一个高效的基于身份和RSA的紧致多重数字签名方案

紧致多重数字签名是指多个用户对同一个消息进行多重签名,所得多重签名的长度和单个用户签名的长度相当。该文提出一个高效的基于身份和RSA的紧致多重签名方案。签名和验证的效率比Bellare和Neven的多重签名方案提高了接近50%,多重签名的长度和单个RSA签名长度相当,因为使用了基于身份的公钥密码,新方案很好地实现了多重签名的紧致性目标。在随机预言模型和RSA假设下证明了方案的安全性。     

Provably secure RSA‐type signature based on conic curve

In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd.     

基于纠错编码的多变量公钥加密方案

Advances in quantum computers pose potential threats to the currently used public key cryptographic algorithms such as RSA and ECC. As a promising candidate against attackers equipped with quantum computational power, Multivariate Public Key Cryptosystems (MPKCs) has attracted increasing attention in recently years. Unfortunately, the existing MPKCs can only be used as multivariate signature schemes, and the way to construct an efficient MPKC enabling secure encryption remains unknown. By employing the basic MQ trapdoors, this paper proposes a novel multivariate encryption scheme by combining MPKCs and code based public key encryption schemes. Our new construction gives a positive response to the challenges in multivariate public key cryptography. Thorough analysis shows that our scheme is secure and efficient, and its private key size is about 10 times smaller than that of McEliece type cryptosystems.     

可证安全的有效代理签名方案

针对固定维数的格基委托算法或格上基于盆景树生成的代理签名方案中私钥和签名的长度均过大的问题,提出一种较小尺寸的代理签名方案。该方案对随机预言机进行了合并优化,并使用一个更小范数但是向量盲化的消息,从而控制代理签名私钥的维数,其安全性基于格上最短向量问题和小整数解问题的困难性,并且满足代理签名方案所有的安全性要求。与现有方案相比,该方案有效地减小了代理签名私钥和代理签名的长度,使代理私钥长度与原始签名用户私钥长度相当。     

基于RSA算法的扩展算法

RSA的安全性是依据大整数分解的困难性而设计的。RSA公开密钥加密体制中n为2个大素数的乘积,即针对n=pq（p,q为大素数）的大整数分解,这里介绍了RSA算法的扩展算法的加密和解密原理,即针对n=p1,p2,…,pr（p1,p2,…,pr为大素数）的大整数分解。通过扩展素因子的个数达到RSA算法的安全性。比较RSA算法,扩展的RSA算法不仅可用于数据加密解密,也可用于数字签名。利用扩展的RSA算法实现数字签名也具有较高的安全性和可靠性。     

Attribute-based signatures on lattices

Because of its wide application in anonymous authentication and attribute-based messaging, the attribute-based signature scheme has attracted the public attention since it was proposed in 2008. However, most of the existing attribute-based signature schemes are no longer secure in quantum era. Fortunately, lattice-based cryptography offers the hope of withstanding quantum computers. And lattices has elevated it to the status of a promising potential alternative to cryptography based on discrete log and factoring, owing to implementation simplicity, provable security reductions and quantum-immune. In this paper, the first lattice attribute-based signature scheme in random oracle model is proposed, which is proved existential unforgeability and perfect privacy. Compared with the current attribute-based signature schemes, our new attribute-based signature scheme can resist quantum attacks and has much shorter public-key size and signature size. Furthermore, this scheme is extended into an attribute-based signature scheme on number theory research unit (NTRU) lattice, which is also secure even in quantum era and has much higher efficiency than the former.     

具有强安全性的不含双线性对的无证书签名方案

该文提出了一种满足强安全性的不需双线性对运算的无证书签名方案,能抵抗适应性选择消息和适应性选择身份的存在性伪造攻击,并且在随机预言模型下基于离散对数难题给出了完整的安全性证明。与现有的绝大多数无证书签名方案都是基于双线性对的不同,该文提出的新方案没有复杂的双线性对运算,具有明显的效率优势。另外,通过对王会歌等人的无证书签名方案进行分析,指出此方案是不安全的,并给出了具体的攻击方法。     

Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems

We propose and analyze two efficient signature schemes whose security is tightly related to the Diffie-Hellman problems in the random oracle model. The security of our first scheme relies on the hardness of the computational Diffie-Hellman problem; the security of our second scheme - which is more efficient than the first-is based on the hardness of the decisional Diffie-Hellman problem, a stronger assumption. Given the current state of the art, it is as difficult to solve the Diffie-Hellman problems as it is to solve the discrete logarithm problem in many groups of cryptographic interest. Thus, the signature schemes shown here can currently offer substantially better efficiency (for a given level of provable security) than existing schemes based on the discrete logarithm assumption. The techniques we introduce can also be applied in a wide variety of settings to yield more efficient cryptographic schemes (based on various number-theoretic assumptions) with tight security reductions.     

Certificateless signature and blind signature

Certificateless public key cryptography is a new paradigm introduced by Al-Riyami and Paterson. It eliminates the need of the certificates in traditional public key cryptosystems and the key escrow problem in IDentity-based Public Key Cryptography （ID-PKC）. Due to the advantages of the certificateless public key cryptography, a new efficient certificateless pairing-based signature scheme is presented, which has some advantages over previous constructions in computational cost. Based on this new signature scheme, a certificateless blind signature scheme is proposed. The security of our schemes is proven based on the hardness of computational Diffie-Hellman problem.     

基于多项式秘密共享的前摄性门限RSA签名方案

现有可证明安全的前摄性门限RSA签名方案均依赖加性秘密共享方法,存在每次签名均需所有成员参与,易暴露合法成员的秘密份额,签名效率低下等问题。该文以Shoup门限签名为基础,提出一种基于多项式秘密共享的前摄性门限RSA签名方案,并对其进行了详细的安全性及实用性分析。结果表明,在静态移动攻击者模型中,该方案是不可伪造的和稳健的,与现有同类方案相比,其通信开销更低,运算效率更高。     

无随机预言机的广义指定验证者签名方案

现有的广义指定验证者签名方案的安全性大都是在随机预言机模型下证明的,但是在该模型下的可证安全并不意味着在现实中是安全的.基于Zhang等人提出的无随机预言机模型下的短签名方案,提出了一个在标准模型下可证安全的广义指定验证者签名方案,其强不可伪造性基于k＋1平方根假设和指数知识假设,证明了提出方案在选择公钥和选择消息攻击下是无条件不可传递的.方案的签名长度为1366 bits,比现有方案的签名长度要短.     

高效的可证明安全的无证书聚合签名方案

利用双线性对构造了一个高效的无证书聚合签名方案,在随机预言机模型下给出了方案的安全性证明,其安全性基于计算Diffie-Hellman难题.与已有的无证书聚合签名方案相比,本文方案更能提高签名验证与传输效率,因聚合签名的验证只需要计算4个双线性对,签名的长度是固定的,仅有320bits,是目前最短的无证书聚合签名.     

Cryptographically Generated Addresses for Constrained Devices*

Cryptographically Generated Addresses (CGAs) have been designed to solve the so-called IPv6 Address Ownership problem. The current IETF CGA proposal relies on RSA signature. Generating an RSA signature is quite expensive and might be prohibitive for small devices with limited capacities. For example, a 1024-RSA signature requires approximately 1536 modular multiplications. In this paper, we propose a new CGA scheme whose verification requires fewer than 10 modular multiplications. We achieve this performance gain by (1) selecting an efficient signature scheme, namely the small prime variation of the Feige-Fiat-Shamir scheme and (2) tuning the cryptographic parameters of this signature scheme to the security strength of the CGA (i.e. the size of the hash function used to generate it).     

一个基于身份的盲签名方案的改进

盲签名就是接收者在不让签名者获取所签署消息具体内容的情况下所采取的一种特殊的数字签名技术,它在安全电子商务中有着重要的应用。牛志华等学者提出了一个高效的基于身份的盲签名方案。该方案用以身份为基础的公钥取代了数字证书形式的公钥,提高了系统效率,节省了存储空间。但是,这一签名方案存在严重的构造错误。文中分析并改进了该方案,从而使方案的正确性得到了有效的验证。     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

混合可验证加密签名体制及应用

在要求高效的密钥管理和中等的安全性的情况下,基于身份公钥密码已成为代替基于证书的公钥密码的一个很好的选择.本文在基于身份系统中,引入少数几个采用公钥证书实体充当裁决者,从而提出混合可验证加密签名的概念,并在Cheon基于身份签名体制的基础上,构造了一个有效的混合可验证加密签名体制;随后,本文讨论了混合可验证加密签名体制的安全模型,并在随机谕示模型下,基于双线性映射的计算性Diffie-Hellman问题难解性假设,证明本文体制是可证安全的.本文体制可用于构造基于身份的优化公平签名交换协议,这在电子商务等领域有着广泛的应用.     

破解新型的轻量级数字签名方案

由于RSA、ECC签名方案计算效率低,不适用于无线传感器网络、低廉智能卡、无线射频RFID等特殊应用领域。为设计适用于计算能力有限的小计算设备上的签名方案,Wang等人结合散列认证技术,提出了一种新型的轻量级数字签名方案。针对该新型轻量级数字签名方案,给出了由签名公钥求解其等价签名私钥的多项式时间算法。使用等价签名私钥,对手可以对任意消息伪造签名,从而破解了他们结合散列认证技术提出的数字签名方案。     

Further improvement of a certificateless signature scheme without pairing

Recently, He et al. proposed an efficient certificateless signature (CLS) scheme without pairings and demonstrated their scheme to be provably secure in the random oracle model. Unfortunately, Tian and Huang and Tsai et al. pointed out that the scheme cannot withstand a Type II adversary's attack. Tsai et al. also proposed an improved scheme to enhance security. However, the schemes of He et al. and Tsai et al. are not real CLS schemes because the user's public key is used to generate its partial private key. Besides, He et al. and Tsai et al. just demonstrated that their schemes are secure against the normal adversary in the random oracle model. In this paper, we propose a real CLS scheme and demonstrate that our scheme is secure against the super adversary. Security analysis and performance analysis show that our scheme could enhance security and increase computational cost slightly. Copyright © 2012 John Wiley & Sons, Ltd.     

Robust and Efficient Sharing of RSA Functions

We present two efficient protocols which implement robust threshold RSA signature schemes, where the power to sign is shared by N players such that any subset of T+1 or more signers can collaborate to produce a valid RSA signature on any given message, but no subset of T or less corrupted players can forge a signature. Our protocols are robust in the sense that the correct signature is computed even if up to T players behave in an arbitrarily malicious way during the signature protocol. This, in particular, includes the cases of players who refuse to participate or who introduce erroneous values into the computation. Our robust protocols achieve optimal resiliency as they can tolerate up to (N-1)/2 faults, and their efficiency is comparable with the efficiency of the underlying threshold RSA signature scheme. Our protocols require RSA moduli which are the product of two safe primes, and that the underlying (centralized) RSA signature scheme is unforgeable. Our techniques also apply to the secure sharing of the RSA decryption function. We show that adding robustness to the existing threshold RSA schemes reduces to solving the problem of how to verify an RSA signature without a public verification Received 21 March 1997 and revised 28 September 1999     

两个高效的基于分级身份的签名方案

提出两个新的基于分级身份的签名方案.在随机应答模型下,新方案有如下结果:两个方案中的签名算法效率都很高;这两个方案是可证明安全的,在给定身份和选择明文攻击下是不可伪造的; 第二个方案的签名长度是常数, 与分级深度无关; 两个方案都能达到安全归约紧致的要求.