New Representative Collective Signatures Based on the Discrete Logarithm Problem

The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups, each signing group is represented by a group leader. On document M, a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups, each of which is represented by a group leader. The characteristic of this type of letter is that it consists of three elements (U, E, S), one of which (U) is used to store the information of all the signers who participated in the formation of the collective signature on document M. While storing this information is necessary to identify the signer and resolve disputes later, it greatly increases the size of signatures. This is considered a limitation of the collective signature representing 3 elements. In this paper, we propose and build a new type of collective signature, a collective signature representing 2 elements (E, S). In this case, the signature has been reduced in size, but it contains all the information needed to identify the signer and resolve disputes if necessary. To construct the approved group signature scheme, which is the basic scheme for the proposed representative collective signature schemes, we use the discrete logarithm problem on the prime finite field. At the end of this paper, we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.     

Extending RSA cryptosystems to proxy multi‐signature scheme allowing parallel individual signing operation

Abstract

Even though there have been many research studies on proxy signature schemes, only Shao's proxy multi‐signature scheme is based on the factoring problem (FAC). Unfortunately, Shao's scheme requires sequential signing operations and strict order of the modulus. It is not practical and not efficient. We, therefore, based on RSA cryptosystems, propose new proxy‐protected mono‐signature and proxy‐protected multi‐signature schemes. In contrast to their counterparts, our scheme allows parallel signing operations and also improves the signers’ computational performance.     

Code-based Sequential Aggregate Signature Scheme

This paper proposes the first code-based quantum immune sequential aggregate signature (SAS) scheme and proves the security of the proposed scheme in the random oracle model. Aggregate signature (AS) schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively, and all the signatures of those users on those messages can be aggregated into a single signature such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Because of the aggregation of many signatures into a single short signature, AS and SAS schemes can reduce bandwidth and save storage; moreover, when a SAS is verified, not only the valid but also the order in which each signer signed can be verified. AS and SAS schemes can be applied to traffic control, banking transaction and military applications. Most of the existing AS and SAS schemes are based either on pairing or Rivest–Shamir–Adleman (RSA), and hence, can be broken by Shor’s quantum algorithm for Integer Factoring Problem (IFP) and Discrete Logarithm Problem (DLP). There are no quantum algorithms to solve syndrome decoding problems. Hence, code-based cryptography is seen as one of the promising candidates for post-quantum cryptography. This paper shows how to construct quantum immune sequential aggregate signatures based on coding theory. Specifically, we construct our scheme with the first code based signature scheme proposed by Courtois, Finiasz and Sendrier (CFS). Compared to the CFS signature scheme without aggregation, the proposed sequential aggregate signature scheme can save about 90% storage when the number of signers is asymptotically large.     

An Efficient Certificateless Aggregate Signature Scheme Designed for VANET

The Vehicular Ad-hoc Network (VANET) is the fundamental of smart transportation system in the future, but the security of the communication between vehicles and vehicles, between vehicles and roadside infrastructures have become increasingly prominent. Certificateless aggregate signature protocol is used to address this security issue, but the existing schemes still have many drawbacks in terms of security and efficiency: First, many schemes are not secure, and signatures can be forged by the attacker; Second, even if some scheme are secure, many schemes use a large number of bilinear pairing operation, and the computation overhead is large. At the same time, the length of the aggregated signature also increases linearly with the increase of user numbers, resulting in a large communication overhead. In order to overcome the above challenges, we propose a new certificateless aggregate signature scheme for VANET, and prove the security of the scheme under the random oracle model. The new scheme uses pseudonym to realize the conditional privacy protection of the vehicle’s information. The new scheme does not use bilinear pairing operation, and the calculation efficiency is high. At the same time, the length of the aggregate signature of the new scheme is constant, thereby greatly reducing the communication and storage overhead. The analysis results demonstrate that the new scheme is not only safer, but also superior in performance to the recent related schemes in computation overhead and communication cost.     

On the low hamming weight discrete logarithm problem for nonadjacent representations

So-called nonadjacent representations are commonly used in elliptic curve cryptography to facilitate computing a scalar multiple of a point on an elliptic curve. A nonadjacent representation having few non-zero coefficients would further speed up the computations. However, any attempt to use these techniques must also consider the impact on the security of the cryptosystem. The security is studied by examining a related discrete logarithm problem, the topic of this paper. We describe an algorithm to solve the relevant discrete logarithm problem in time that is approximately the square root of the search space. This algorithm is of the familiar ``baby-step giant-step' type. In developing our algorithm we use two tools of independent interest; namely, a combinatorial set system called a ``splitting system' and a new type of combinatorial Gray code.     

一种基于自验证公钥的门限代理签名方案的安全性分析

Xue和Cao提出了一种基于自验证公钥的门限代理签名方案,然而,该方案是不安全的。给出了对该方案一种攻击：攻击者获得一个合法的原始签名人发送给代理签名人的签名了的授权证书以及代理签名人生成的一个有效的代理签名后,能够伪造出一个新的对相同消息的代理签名,而原始签名人变为攻击者自己,由于验证者并不能验证代理签名人到底是代表谁生成了代理签名,这样,攻击者就获得了与合法原始签名人相同的权益。特别地,代理签名人代表原始签名人生成的门限代理签名可以被转化为普通的门限签名。分析了该方案存在安全漏洞的原因并提出了改进措施,改进措施能有效地弥补原方案存在的安全缺陷。     

A note on cyclic groups,finite fields,and the discrete logarithm problem

We show how the discrete logarithm problem in some finite cyclic groups can easily be reduced to the discrete logarithm problem in a finite field. The cyclic groups that we consider are the set of points on a singular elliptic curve over a finite field, the set of points on a genus 0 curve over a finite field given by the Pell equation, and certain subgroups of the general linear group.     

Computational hardness of IFP and ECDLP

The RSA cryptosystem and elliptic curve cryptography (ECC) have been used practically and widely in public key cryptography. The security of RSA and ECC respectively relies on the computational hardness of the integer factorization problem (IFP) and the elliptic curve discrete logarithm problem (ECDLP). In this paper, we give an estimate of computing power required to solve each problem by state-of-the-art of theory and experiments. By comparing computing power required to solve the IFP and the ECDLP, we also estimate bit sizes of the two problems that can provide the same security level.     

Two-tier signatures from the Fiat?Shamir transform, with applications to strongly unforgeable and one-time signatures

The authors show how the Fiat-Shamir transform can be used to convert three-move identification protocols into two-tier signature schemes (a primitive that they define) with a proof of security that makes a standard assumption on the hash function rather than modelling it as a random oracle. The result requires security of the starting protocol against concurrent attacks. It is also shown that numerous protocols have the required properties, and thus numerous efficient two-tier schemes are obtained. The first application is an efficient transform of any unforgeable signature scheme into a strongly unforgeable one. (This extends the work of Boneh, Shen and Waters whose transform only applies to a limited class of schemes.) The second application is the new one-time signature schemes that, compared with the one-way function-based ones of the same computational cost, have smaller key and signature sizes.     

Efficient Secure Data Provenance Scheme in Multimedia Outsourcing and Sharing

To cope with privacy leakage caused by multimedia outsourcing and sharing, data provenance is used to analyze leaked multimedia and provide reactive accountability. Existing schemes of multimedia provenance are based on watermarking protocols. In an outsourcing scenario, existing schemes face two severe challenges: 1) when data leakage occurs, there exists a probability that data provenance results can be repudiated, in which case data provenance tracking fails; and 2) when outsourced data are shared, data encryption transfer causes key management burden outside the schemes, and privacy leakage threatens users. In this paper, we propose a novel data provenance scheme with an improved LUT-based fingerprinting protocol, which integrates an asymmetric watermarking protocol, robust watermark algorithm and homomorphic encryption and digital signatures to achieve full non-repudiation provenance. We build an in-scheme stream cipher to protect outsourced multimedia data from privacy leakage and complicated key management. Our scheme is also lightweight and easy to deploy. Extensive security and performance analysis compares our scheme with the state of the art. The results show that our scheme has not only better provenance security and data confidentiality but also higher efficiency for multimedia outsourcing, sharing and provenance.     

Trusted virtual machine monitor-based group signature architecture

Group communication is an important technique for many network computing applications. In group communication, a member in a group sends a message to others normally by multicast. Group signature guarantees the integrity of the exchanged data and provides source authentication. In a virtual machine (VMs) based computing system, a virtual machine monitor (VMM) allows applications to run in different VMs strongly isolated from each other. A trusted VMM (TVMM) based platform can provide stronger security protection for group signature systems than traditional computing platforms can. The authors first introduce a TVMM-based group signature architecture and a TVMM security protection mechanism for group signature components. Then, the authors propose a group signature scheme using the function of message checking based on the discrete logarithm problem. Finally, the authors prove the correctness of the group signature scheme and analyse its security in virtual computing environments.     

Signature scheme based on the root extraction problem over braid groups

Several public key cryptosystems and authentication schemes based on the conjugator search and root extraction problems over braid groups have been proposed. However, security analysis showed that it is not necessary to solve the underlying conjugator search problem or the root extraction problem in order to break these public key cryptographic algorithms. Hence, these cryptographic primitives suffer from some security drawbacks. A digital signature scheme based on the root extraction problem over braid groups is proposed. It is proven that the only way for the attacker to forge a signature is to extract the eth root for a given braid in the braid group. It is also shown that given sufficiently many message-signature pairs, the attacker needs to solve an intractable problem, the group factorisation problem, in order to forge a signature. Furthermore, it is pointed out that the attacker cannot learn much useful information by reconstructing braid equations with respect to the public and secret keys. Performance analysis shows that the proposed signature scheme is efficient and practical, and the key sizes are acceptable. The computational overheads to sign a message and to verify a signature are only equivalent to several 1024-RSA modular multiplications.     

Threshold proxy re-signature: definition and new constructions

The previous threshold proxy re-signature schemes have been mainly constructed with bilinear maps, the implementations of which are much more time-consuming than exponentiation operations. To solve this problem, we propose efficient threshold proxy re-signature schemes which are constructed with El-Gamal signatures. The performance analysis shows that our schemes are more efficient than the existing threshold proxy re-signature schemes. Based on the discrete logarithm problem, our schemes are provable secure in the random oracle model.     

Quantum Homomorphic Signature with Repeatable Verification

In January 2015, the first quantum homomorphic signature scheme was proposed creatively. However, only one verifier is allowed to verify a signature once in this scheme. In order to support repeatable verification for general scenario, we propose a new quantum homomorphic signature scheme with repeatable verification by introducing serial verification model and parallel verification model. Serial verification model solves the problem of signature verification by combining key distribution and Bell measurement. Parallel verification model solves the problem of signature duplication by logically treating one particle of an EPR pair as a quantum signature and physically preparing a new EPR pair. These models will be beneficial to the signature verification of general scenarios. Scheme analysis shows that both intermediate verifiers and terminal verifiers can successfully verify signatures in the same operation with fewer resource consumption, and especially the verified signature in entangled states can be used repeatedly.     

A multivariate based threshold ring signature scheme

In Sakumoto et al. (CRYPTO 2011, LNCS, vol 6841. Springer, Berlin, pp 706–723, 2011), presented a new multivariate identification scheme, whose security is based solely on the MQ-Problem of solving systems of quadratic equations over finite fields. In this paper we extend this scheme to a threshold ring identification and signature scheme. Our scheme is the first multivariate scheme of this type and generally one of the first multivariate signature schemes with special properties. Despite of the fact that we need more rounds to achieve given levels of security, the signatures are at least twice shorter than those obtained by other post-quantum (e.g. code based) constructions. Furthermore, our scheme offers provable security, which is quite a rare fact in multivariate cryptography.     

A group signature based buyer coalition scheme with trustable third party

Despite the large number of existing buyer coalition schemes and increasing need for trusting relationship in buyer coalitions, no current buyer coalition scheme explicitly addresses trust issues within these schemes in a formalised manner. Without establishing a trusting relationships among various roles, many buyers may not be willing to join the coalitions. This study proposes a solution, in the form of an algorithmic design, as a response to the above need. Specific features of the proposed solution are: (i) the use of ‘group signature’ in order to guarantees anonymity within a group that results in trustfulness of the relationships and (ii) introducing a new role called ‘authority’ to maintain and implement anonymity. In addition, the proposed scheme is capable of maintaining ‘correctness’ and ‘accountability’ by both identifying misbehaved buyers as well as implementing various punishment methods.Knowledge domain of the study is the common space between three overlapping fields including Electronic Commerce, Communication Technologies and Information Systems.     

改进的超椭圆曲线结构化多重盲签名

安全高效的多重盲签名方案在电子商务和电子现金系统有很多重要的应用.本文对已有的结构化多重签名方案进行了分析和改进,提出快速和高效的基于超椭圆曲线的结构化多重盲签名方案.我们将签名结构从二层扩展为三层,使有序和广播更好的结合,并给出各种情形下的具体算法.最后,比较和分析了改进方案的复杂度和安全性,与已有文献比较,改进方案的运算量减少了(3n+2)TH+(273.8n+32.2)TML.结果表明,改进方案具有运算量低,所需时间少,安全性高且易于实现等优点.     

An Access Control Scheme Using Heterogeneous Signcryption for IoT Environments

When the Wireless Sensor Network (WSN) is combined with the Internet of Things (IoT), it can be employed in a wide range of applications, such as agriculture, industry 4.0, health care, smart homes, among others. Accessing the big data generated by these applications in Cloud Servers (CSs), requires higher levels of authenticity and confidentiality during communication conducted through the Internet. Signcryption is one of the most promising approaches nowadays for overcoming such obstacles, due to its combined nature, i.e., signature and encryption. A number of researchers have developed schemes to address issues related to access control in the IoT literature, however, the majority of these schemes are based on homogeneous nature. This will be neither adequate nor practical for heterogeneous IoT environments. In addition, these schemes are based on bilinear pairing and elliptic curve cryptography, which further requires additional processing time and more communication overheads that is inappropriate for real-time communication. Consequently, this paper aims to solve the above-discussed issues, we proposed an access control scheme for IoT environments using heterogeneous signcryption scheme with the efficiency and security hardiness of hyperelliptic curve. Besides the security services such as replay attack prevention, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy, the proposed scheme has very low computational and communication costs, when it is compared to existing schemes. This is primarily because of hyperelliptic curve lighter nature of key and other parameters. The AVISPA tool is used to simulate the security requirements of our proposed scheme and the results were under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) proved to be SAFE when the presented scheme is coded in HLPSL language. This scheme was proven to be capable of preventing a variety of attacks, including confidentiality, integrity, unforgeability, non-repudiation, forward secrecy, and replay attacks.

     

An Efficient and Practical Quantum Blind Signature Protocol with Relaxed Security Model

Blind signature has a wide range of applications in the fields of E-commerce and block-chain because it can effectively prevent the blind signer from getting the original message with its blindness. Owing to the potential unconditional security, quantum blind signature (QBS) is more advantageous than the classical ones. In this paper, an efficient and practical quantum blind signature scheme relaxed security model is presented, where quantum superposition, decoy qubits and hash function are used for the purpose of blindness. Compared with previous QBS scheme, the presented scheme is more efficient and practical with a relaxed security model, in which the signer’s dishonest behavior can be detected other than being prevented as in other QBS schemes.     

Generic constructions for universal designated-verifier signatures and identitybased signatures from standard signatures

The authors give a generic construction for universal (mutli) designated-verifier signature schemes from a large class of signature schemes, referred to as Class C. The resulting schemes are efficient and have two important properties. Firstly, they are provably DV-unforgeable, non-transferable and also non-delegatable. Secondly, the signer and the designated verifier can independently choose their cryptographic settings. The authors also propose a generic construction for (hierarchical) identity-based signature schemes from any signature scheme in C and prove that the construction is secure against adaptive chosen message and identity attacks. The authors discuss possible extensions of our constructions to identity-based ring signatures and identity-based designated-verifier signatures from any signature in C. Finally, the authors show that it is possible to combine the above constructions to obtain signatures with combined functionalities.