无证书的广义指定多个验证者签名体制*

提出了无证书的广义指定多个验证者的签名体制,将指定单个验证者签名方案扩展到了指定多个验证者的签名方案。该方案满足所有无证书体制下指定验证者签名所要满足的安全要求,它的不可伪造性依赖于BDH假设,并且在随机预言模型下证明了该方案能够抵抗适应性选择消息和身份攻击。     

Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party can even verify the validity of a designated verifier signature. We show that anyone who intercepts one signature can verify subsequent signatures in Zhang-Mao ID-based designated verifier signature scheme and Lal-Verma ID-based designated verifier proxy signature scheme. We propose a new and efficient ID-based designated verifier signature scheme that is strong and unforgeable. As a direct corollary, we also get a new efficient ID-based designated verifier proxy signature scheme.     

Identity-based universal designated multi-verifiers signature schemes

An identity-based (ID-based) universal designated verifier signature (ID-UDVS) scheme allows a signature holder to designate a specific verifier of the signature by using a simplified public identity such as e-mail address. In the paper, we present an efficient identity-based universal designated multi-verifiers signature (ID-UDMVS) scheme by extending a single verifier to a set of multi-verifiers for verification of a signature. To achieve our goal, we construct an ID-based signature scheme providing batch verification and then, using this scheme as a building block, we firstly propose an ID-UDMVS scheme with constant signature size. Interestingly our construction method can be used as a generic method transforming an ID-UDVS scheme, which is defined in a bilinear version of the so-called ∑ protocol, to an ID-UDMVS scheme.     

A novel ID-based designated verifier signature scheme

In a designated verifier signature scheme, only the designated verifier can verify the validity of a signature. This paper studies an Identity-based Strong Designated Verifier Signature (IBSDVS) scheme based on bilinear pairings by combining ID-based cryptosystem with the designated verifier signature scheme. We analyze the security of the scheme and the result shows that the security of our proposed scheme is closely related to the Bilinear Diffie-Hellman problem and the scheme is against delegatability attack.     

高效的基于证书强指定验证者签名方案

针对基于身份公钥密码系统下的强指定验证者签名中的第三方完全可信问题及已有签名方案效率不高的问题,利用基于证书密码系统中证书认证机构(CA)的信任级别低的优点,提出了一个新的强指定验证者签名方案。在随机预言模型下基于双线性Diffie-Hellman(BDH)问题假设给出了形式化的安全性分析。通过性能分析可看出:该方案能满足强指定验证者签名方案的所有性质,且签名长度仅为群中一个元素,具有较高的通信效率,适用于带宽受限的环境。     

An identity based universal designated verifier signature scheme secure in the standard model

Universal designated verifier signature was first introduced by Steinfeld, Bull, Wang and Pieprzyk in Asiacrypt 2003. In the universal designated verifier signature scheme, any holder of a signature can designate the signature to any desired designated verifier, such that only the designated verifier will believe that the signature holder holds a valid signature. In SecUbiq’05 [Zhang Fangguo, Susilo Willy, Mu Yi, Chen Xiaofeng, 2005. Identity-based universal designated verifier signatures. In: The First International Workshop on Security in Ubiquitous Computing Systems, Nagasaki, Japan, LNCS 3823. Springer-Verlag, Berlin, pp. 825-834] first extended this notion to the identity based setting and proposed two identity based universal designated verifier signature schemes. However, the security of their scheme is based on the random oracle model. Up to now, there is no provably secure identity based universal designated verifier signature scheme in the standard model. In this paper, we propose the first identity based universal designated verifier signature scheme whose security can be proven in the standard model based on the hardness of the computational Diffie-Hellman (CDH) problem.     

A novel identity-based strong designated verifier signature scheme

Unlike ordinary digital signatures, a designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party. In a strong designated verifier signature scheme, no third party can even verify the validity of a designated verifier signature, since the designated verifier’s private key is required in the verifying phase. Firstly, this paper proposes the model of identity-based strong designated verifier signature scheme based on bilinear pairings by combining identity-based cryptosystem with the designated verifier signature scheme, and then, provides one concrete strong identity-based designated verifier signature scheme, which has short size of signature, low communication and computational cost. We provide security proofs for our scheme.     

限制多方验证者签名的方案

提出了限制多方验证者签名的精确定义,构造了一个有效的限制多方验证者签名方案,该方案只计算一次签名就能同时限制多个验证者验证签名,弥补了一般限制验证者签名方案只有一个限制验证者的局限。分析了在BDHP困难性假设下达到期望的安全需求。该方案不仅支持否认协议,而且比一般限制单方验证者签名方案执行多次的效率高。     

标准模型下广义指定验证者签密

针对现实中签名的安全问题,提出了基于Waters技术的标准模型下安全的广义指定验证者签密方案。签密能够在一个逻辑步骤内同时完成加密和签名的功能。在广义指定验证者签名中,签名持有者即其拥有签名者的签名,能够确认一个指定验证者使其拥有这个签名,而指定验证者不能转移这种认定给其他任何人,仅指定的验证者能够验证签名的存在性。该方案通过广义指定验证者和签密的结合,消除了签名者和签名持有者在签名传输时所需的安全通道。在计算性线性Diffie-Hellman问题假设下,该方案被证明是安全的。和现有的方案相比,所提方案具有较高的计算效率。     

基于身份的强指定验证者签名方案

分析基于身份的指定验证者签名方案的漏洞,指出任何人只要获取一个签名就可以验证以后所有的签名,并提出一个高效的基于身份的强指定验证者签名方案。该方案结合了单向认证密钥交换协议中的发送者前向安全性和已知密钥安全性等特点。与已知的基于身份的强指定验证者签名方案相比,该方案具有更强的安全性,且签名和验证算法更高效。     

Generalized Ring Signatures

Ring signature was first introduced in 2001. In a ring signature, instead of revealing the actual identity of the message signer, it specifies a set of possible signers. The verifier can be convinced that the signature was indeed generated by one of the ring members, however, she is unable to tell which member actually produced the signature. In this paper, we propose a generalized ring signature scheme and a generalized multi-signer ring signature based on the original ElGamal signature scheme. The proposed ring signature can achieve unconditional signer ambiguity and is secure against adaptive chosen-message attacks in the random oracle model. Comparing to ring signature based on RSA algorithm, the proposed generalized ring signature scheme has three advantages: (1) all ring members can share the same prime number and all operations can be performed in the same domain; (2) by combining with multi-signatures, we can develop the generalized multi-signer ring signature schemes to enforce cross-organizational involvement in message leaking. It may result in a higher level of confidence or broader coverage on the message source; and (3) the proposed ring signature is a convertible ring signature. It enables the actual message signer to prove to a verifier that only she is capable of generating the ring signature.     

标准模型下可证明安全的广义指定验证者签名(证明)方案

基于最新被提出的k+1平方根假设,提出了两个新的不同类型的广义指定验证者签名方案,它们都是在标准模型之下可证明安全的。第二个方案的指定者可以把签名任意指定给某一个验证者,指定验证者借助Schnorr认证协议的思想采用一个高效的交互协议进行验证。因此,第二个方案常被称为广义指定验证者签名证明方案。     

多个签名者强指定验证者签名方案

指定验证者签名可以实现签名者选择所期望的验证者验证签名的有效性,从而达到控制数字签名任意传播的目的,基于双线性对构造了一个新的基于身份的多签名者强指定验证者签名方案。新方案中多个签名者将隐藏的私钥以及进行哈希的消息发送给签名收集者,使得签名收集者无法利用签名者的私钥任意伪造签名,也不能对任意的消息进行签名,由签名收集者进行的多签名者强指定验证者签名方案缩短了签名时间和签名长度,并且减小了单个签名者权利过大的可能性。该签名体制可以用于多人联名上书的情况。新方案在BDH问题和DLP问题的困难性假设下,在基于身份的多签名者强指定验证者签名的不可伪造性和不可转发性概念下是安全的。     

一种通用的指定验证者环签名方案的改进

Li-Wang(2006)提出了一种通用指定验证者环签名方案(UDVRS)。该方案允许签名者指定一个验证者并产生一个指定验证者环签名,使得只有指定验证者才能验证该环签名。通过对Li-Wang提出的通用环签名方案进行分析,指出了该方案并不满足指定验证者性质,给出了攻击方法。为避免该缺陷,对Li-Wang通用指定验证者环签名方案进行改进,改进后的方案是可证安全的。     

指定验证者签名方案的安全性分析

对Kang等人和张学军提出的2个基于身份的指定验证者签名方案(Kang方案和Zhang方案)进行安全性分析,指出在Kang方案中,非指定验证者也可以验证签名的有效性,不能抵抗伪造攻击和授权攻击,Zhang方案也不满足不可伪造性、强壮性和不可授权性。     

新的基于身份的广义指定多验证者签名

在一个指定验证者签名方案中,只有指定的验证者才能验证签名的有效性。论文基于双线性对提出一种新的基于身份的广义指定多个验证者签名方案。新方案采用引进两个独立PKG的方法,在一定程度上消除了单个PKG可以伪造用户签名的安全缺陷。证明了在BDH问题假设和随机预言机下新方案是安全的。     

基于身份的强指定验证者签名方案

针对近期提出的基于身份强指定验证者签名方案的安全漏洞,通过采用在随机Oracle模式安全的知识的零知识证明方法,构建一个安全的基于身份的强指定验证者签名方案.同时与以往体制相比,实现效率有明显提高.     

Comment on Saeednia et al.'s strong designated verifier signature scheme

In 1996, Jakobsson et al. proposed a designated verifier signature scheme in which only one specified person, called a designated verifier, can be convinced of the validity of the signature and the identity of the signer. This is possible by giving the designated verifier the ability to simulate a signature him/herself in an indistinguishable way. Therefore, the other third party cannot determine whether the signature is from the signer or the designated verifier. However, in some circumstances, the third party may be convinced that a signature intended for the designated verifier is actually generated by the signer.In 2003, Saeednia et al. proposed a strong designated verifier signature scheme to overcome this problem. However, we found that Saeednia et al.'s scheme would reveal the identity of the signer if the secret key of this signer is compromised. In this paper, we provide a new strong designated verifier signature scheme that provides signer ambiguity, even if the secret key of the signer is compromised. We also analyze the proposed scheme.     

可追溯的广义指定验证者签名证明方案

为了解决传统广义指定验证者签名证明方案中强隐私保护性质对验证者不公平的问题,提出了可追溯的广义指定验证者签名证明（traceable universal designated verifier signature proof,TUDVSP）方案.在TUDVSP方案中,引入一个追溯中心,可将指定者的转换签名恢复为原始签名,从而防止签名者与指定者合谋欺骗验证者.基于现实应用考虑,从不可伪造性、抗仿冒攻击和可追溯性这3个方面定义了TUDVSP方案的安全模型.利用双线性映射构造具体的TUDVSP方案,并证明该方案具有不可伪造性、抗仿冒攻击和可追溯性.实验结果表明,完成一次签名追溯仅需21 ms左右的计算开销与120字节的通信开销.     

标准模型下的无证书指定验证者签名方案

提出一种标准模型下无证书的指定验证者签名方案。利用双线性对的性质,结合无证书密码体制与指定验证者数字签名,解决公钥系统中指定验证者签名存在的证书管理问题,实现基于身份的密码体制中指定验证者签名的密钥托管。在标准模型下进行验证,结果表明,该方案在假设CDH问题和CBDH问题中,能抵抗适应性选择消息攻击的存在伪造性。