Efficient generic on-line/off-line (threshold) signatures without key exposure

The “hash–sign–switch” paradigm was firstly proposed by Shamir and Tauman with the aim to design an efficient on-line/off-line signature scheme. Nonetheless, all existing on-line/off-line signature schemes based on this paradigm suffer from the key exposure problem of chameleon hashing. To avoid this problem, the signer should pre-compute and store a plenty of different chameleon hash values and the corresponding signatures on the hash values in the off-line phase, and send the collision and the signature for a certain hash value in the on-line phase. Hence, the computation and storage cost for the off-line phase and the communication cost for the on-line phase in Shamir–Tauman’s signature scheme are still a little more overload. In this paper, we first introduce a special double-trapdoor hash family based on the discrete logarithm assumption and then incorporate it to construct a more efficient generic on-line/off-line signature scheme without key exposure. Furthermore, we also present the first key-exposure-free generic on-line/off-line threshold signature scheme without a trusted dealer. Additionally, we prove that the proposed schemes have achieved the desired security requirements.     

Discrete logarithm based chameleon hashing and signatures without key exposure

Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message. However, the initial constructions of chameleon signatures suffer from the key exposure problem of chameleon hashing. This creates a strong disincentive for the recipient to compute hash collisions, partially undermining the concept of non-transferability. Recently, some constructions of discrete logarithm based chameleon hashing and signatures without key exposure are presented, while in the setting of gap Diffie–Hellman groups with pairings.In this paper, we propose the first key-exposure free chameleon hash and signature scheme based on discrete logarithm systems, without using the gap Diffie–Hellman groups. This provides more flexible constructions of efficient key-exposure free chameleon hash and signature schemes. Moreover, one distinguishing advantage of the resulting chameleon signature scheme is that the property of “message hiding” or “message recovery” can be achieved freely by the signer, i.e., the signer can efficiently prove which message was the original one if he desires.     

基于双线性对的Chameleon签名方案

Chameleon签名方案是一种利用Hash-and-Sign模式的非交互签名方案,并且具有不可转移性,只有指定的接收者才可以确信签名的有效性.利用双线性对提出了一种新的Chameleon Hash函数,并在此基础上构建了相应的基于身份的Chameleon签名方案.与传统的Chameleon Hash函数相比,该方案中的Hash函数公钥所有者无须获取相应私钥,除非它企图伪造签名.该方案不但具有通常Chameleon签名方案的所有特点,而且具有基于身份密码系统的诸多优点.     

强不可伪造的在线/离线签名方案

针对标准模型下签名方案效率低的问题,利用目标抗碰撞杂凑函数和变色龙哈希函数,提出了一种在线/离线签名方案。在签名消息到来之前,离线阶段进行重签名的大部分计算,并将这些运算结果保存起来;在签名消息到来时,利用离线阶段保存的数据能在很短的时间内生成消息的在线重签名。在标准模型下,证明了新方案在适应性选择消息攻击下满足强不可伪造性。分析结果表明,新方案在效率上优于已有的标准模型下签名方案,在线签名算法仅需要1次模减法运算和1次模乘法运算,适合于计算能力较弱的低端计算设备。     

基于双线性对的可证明安全的环签名和代理环签名

2001年的亚密会上,Revest,Shamir和Tauman正式提出了环签名[1]的概念。环签名可以被看做是简化了的群签名,它保护签名者的匿名性不被泄露。文章提出了一种新的环签名方案和代理环签名方案,都是基于双线性对的,并分析了新方案的安全性。     

一种新的基于身份的变色龙数字签名方案

变色龙签名是一种非交互的数字签名，基于“先哈希后签名”的范式。其中使用的哈希函数是一种特殊的陷门单向哈希函数――变色龙哈希。变色龙签名与普通数字签名的不同之处在于不可传递性。应用双线性对，提出了一个新的基于身份的变色龙签名方案。新方案构造简洁，在随机预言模型下是安全的。     

Chameleon Hashes Without Key Exposure Based on Factoring

Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem： non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure-free chameleon hashes have been constructed based on RSA assumption and SDH （strong Diffie-Hellman） assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.     

Generic Transformation from Weakly to Strongly Unforgeable Signatures

Current techniques for transforming unforgeable signature schemes （the forged message has never been signed） to strongly unforgeable ones （the forged message could have been signed） require supplementary components to be added onto the original key pairs of the schemes. In addition, some of them can only be applied to a certain type of signature schemes. In this paper, we propose a new generic transformation technique which converts any unforgeable signature scheme into a strongly unforgeable one without modifying any component in the original key pair. This makes our technique especially compatible for practical use. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of current ones. Besides, it is shown in this paper that our transformation can further be applied to schemes satisfying only a weak variant of unforgeability without any further modification. Furthermore, our technique can also be used for constructing strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-line signature scheme, which possesses a very efficient signing process.     

Integrity analysis of authenticated encryption based on stream ciphers

We study the security of authenticated encryption based on a stream cipher and a universal hash function. We consider ChaCha20-Poly1305 and generic constructions proposed by Sarkar, where the generic constructions include 14 AEAD (authenticated encryption with associated data) schemes and 3 DAEAD (deterministic AEAD) schemes. In this paper, we analyze the integrity of these schemes both in the standard INT-CTXT (integrity of ciphertext) notion and in the RUP (releasing unverified plaintext) setting called INT-RUP notion. We present INT-CTXT attacks against 3 out of the 14 AEAD schemes and 1 out of the 3 DAEAD schemes. We then show INT-RUP attacks against 1 out of the 14 AEAD schemes and the 2 remaining DAEAD schemes. Next, we consider ChaCha20-Poly1305 and show that it is provably secure in the INT-RUP notion. Finally, we show that the remaining 10 AEAD schemes are provably secure in the INT-RUP notion.     

一种改进的前向安全数字签名方案

已有前向安全数字签名方案无法保证数字签名的后向安全性。对Abdalla-Reyzin的前向安全数字签名方案进行了改进,将单向散列链嵌入到该方案的签名中,使该方案具有后向安全检测功能。改进后的方案不仅具有数字签名的前向安全性,而且同样具有后向安全性。     

Key-dependent 3D model hashing for authentication using heat kernel signature

Multimedia-based hashing is considered an important technique for achieving authentication and copy detection in digital contents. However, 3D model hashing has not been as widely used as image or video hashing. In this study, we develop a robust 3D mesh-model hashing scheme based on a heat kernel signature (HKS) that can describe a multi-scale shape curve and is robust against isometric modifications. We further discuss the robustness, uniqueness, security, and spaciousness of the method for 3D model hashing. In the proposed hashing scheme, we calculate the local and global HKS coefficients of vertices through time scales and 2D cell coefficients by clustering HKS coefficients with variable bin sizes based on an estimated L² risk function, and generate the binary hash through binarization of the intermediate hash values by combining the cell values and the random values. In addition, we use two parameters, bin center points and cell amplitudes, which are obtained through an iterative refinement process, to improve the robustness, uniqueness, security, and spaciousness further, and combine them in a hash with a key. By evaluating the robustness, uniqueness, and spaciousness experimentally, and through a security analysis based on the differential entropy, we verify that our hashing scheme outperforms conventional hashing schemes.     

Chameleon hash without key exposure based on Schnorr signature

Based on the famous Schnorr signature scheme, we propose a new chameleon hash scheme which enjoys all advantages of the previous schemes: collision-resistant, message-hiding, semantic security, and key-exposure-freeness.     

带门限值的多重签名方案

现有的多重签名方案和门限签名方案都不允许任何签名成员产生错误的签名，然而在现实世界里，有很多情形并不需要所有签名者都给出正确的签名。该文提出了一种新的带门限值的多重签名方案。在新方案中，允许某些签名者弃权或者产生错误的签名，只要有效的单用户签名数不小于事先规定的门限值，即可产生有效的多重签名。与现有的门限签名方案相比，新方案中门限概念的实现并没有借助Shamir的秘密共享技术，新方案中的门限值可方便地进行更改，并可抵抗针对秘密共享技术的相应攻击。     

Threshold signature schemes for ElGamal variants

In this paper we present a generic construction of threshold ElGamal signature schemes. We classify ElGamal variants by two types according to ways of generating signatures. Then we develop the generic mechanism to convert a group of ElGamal variants into their threshold versions and prove unforgeability of constructed schemes. To demonstrate its application, we present threshold versions of two standard ElGamal variants, GOST 34.10 and KCDSA from our construction.     

一个一次性多重签名方案

一次性签名自从提出以来得到了广泛研究和应用，特别是最近，它被研究用于组播源认证和流签名问题，得到了很好的效果。而面向群体的数字签名。是另一类十分有用的数字签名，它在复杂的应用中很好地满足了针对某个群体的特殊应用的需要。结合两者可以充分利用两者的优势。近年来，陆续有人提出了代理一次性签名和门限一次性签名等。本文先提出一个可恢复消息的一次性签名方案，然后用这个一次性签名方案构造了一个一次性多重签名方案。     

强前向安全的代理签名方案

前向安全代理签名方案无法保证代理者密钥泄漏后未来时段代理签名的安全性。基于单向散列链,对王天银等提出的前向安全代理签名方案进行了改进,使该方案的代理签名具有强前向安全性：即使代理密钥被泄露,攻击者也无法伪造过去和未来时段的代理签名,并且具有密钥泄露检测功能。     

One-time proxy signatures revisited

Proxy signatures are useful constructions in grid computing, mobile agents and many other emerging applications. In a recent work [Huaxiong Wang and Josef Pieprzyk: Efficient One-Time Proxy Signatures. Proc. ASIACRYPT'03, LNCS 2894, Springer 2003.], Wang and Pieprzyk proposed a one-time signature scheme which allows full delegation to a proxy with an added feature that allows tracing the authorship of the signature in case of a dispute. In this paper we present a simple alternative approach that eliminates public-key cryptography in key generation, offers certainty and simplicity in the dispute resolution and avoids swallow attacks. We also introduce the concept of 1-out-of-n threshold traceable one-time signatures as an efficiency improvement.     

可传递签名研究综述

可传递签名是由Micali和Rivest在2002年首先提出的，主要用于对二元传递关系进行签名。本文综述了可传递签名的研究现状，描述了可传递签名的定义、模型及其安全性，概括了现有的可传递签名方案，包括无向传递签名方案和有向传递签名方案。最后对可传递签名的研究前景进行了展望。     

An efficient and secure event signature (EASES) protocol for peer-to-peer massively multiplayer online games

In recent years, massively multiplayer online games (MMOGs) have become very popular by providing more entertainment and sociability than single-player games. In order to prevent cheaters to gain unfair advantages in peer-to-peer (P2P)-based MMOGs, several cheat-proof schemes have been proposed by using digital signatures. However, digital signatures generally require a large amount of computations and thus may not be practical for interactive real-time applications such as games. Based on the concept of one-time signature, we propose an efficient and secure event signature (EASES) protocol to efficiently sign discrete event messages with hash-chain keys. As most messages need only two hash operations to achieve non-repudiation and event commitment, usage of digital signatures is greatly reduced. We also describe a dynamic version of EASES that does not require the pre-production of hash-chain keys to reduce key preparation time and memory usage at the expense of a slight delay of message commitment. As shown by both analysis and experiments, the computation, memory, and bandwidth footprints of EASES are low, making it readily applicable to P2P-based MMOGs.