共查询到20条相似文献,搜索用时 15 毫秒
1.
现有可证明安全的前摄性门限RSA签名方案均依赖加性秘密共享方法,存在每次签名均需所有成员参与,易暴露合法成员的秘密份额,签名效率低下等问题。该文以Shoup门限签名为基础,提出一种基于多项式秘密共享的前摄性门限RSA签名方案,并对其进行了详细的安全性及实用性分析。结果表明,在静态移动攻击者模型中,该方案是不可伪造的和稳健的,与现有同类方案相比,其通信开销更低,运算效率更高。 相似文献
2.
3.
We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of
work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems.
In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature
and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and
a sample RSA signature on a single public message.
Our scheme possesses several attractive properties. First, provable security, as forging the undeniable signatures is as
hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition,
these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small
number of exponentiations). Furthermore, the RSA-based structure of our scheme provides with simple and elegant solutions
to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility
of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny
signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of
the signing and confirmation operations.
Due to the above properties and the fact that our undeniable nsignatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations.
Received 25 July 1997 and revised 5 November 1998 相似文献
4.
The redactable signature scheme was introduced by Johnson and others in 2002 as a mechanism to support disclosing verifiable subdocuments of a signed document. In their paper, a redactable signature based on RSA was presented. In 2009, Nojima and others presented a redactable signature scheme based on RSA. Both schemes are very efficient in terms of storage. However, the schemes need mechanisms to share random prime numbers, which causes huge time consuming computation. Moreover, the public key in the scheme of Johnson and others is designed to be used only once. In this paper, we improve the computational efficiency of these schemes by eliminating the use of a random prime sharing mechanism while sustaining the storage efficiency of them. The size of our signature scheme is the same as that of the standard RSA signature scheme plus the size of the security parameter. In our scheme, the public key can be used multiple times, and more efficient key management than the scheme of Johnson and others is possible. We also prove that the security of our scheme is reduced to the security of the full domain RSA signature scheme. 相似文献
5.
针对传统的门限RSA签名体制中需对剩余环Z(N)中元素求逆(而环中元素未必有逆)的问题,该文首先提出一种改进的Shamir秘密共享方法。 该方法通过在整数矩阵中的一系列运算来恢复共享密钥。由于其中涉及的参数均为整数,因此避免了传统方案中由Lagrange插值公式产生的分数而引起的环Z(N)中的求逆运算。然后基于该改进的秘密共享方法给出了一个新型的门限RSA Rivest Shanair Atleman签名方案。由于该方案无须在任何代数结构(比如Z(N))中对任何元素求逆,也无须进行代数扩张,因此在实际应用中更为方便、有效。 相似文献
6.
7.
针对基于中国剩余定理的门限RSA签名方案无法签署某些消息,以及部分签名合成阶段运算量大的问题,论文提出一种基于虚拟群成员的改进方法,使得改进后的方案能够签署所有消息,同时能够极大地减少部分签名合成阶段的运算量,当门限值为10时,可以将部分签名合成阶段的运算量减少为原来的1/6。对改进方案进行了详细的安全性和实用性分析。结果表明,改进方案在适应性选择消息攻击下是不可伪造的,且其运算效率较其他门限RSA签名方案更高。 相似文献
8.
We present a model for attacking various cryptographic schemes by taking advantage of random hardware faults. The model consists
of a black-box containing some cryptographic secret. The box interacts with the outside world by following a cryptographic
protocol. The model supposes that from time to time the box is affected by a random hardware fault causing it to output incorrect
values. For example, the hardware fault flips an internal register bit at some point during the computation. We show that
for many digital signature and identification schemes these incorrect outputs completely expose the secrets stored in the
box. We present the following results: (1) The secret signing key used in an implementation of RSA based on the Chinese Remainder
Theorem (CRT) is completely exposed from a single erroneous RSA signature, (2) for non-CRT implementations of RSA the secret key is exposed given a large number (e.g. 1000)
of erroneous signatures, (3) the secret key used in Fiat—Shamir identification is exposed after a small number (e.g. 10) of
faulty executions of the protocol, and (4) the secret key used in Schnorr's identification protocol is exposed after a much
larger number (e.g. 10,000) of faulty executions. Our estimates for the number of necessary faults are based on standard security
parameters such as a 1024-bit modulus, and a 2
-40
identification error probability. Our results demonstrate the importance of preventing errors in cryptographic computations.
We conclude the paper with various methods for preventing these attacks.
Received July 1997 and revised August 2000 Online publication 27 November, 2000 相似文献
9.
10.
11.
Player Simulation and General Adversary Structures in Perfect Multiparty Computation 总被引:6,自引:0,他引:6
The goal of secure multiparty computation is to transform a given protocol involving a trusted party into a protocol without
need for the trusted party, by simulating the party among the players. Indeed, by the same means, one can simulate an arbitrary player in any given protocol. We formally
define what it means to simulate a player by a multiparty protocol among a set of (new) players, and we derive the resilience
of the new protocol as a function of the resiliences of the original protocol and the protocol used for the simulation.
In contrast to all previous protocols that specify the tolerable adversaries by the number of corruptible players (a threshold),
we consider general adversaries characterized by an adversary structure, a set of subsets of the player set, where the adversary
may corrupt the players of one set in the structure. Recursively applying the simulation technique to standard threshold multiparty
protocols results in protocols secure against general adversaries.
The classical results in unconditional multiparty computation among a set of n players state that, in the passive model, any adversary that corrupts less than n/2 players can be tolerated, and in the active model, any adversary that corrupts less than n/3 players can be tolerated. Strictly generalizing these results we prove that, in the passive model, every function (more
generally, every cooperation specified by involving a trusted party) can be computed securely with respect to a given adversary
structure if and only if no two sets in the adversary structure cover the full set of players, and, in the active model, if and only if no three sets cover the full set of players. The complexities of the protocols are polynomial in the number of maximal adverse player
sets in the adversary structure.
Received 31 December 1997 and revised 26 February 1999 相似文献
12.
Cheng Xiangguo Xu Weidong Wang Xinmei 《电子科学学刊(英文版)》2006,23(1):76-80
The idea behind a (t, n) threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content, This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player, However, he cannot forge the players to generate partial blind signatures (Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks). Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient. 相似文献
13.
Masayuki Abe Georg Fuchsbauer Jens Groth Kristiyan Haralambiev Miyako Ohkubo 《Journal of Cryptology》2016,29(2):363-421
A modular approach to constructing cryptographic protocols leads to simple designs but often inefficient instantiations. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest a new design paradigm, structure-preserving cryptography, that provides a way to construct modular protocols with reasonable efficiency while retaining conceptual simplicity. A cryptographic scheme over a bilinear group is called structure-preserving if its public inputs and outputs consist of elements from the bilinear groups and their consistency can be verified by evaluating pairing-product equations. As structure-preserving schemes smoothly interoperate with each other, they are useful as building blocks in modular design of cryptographic applications. This paper introduces structure-preserving commitment and signature schemes over bilinear groups with several desirable properties. The commitment schemes include homomorphic, trapdoor and length-reducing commitments to group elements, and the structure-preserving signature schemes are the first ones that yield constant-size signatures on multiple group elements. A structure-preserving signature scheme is called automorphic if the public keys lie in the message space, which cannot be achieved by compressing inputs via a cryptographic hash function, as this would destroy the mathematical structure we are trying to preserve. Automorphic signatures can be used for building certification chains underlying privacy-preserving protocols. Among a vast number of applications of structure-preserving protocols, we present an efficient round-optimal blind-signature scheme and a group signature scheme with an efficient and concurrently secure protocol for enrolling new members. 相似文献
14.
盲签名是一种重要的密码与计算机网络安全技术,它的使用可以保证所传送的信息不被篡改和伪造。在盲签名方案中,消息的内容对签名者是不可见的,签名被泄露后,签名者不能追踪其签名。论文基于RSA密码体制,利用扩展Euclidean算法构造了一种不可跟踪盲签名方案。 相似文献
15.
16.
一种高效群签名方案的密码学分析 总被引:1,自引:0,他引:1
2005年,张键红等提出了一种基于RSA的高效群签名方案,签名与验证的计算量只需要9次模幂乘运算。该文提出了一种伪造攻击方案指出张等的方案是不安全的,任一群成员在撤消中心的帮助下可以不利用自己的秘密参数对任何消息生成有效的群签名。同时,指出了群成员的识别算法是错误的,身份追踪式是与具体签名无关的常量,即身份追踪算法无法追踪到真实的签名者。最后,指出了他们的方案具有关联性。 相似文献
17.
In proxy signature schemes, the proxy signer B is permitted to produce a signature on behalf of the original signer A. However, exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper, we applied Dodis, et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates. 相似文献
18.
19.
WangXiaoming FuFangwei 《电子科学学刊(英文版)》2003,20(4):274-278
The threshold group signature is an important kind of signature. So far, many threshold group signature schemes have been proposed, but most of them suffer from conspiracy attack and are insecure. In this paper, a secure threshold group signature scheme is proposed.It can not only satisfy the properties of the threshold group signature, but also withstand the conspiracy attack. 相似文献
20.
数字签名是保证信息安全的一种重要手段,针对安全要求级别不同的办公自动化系统信息,利用椭圆曲线数字签名算法(ECDSA)具有较短的密钥长度和较高的安全强度,及公钥加密算法(RSA)具有密钥加解密的可逆性特点,设计了两种不同的方案,即基于RSA密钥的原文及其摘要签名策略,及基于RSA和ECC的3套密钥签名策略,并对方案的功能性和安全性进行了分析,保障办公信息的身份认证和传输的完整性和保密性,解决了办公自动化系统存在的一些安全隐患。 相似文献