzy identity based signature(FIBS) in 2008,and constructed an FIBS scheme based on Sahai and Waters’s FIBE scheme.In this paper,we further formalize the notion and security model of FIBS scheme and propose a new construction of FIBS scheme based on bilinear pairing.The proposed scheme not only provides shorter public parameters,private key and signature,but also have useful structures which result in more efficient verification than that of Yang et al.’s FIBS scheme.The proposed FIBS scheme is proved to be existentially unforgeable under a chosen message attack and selective fuzzy identity attack in the random oracle model under the discrete logarithm assumption. 相似文献
3.
ID-based public key cryptography (ID-PKC) has many advantages over certificate-based public key cryptography (CA-PKC), and has drawn researchers' extensive attention in recent years. However, the existing electronic cash schemes are constructed under CA-PKC, and there seems no electronic cash scheme under ID-PKC up to now to the best of our knowledge. It is important to study how to construct electronic cash schemes based on ID-PKC from views on both practical perspective and pure research issue. In this paper, we present a simpler and provably secure ID-based restrictive partially blind signature (RPBS), and then propose an ID-based fair off-line electronic cash (ID-FOLC) scheme with multiple banks based on the proposed ID-based RPBS. The proposed ID-FOLC scheme with multiple banks is more efficient than existing electronic cash schemes with multiple banks based on group blind signature. 相似文献
4.
Attack on Digital Multi-Signature Scheme Based on Elliptic Curve Cryptosystem 总被引:1,自引:0,他引:1 下载免费PDF全文
The concept of multisignature, in which multiple signers can cooperate to sign the same message and any verifier can verify the validity of the multi-signature, was first introduced by Itakura and Nakamura. Several multisignature schemes have been proposed since. Chen et al. proposed a new digital multi-signature scheme based on the elliptic curve cryptosystem recently. In this paper, we show that their scheme is insecure, for it is vulnerable to the so-called active attacks, such as the substitution of a "false" public key to a "true" one in a key directory or during transmission. And then the attacker can sign a legal signature which other users have signed and forge a signature himself which can be accepted by the verifier. 相似文献
5.
Provably secure robust threshold partial blind signature 总被引:1,自引:0,他引:1
Threshold digital signature and blind signature are playing important roles in cryptography as well as in practical applications such as e-cash and e-voting systems. Over the past few years, many cryptographic researchers have made considerable headway in this field. However, to our knowledge, most of existing threshold blind signature schemes are based on the discrete logarithm problem. In this paper, we propose a new robust threshold partial blind signature scheme based on improved RSA cryptosystem. This scheme is the first threshold partial blind signature scheme based on factoring, and the robustness of threshold partial blind signature is also introduced. Moreover, in practical application, the proposed scheme will be especially suitable for blind signature-based voting systems with multiple administrators and secure electronic cash systems to prevent their abuse. 相似文献
6.
Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. in case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-sized public key and signature length, and more importantly, their group signature scheme does not require trapdoor, Their scheme is very efficient and the sizes of signatures are smaller than those of the other existing schemes. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, it is shown in our cryptanalysis of the scheme that it allows a non-member of the group to sign on behalf of the group. And the resulting signature convinces any third party that a member of the group has indeed generated such a signature, although none of the members has done so. Therefore is in case of dispute, even the group manager cannot identify who has signed the message. In the paper a new scheme that does not suffer from this problem is provided. 相似文献
7.
Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-sized public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are smaller than those of the other existing schemes. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, it is shown in our cryptanalysis of the scheme that it allows a non-member of the group to sign on behalf of the group. And the resulting signature convinces any third party that a member of the group has indeed generated such a signature, although none of the members has done so. Therefore is in case of dispute, even the group manager cannot identify who has signed the message. In the paper a new scheme that does not suffer from this problem is provided. 相似文献
8.
In this paper, we propose a new "full public verifiability" concept for hybrid public-key encryption schemes. We also present a new hybrid public-key encryption scheme that has this feature, which is based on the decisional bilinear Diffie-Hellman assumption. We have proven that the new hybrid public-key encryption scheme is secure against adaptive chosen ciphertext attack in the standard model. The "full public verifiability" feature means that the new scheme has a shorter ciphertext and reduces the security requirements of the symmetric encryption scheme. Therefore, our new scheme does not need any message authentication code, even when the one-time symmetric encryption scheme is passive attacks secure. Compared with all existing publickey encryption schemes that are secure to the adaptive chosen ciphertext attack, our new scheme has a shorter ciphertext, efficient tight security reduction, and fewer requirements (if the symmetric encryption scheme can resist passive attacks). 相似文献
9.
Ustaoglu presents a secure and efficient key exchange protocol named CMQV,based on the design rationales of HMQV and NAXOS.Compared with the latter two protocols,on one hand,CMQV achieves high performance of HMQV,and on the other,it is proven secure in eCK model as NAXOS is.However,CMQV enjoys the security proof under gap Diffie-Hellman assumption as indicated by its creators.In this paper,we propose a variant of CMQV,called CMQV+,which is proven secure under a weaker assumption (i.e.computational Diffie-Hellman assumption) in eCK model with random oracles while maintaining the high-performance feature of CMQV as much as possible. 相似文献
10.
Yudi ZHANG Debiao HE Mingwu ZHANG Kim-Kwang Raymond CHOO 《Frontiers of Computer Science》2020,14(3):143803-215
Mobile devices are widely used for data access,communications and storage.However,storing a private key for signature and other cryptographic usage on a single mobile device can be challenging,due to its computational limitations.Thus,a number of(t,n)threshold secret sharing schemes designed to minimize private key from leakage have been proposed in the literature.However,existing schemes generally suffer from key reconstruction attack.In this paper,we propose an efficient and secure two-party distributed signing protocol for the SM2 signature algorithm.The latter has been mandated by the Chinese government for all electronic commerce applications.The proposed protocol separates the private key to storage on two devices and can generate a valid signature without the need to reconstruct the entire private key.We prove that our protocol is secure under nonstandard assumption.Then,we implement our protocol using MIRACL Cryptographic SDK to demonstrate that the protocol can be deployed in practice to prevent key disclosure. 相似文献
11.
Xiaofeng Chen Fangguo Zhang Haibo Tian Baodian Wei Kwangjo KimAuthor vitae 《Computers & Electrical Engineering》2011,37(4):614-623
Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message. However, the initial constructions of chameleon signatures suffer from the key exposure problem of chameleon hashing. This creates a strong disincentive for the recipient to compute hash collisions, partially undermining the concept of non-transferability. Recently, some constructions of discrete logarithm based chameleon hashing and signatures without key exposure are presented, while in the setting of gap Diffie–Hellman groups with pairings.In this paper, we propose the first key-exposure free chameleon hash and signature scheme based on discrete logarithm systems, without using the gap Diffie–Hellman groups. This provides more flexible constructions of efficient key-exposure free chameleon hash and signature schemes. Moreover, one distinguishing advantage of the resulting chameleon signature scheme is that the property of “message hiding” or “message recovery” can be achieved freely by the signer, i.e., the signer can efficiently prove which message was the original one if he desires. 相似文献
12.
Xiaofeng Chen Fangguo Zhang Haibo Tian Baodian Wei Willy Susilo Yi Mu Hyunrok Lee Kwangjo Kim 《Information Sciences》2008,178(21):4192-4203
The “hash–sign–switch” paradigm was firstly proposed by Shamir and Tauman with the aim to design an efficient on-line/off-line signature scheme. Nonetheless, all existing on-line/off-line signature schemes based on this paradigm suffer from the key exposure problem of chameleon hashing. To avoid this problem, the signer should pre-compute and store a plenty of different chameleon hash values and the corresponding signatures on the hash values in the off-line phase, and send the collision and the signature for a certain hash value in the on-line phase. Hence, the computation and storage cost for the off-line phase and the communication cost for the on-line phase in Shamir–Tauman’s signature scheme are still a little more overload. In this paper, we first introduce a special double-trapdoor hash family based on the discrete logarithm assumption and then incorporate it to construct a more efficient generic on-line/off-line signature scheme without key exposure. Furthermore, we also present the first key-exposure-free generic on-line/off-line threshold signature scheme without a trusted dealer. Additionally, we prove that the proposed schemes have achieved the desired security requirements. 相似文献
13.
Emmanuel Bresson Dario Catalano Mario Di Raimondo Dario Fiore Rosario Gennaro 《International Journal of Information Security》2013,12(6):439-465
The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and Micali show how to realize off-line/on-line digital signature schemes by combining regular digital signatures with efficient one-time signatures. Later, Shamir and Tauman presented an alternative construction (which produces shorter signatures) obtained by combining regular signatures with chameleon hash functions. In this paper, we study off-line/on-line digital signature schemes both from a theoretic and a practical perspective. More precisely, our contribution is threefold. First, we unify the Shamir–Tauman and Even et al. approaches by showing that they can be seen as different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing is basically a one-time signature which satisfies such a weaker security notion. As a by-product of this result, we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call double-trapdoor) is actually a fully secure one-time signature. Next, we consider the task of building, in a generic fashion, threshold variants of known schemes: Crutchfield et al. proposed a generic way to construct a threshold off-line/on-line signature scheme given a threshold regular one. They applied known threshold techniques to the Shamir–Tauman construction using a specific chameleon hash function. Their solution introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. Here, we propose two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function. Our constructions are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption. Finally, we ran experimental tests to measure the difference between the real efficiency of the two known constructions for non-threshold off-line/on-line signatures. Interestingly, we show that, using some optimizations, the two approaches are comparable in efficiency and signature length. 相似文献
14.
Based on the famous Schnorr signature scheme, we propose a new chameleon hash scheme which enjoys all advantages of the previous schemes: collision-resistant, message-hiding, semantic security, and key-exposure-freeness. 相似文献
15.
Chameleon签名方案是一种利用Hash-and-Sign模式的非交互签名方案,并且具有不可转移性,只有指定的接收者才可以确信签名的有效性.利用双线性对提出了一种新的Chameleon Hash函数,并在此基础上构建了相应的基于身份的Chameleon签名方案.与传统的Chameleon Hash函数相比,该方案中的Hash函数公钥所有者无须获取相应私钥,除非它企图伪造签名.该方案不但具有通常Chameleon签名方案的所有特点,而且具有基于身份密码系统的诸多优点. 相似文献
16.
Pin-Chang SuAuthor Vitae 《Computers & Electrical Engineering》2011,37(2):174-179
Short digital signatures are always desirable; for instance, when a human is asked to key in the signature manually or it is necessary to work effectively in low-bandwidth communication, low-storage and low-computation environments. We propose a short signature scheme based on knapsack and Gap Diffie-Hellman (GDH) groups whose security is closely related to the discrete logarithm assumption in the random oracle model. Our new scheme offers a better security guarantee than existing signature schemes. Furthermore, our scheme upholds all desirable properties of previous ID-based signature schemes, and requires general cryptographic hash functions instead of MapToPoint hash function that is inefficient and probabilistic. 相似文献
17.
18.
Identity-based non-interactive key exchange (IB-NIKE) is a powerful but a bit overlooked primitive in identity-based cryptography. While identity-based encryption and signature have been extensively investigated over the past three decades, IB-NIKE has remained largely unstudied. So far, there are only few IB-NIKE schemes in the literature. Among them, Sakai–Ohgishi–Kasahara (SOK) scheme is the first efficient and secure two-party IB-NIKE scheme, which has great influence on follow-up works. However, the SOK scheme required its identity mapping function to be modeled as a random oracle to prove security. Moreover, its existing security proof heavily relies on the ability of programming the random oracle. It is unknown whether such reliance is inherent. In this work, we intensively revisit the SOK IB-NIKE scheme and present a series of possible and impossible results in the random oracle model and the standard model. In the random oracle model, we first improve previous security analysis for the SOK IB-NIKE scheme by giving a tighter reduction. We then use meta-reduction technique to show that the SOK scheme is unlikely proven to be secure based on the computational bilinear Diffie–Hellman assumption without programming the random oracle. In the standard model, we show how to instantiate the random oracle in the SOK scheme with a concrete hash function from admissible hash functions (AHFs) and indistinguishability obfuscation. The resulting scheme is adaptively secure based on the decisional bilinear Diffie–Hellman inversion assumption. To the best of our knowledge, this is the first adaptively secure IB-NIKE scheme in the standard model that does not explicitly require multilinear maps. Previous schemes in the standard model either have merely selective security or require programmable hash functions from multilinear maps. At the technical heart of our scheme, we generalize the definition of AHFs and propose a generic construction which enables AHFs with previously unachieved parameters. This might be of independent interest. In addition, we present some new results about IB-NIKE. Firstly, we propose a generic construction of multiparty IB-NIKE from extractable witness PRFs and existentially unforgeable signatures. Secondly, we investigate the relation between semi-adaptive security and adaptive security of IB-NIKE. Somewhat surprisingly, we show that these two notions are polynomially equivalent. 相似文献
19.
All regular cryptographic schemes rely on the security of the secret key. However, with the explosive use of some relatively insecure mobile devices, the key exposure problem has become more aggravated. In this paper, we propose an efficient forward secure identity-based signature (FSIBS) scheme from lattice assumption, with its security based on the small integer solution problem (SIS) in the random oracle model. Our scheme can guarantee the unforgeability of the past signatures even if the current signing secret key is revealed. Moreover, the signature size and the secret key size of our scheme are unchanged and much shorter. To the best of our knowledge, our construction is the first FSIBS scheme based on lattice which can resist quantum attack. Furthermore, we extend our FSIBS scheme to a forward secure identity-based signature scheme in the standard model. 相似文献
20.
一种基于身份的不可传递性环签名 总被引:1,自引:0,他引:1
网络环境中的某些应用(如匿名电子举报)要求数字签名同时具备签名者身份模糊性和签名不可传递性,而现存的签名方案都不能完全满足此类需求.为此,提出了一种新的签名方案即基于身份的不可传递性环签名方案,设计了一个基于双线性对的特殊哈希函数,并将该哈希函数引入到环签名中,使方案很好地满足了上述需求.形式化分析表明,方案生成的签名在随机预言模型(Random Oracle Model,ROM)下具有不可伪造性. 相似文献