A novel nonrepudiable threshold multi-proxy multi-signature scheme with shared verification

Tzeng et al. proposed a new threshold multi-proxy multi-signature scheme with threshold verification. In their scheme, a subset of original signers authenticates a designated proxy group to sign on behalf of the original group. A message m has to be signed by a subset of proxy signers who can represent the proxy group. Then, the proxy signature is sent to the verifier group. A subset of verifiers in the verifier group can also represent the group to authenticate the proxy signature. Subsequently, there are two improved schemes to eliminate the security leak of Tzeng et al.’s scheme. In this paper, we have pointed out the security leakage of the three schemes and further proposed a novel threshold multi-proxy multi-signature scheme with threshold verification.     

A Convertible Multi-Authenticated Encryption scheme for group communications

Recently, Wu et al. proposed a Convertible Multi-Authenticated Encryption (CMAE) scheme, which allows a signing group with multiple signers to generate a multi-authenticated ciphertext signature on the chosen message so that only a designated verifier can recover and verify the message. In case of later dispute, the verifier can convert the multi-authenticated ciphertext signature into an ordinary one that can be verified by anyone. In this study, a CMAE scheme for group communications is proposed. This is presented by first reviewing the concepts of group-oriented encryption schemes and the merits of Wu et al.’s scheme. This shows that not only can a multi-authenticated ciphertext signature be generated by a signing group, but also the message can be recovered and verified by a verifying group with multiple verifiers. The security of the proposed scheme is based solely on the DDH problem, which provides higher security confidence than using the CDH problem in Wu et al.’s CMAE scheme.     

基于双线性对的具有已知签名人的门限代理签名方案

（t,n）门限代理签名是代理签名的一种变形,其代理签名密钥由原始签名者指定n个代理签名者分享保存,只有t个或更多的代理签名者才能代表原始签名者产生对消息的签名。最近,钱海峰等人提出了一个基于双线性对的门限代理签名方案。不幸的是。本文显示了钱海峰等人的方案易受伪造攻击,即一小敌手能够伪造任意消息的门限代理签名。此外,钱海峰等人的方案还存在代理签名者能够任意更改门限值这一缺陷,而对此无论是原始签名者还是验证者都无法发现,这一点可能违背原始签名者的意图。本文提出了一个新的门限代理签名方案,新方案克服了钱海峰等人的上述缺陷。     

指定验证人的(t,n)门限代理签名方案

将指定验证人概念引入门限代理签名,提出了一个指定验证人的(t,n)门限代理签名方案.该方案不仅实现了门限代理签名,而且还能实现只有指定验证人一起才能验证门限代理签名的特性.在普通的门限代理签名方案中,任何人都能验证门限代理签名的有效性.然而,在某些情况下,只希望指定的验证人一起才能验证门限代理签名.这在实际中是需要的,如电子商务中的电子投标等.另外,该方案还具有在原始签名人需要时,收回某个代理签名人代理权的特性.     

Cryptanalysis and improvement of a threshold proxy signature scheme

A (t, n) threshold proxy signature scheme allows any t or more proxy signers to cooperatively sign messages on behalf of an original signer, but t ? 1 or fewer proxy signers cannot. In a recent work [C.H. Yang, S.F. Tzeng, M.S. Hwang, On the efficiency of nonrepudiable threshold proxy signature scheme with known signers, Systems and Software 73(3) (2004) 507–514], C.H. Yang, S.F. Tzeng and M.S. Hwang proposed a new threshold proxy signature scheme (called as YTH scheme), which is more efficient in algorithm and communication than Hsu et al.'s scheme proposed in 2001. However, YTH scheme still has some security weaknesses. In this paper, we show that YTH scheme cannot resist frame attack and public-key substitute attack. A new improvement with high safety and efficiency is proposed. The new scheme remedies the weaknesses of YTH scheme, especially, it can resist public-key substitute attack successfully by Zero-Knowledge Proof. Furthermore, the system doesn't need a security channel and computational complexity can be lowered.     

对两种无需证书的数字签名方案的分析及改进

指出樊睿等人的基于无证书的代理签名方案和明洋等人的基于无证书的广义指定验证者签名方案都无法抵抗替换公钥攻击,同时樊睿等人的方案也无法抵抗原始签名人改变攻击,攻击者可以伪造一个他授权代理签名人对相同消息的代理签名,此外,还指出明洋等人在安全性证明中将重放技术直接应用在无证书环境中是不正确的。通过将代理授权证书和用户的公钥作为密码哈希函数的输入,使攻击者无法替换用户的公钥及更改代理授权证书,改进方案有效提高了原方案的安全性,同时保留了原方案的其他优点。     

门限代理签名方案的安全性分析

在Sun提出的门限代理签名方案的基础上,Yang、Tzeng和Hwang等人于2003年提出了一个在算法和通信方面都更有效的门限代理签名方案（简称YTH方案）.对YTH方案进行了安全性分析,指出该方案容易受到内部攻击,即原始签名者在代理签名组不知情的情况下,可以伪造一个由任意t个代理签名者参与的对任何消息的代理签名.由于原始签名者能够绕过代理签名组伪造代理签名,所以该签名方案不符合数字签名所必须满足的不可伪造性和不可否认性原则.     

Insider attacks on multi-proxy multi-signature schemes

In 2004, Hwang and Chen demonstrated new multi-proxy multi-signature schemes that allow a group of authorized proxy signers to sign messages on behalf of a group of original signers. Later, Lyuu and Wu pointed out Hwang et al.’s schemes were not secure and then proposed a modified scheme. They claimed that their modified schemes were secure. But in this paper we show a new attack on the Lyuu-Wu et al.’s schemes. Moreover, the original Hwang-Chen’s schemes are also vulnerable to this insider attack. Furthermore, we point out some improvements for the Lyuu-Wu scheme and Hwang-Chen schemes according to Wang et al.’s methods [Wang GL, Han XX, Zhu B. On the security of two threshold signature schemes with traceable signers. In: Applied Cryptography and Network Security (ACNS 2003). Lect Notes Comput Sci (LNCS), vol. 2846, Springer-Verlag; 2003. p. 111-222]. These improvements can resist our insider attack.     

Proxy-protected signature secure against the undelegated proxy signature attack

The proxy signature scheme enables an original signer to delegate his/her signing capability to a designated proxy signer, thereby the proxy signer can sign messages on behalf of the original signer. Recently, Zhou et al. proposed two proxy-protected signature schemes. One is based on the RSA problem and the other is based on the integer factorization problem. In this paper, however, we point out that Zhou et al.’s schemes are insecure against undelegated proxy signature attack because any user without the delegation of the original signer can generate a valid proxy signature. To solve this problem, an improved scheme is proposed and its security is analyzed.     

基于身份的强指定验证人签名方案*

在有些情况下, 需要将验证者限定为某一个人。 利用基于身份的密码体制, 提出了一种强指定验证人签名和一种强指定验证人多重代理签名, 并对其安全性进行了分析。 在签名代价和验证代价上, 提出的强指定验证人签名比Kang等人的方案要低。提出的强指定验证人多重代理签名可以同时授权给n个代理人, 可以有效防止代理签名人对签名权的滥用。     

A novel efficient (t, n) threshold proxy signature scheme

All previously proposed threshold proxy signature schemes have been based on discrete logarithms required for a protocol to generate and verify a shared secret among the proxy group. Therefore, it is necessary for the proxy signers to perform many expensive modular exponential computations and communications to obtain and verify a shared secret. Moreover, most of the existing threshold proxy signature schemes reveal that the receiver cannot find out who signed the proxy signatures. We propose an efficient (t, n) threshold proxy signature scheme based on Schnorr’s scheme. Compared with existing (t, n) threshold proxy signature schemes, our scheme can reduce the amount of computations and communications. In our method, not only the original signer can know who generated the proxy signature, but also the receiver can certify the actuality of the group signers who made the proxy signature. We offer convenience and fair distribution of auditing a document’s signers.     

On the efficiency of nonrepudiable threshold proxy signature scheme with known signers

In the (t,n) proxy signature scheme, the signature signed by the original signer can be signed by t or more proxy signers out of a proxy group of n proxy signers. Recently, Hsu et al. proposed a nonrepudiable threshold proxy signature scheme with known signers. In this article, we shall propose an improvement of Hsu et al.'s scheme that is more efficient in terms of computational complexity and communication cost.     

共享验证的门限代理签密方案

将共享验证和签密的概念引入到门限代理签名中,构造了一个安全有效的共享验证的门限代理签密方案。该方案不仅实现了门限代理签密,而且还实现了指定验证组中的不少于t个验证人一起才能恢复消息,验证签密的特性。另外,该方案还具有消息保密性、可公开验证性和公开信道授权的优点。     

Improvement of a proxy multi-signature scheme without random oracles

A proxy multi-signature scheme permits two or more original singers to delegate their signing powers to the same proxy signer. Recently, Liu et al. proposed the first proxy multi-signature that be proven secure in the standard model [Liu et al. (2008) [20]], which can be viewed as a two-level hierarchical signature due to Waters. However, because of the direct employment of Waters’ signature, their scheme needs a relatively large number of public parameters and is not tightly reduced to the security assumption. In this paper, inspired by Boneh, Boyen’s technique and Waters’ technique, we propose a new proxy multi-signature scheme without random oracles, whose unforgeability can be tightly reduced to the CDH assumption in bilinear groups. The new scheme can be regarded as an improvement to overcome the weaknesses of Liu et al.’s scheme. Compared with Liu et al.’s scheme, the improvement has three merits, tighter security reduction, shorter system parameters and higher efficiency.     

一种高效的不可否认门限代理签名方案的分析及改进

Yang等人在对Hsu等人的门限代理签名方案进行分析的基础上提出了一种高效的不可否认门限代理签名方案。本文指出Yang等人的方案不具备防伪造性，并提出两种改进方案 ，使其在保证高效性的前提下更加安全。     

高效的不可否认的门限代理签名新方案

基于Kim等人的门限代理签名方案,Sun提出了已知签名人的不可否认的门限代理签名方案。在Sun的方案中,代理签名人不能否认他们所进行的代理签名。随后,Hsu等人证明Sun方案不能抵抗共谋攻击,并提出了相应的改进方案。论文首先证明了Hsu等人的改进方案不能抵抗公钥替换的内部攻击,即任何恶意的内部攻击者,不需要其他代理签名人的密钥,对任意的消息能够伪造一个有效的门限代理签名。然后提出了一种不可否认的门限代理签名新方案,能同时抵抗内部的公钥替换攻击和共谋攻击。就计算复杂度和通信成本而言,该文的方案比Hsu等人的方案更有效、更实用。     

Proxy signature schemes based on factoring

The proxy signature schemes allow proxy signers to sign messages on behalf of an original signer, a company or an organization. However, most of existing proxy signature schemes are based on the discrete logarithm problem. In this paper, the author would like to propose two efficient proxy signature schemes based on the factoring problem, which combine the RSA signature scheme and the Guillou-Quisquater signature scheme. One is a proxy-unprotected signature scheme that is more efficient. No matter how many proxy signers cooperatively sign a message, the computation load for verifiers would remain almost constant. The other is a proxy-protected signature scheme that is more secure. Finally, to protect the privacy of proxy signers, the author proposes a proxy-protected signature scheme with anonymous proxy signers.     

一种新的安全门限签名方案

文章提出了一个新的具有(k,l)门限共享验证的(t,n)门限签名方案。该方案允许签名群体中的t个或者t个以上的签名者共同产生一个有效的门限签名。并且验证群体中的k个或者k个以上的验证者共同对门限签名的有效性进行验证。安全性分析表明该方案能够防止明文攻击、合谋攻击和伪造攻击。     

广义指定多个验证者有序多重签名方案

广义指定多个验证者签名允许签名持有者指定多个签名验证者,有序多重签名则可满足多个签名者以严格的次序进行签名的要求。根据上述特性,提出一种基于身份的广义指定多个验证者有序多重签名方案,采用类短签名的形式构造签名,并在随机预言模型下证明方案的安全性。分析结果表明,该方案具有较高的效率,可抵抗适应性选择消息和身份攻击。     

鲁棒的多重代理多重盲签名方案

多重代理多重签名方案要求所有代理签名人参与签名,若其中一个代理签名人缺席就会导致无法进行代理签名,且参与签名的代理人均知晓消息内容,存在安全缺陷。结合门限签名和盲签名,提出一个[(t,n)]门限多重代理多重盲签名,只要[t]个（或[t]个以上）代理签名人就能对消息签名,且代理签名人对消息不知情,避免了敏感信息的暴露,最后消息拥有者进行脱盲变换完成最终签名。经安全性分析证明该方案满足不可伪造性、不可否认性、可追踪性、鲁棒性和不可链接性等安全特性。