共查询到20条相似文献,搜索用时 46 毫秒
1.
在指定验证者代理签名中,原始签名者把自己的签名权力授权给一个代理签名者,后者可以代表前者签名消息,但是仅仅只有指定验证者能够相信签名的有效性。已知的指定验证者代理签名方案的安全性证明都是在随机预言机模型中的,该文中基于Waters签名方案,首次提出无随机预言机下可证安全的指定验证者代理签名方案。在弱Gap Bilinear Diffie-Hellman假设下,证明所提方案能够抵抗适应性选择消息攻击下的存在性伪造。 相似文献
2.
The framework of digital signature based on qualified certificates and X.509 architecture is known to have many security risks. Moreover, the fraud prevention mechanism is fragile and does not provide strong guarantees that can be necessary for flow of legal documents. Mediated signatures have been proposed as a mechanism to effectively disable signature cards. In this paper we propose further mechanisms that can be applied on top of mediated RSA, compatible with the standard format, but providing security guarantees even in the case when RSA becomes broken or the keys are compromised. The solution is immune tokleptographic attacks as only deterministic algorithms are used on user's side. 相似文献
3.
4.
Maryam Rajabzadeh Asaar Mahmoud Salmasizadeh Mohammad Reza Aref 《International Journal of Communication Systems》2018,31(6)
Signatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are helpful where bandwidth is one of the critical concern. This primitive is especially used for signing short messages in applications such as time stamping, certified email services, and identity‐based cryptosystems. In this paper, to have quantum‐attack‐resistant short signatures, the first signature scheme with partially message recovery based on coding theory is presented. Next, it is shown that the proposal is secure under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially message recovery property, the proposal is shorter than Dallot signature scheme, the only provably secure and practical code‐based signature scheme, while it preserves Dallot signature efficiency. We should highlight that our scheme can be used as a building block to construct short code‐based signature schemes with special properties. To show this, we present a provably secure short designated verifier signature scheme, a nontransferable form of short signatures, which is used in electronic voting and deniable authentication protocols. 相似文献
5.
Short Signatures from the Weil Pairing 总被引:24,自引:0,他引:24
We introduce a short signature scheme based on the Computational
Diffie–Hellman assumption on certain elliptic and hyperelliptic
curves. For standard security parameters, the signature length is
about half that of a DSA signature with a similar level of security. Our
short signature scheme is designed for systems where signatures are
typed in by a human or are sent over a low-bandwidth channel. We
survey a number of properties of our signature scheme such as
signature aggregation and batch verification. 相似文献
6.
Security Arguments for Digital Signatures and Blind Signatures 总被引:85,自引:1,他引:84
Since the appearance of public-key cryptography in the seminal Diffie—Hellman paper, many new schemes have been proposed
and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several
years is often considered as a kind of validation procedure. A much more convincing line of research has tried to provide
``provable' security for cryptographic protocols. Unfortunately, in many cases, provable security is at the cost of a considerable
loss in terms of efficiency. Another way to achieve some kind of provable security is to identify concrete cryptographic objects,
such as hash functions, with ideal random objects and to use arguments from relativized complexity theory. The model underlying
this approach is often called the ``random oracle model.' We use the word ``arguments' for security results proved in this
model. As usual, these arguments are relative to well-established hard algorithmic problems such as factorization or the discrete
logarithm.
In this paper we offer security arguments for a large class of known signature schemes. Moreover, we give for the first time
an argument for a very slight variation of the well-known El Gamal signature scheme. In spite of the existential forgery of
the original scheme, we prove that our variant resists existential forgeries even against an adaptively chosen-message attack.
This is provided that the discrete logarithm problem is hard to solve.
Next, we study the security of blind signatures which are the most important ingredient for anonymity in off-line electronic
cash systems. We first define an appropriate notion of security related to the setting of electronic cash. We then propose
new schemes for which one can provide security arguments.
Received 24 October 1997 and revised 22 May 1998 相似文献
7.
门限签名是群签名的推广,它在电子商务、身份认证以及信息安全领域有着广泛的应用。门限签名的重要安全要求是防伪造性。LHL门限签名方案是一个不需要可信中心的门限签名方案。根据一种针对它的合谋攻击方法,对LHL方案的安全性进行了分析、研究和探索,发现在LHL方案中通过伪造签名实施攻击无法通过部分签名的验证,同时对LHL签名方案的不足之处进行了一些改进,使其能够兼具匿名性与可追踪性。 相似文献
8.
9.
We show that the existence of a statistically hiding bit commitment scheme with noninteractive opening and public verifiability implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation. We also show that genuinely practical fail-stop signatures follow from the existence of any collision-intractable hash function. These are the weakest assumptions known to be sufficient for fail-stop signatures. Conversely, we show that any fail-stop signature scheme with a property we call thealmost unique secret key property can be transformed into a statistically hiding bit commitment scheme. All previously known fail-stop signature schemes have this property. We even obtain an equivalence, because we can modify the construction of fail-stop signatures from bit commitments such that it has this property. 相似文献
10.
Utku Celik M. Sharma G. Saber E. Murat Tekalp A. 《IEEE transactions on image processing》2002,11(6):585-595
Several fragile watermarking schemes presented in the literature are either vulnerable to vector quantization (VQ) counterfeiting attacks or sacrifice localization accuracy to improve security. Using a hierarchical structure, we propose a method that thwarts the VQ attack while sustaining the superior localization properties of blockwise independent watermarking methods. In particular, we propose dividing the image into blocks in a multilevel hierarchy and calculating block signatures in this hierarchy. While signatures of small blocks on the lowest level of the hierarchy ensure superior accuracy of tamper localization, higher level block signatures provide increasing resistance to VQ attacks. At the top level, a signature calculated using the whole image completely thwarts the counterfeiting attack. Moreover, "sliding window" searches through the hierarchy enable the verification of untampered regions after an image has been cropped. We provide experimental results to demonstrate the effectiveness of our method. 相似文献
11.
12.
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in
the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally,
an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption
we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is
fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving
that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.
An extended abstract entitled “Short Signatures Without Random Oracles” (Boneh and Boyen in Advances in Cryptology—EUROCRYPT
2004, LNCS, vol. 3027, pp. 56–73, 2004) appears in Eurocrypt 2004.
Dan Boneh: Supported by NSF and the Packard Foundation. 相似文献
13.
14.
Ivan Bjerre Damgård 《Journal of Cryptology》1995,8(4):201-222
We present a protocol that allows a sender to release gradually and verifiably a secret to a receiver. We argue that the protocol can be efficiently applied to the exchange of secrets in many cases, such as when the secret is a digital signature. This includes Rabin, low-public-exponent RSA, and El Gamal signatures. In these cases, the protocol requires an interactive three-pass initial phase, after which each bit (or block of bits) of the signature can be released noninteractively (i.e., by sending one message). The necessary computations can be done in a couple of minutes on an up-to-date PC. The protocol is statistical zero-knowledge, and therefore releases a negligible amount of side information in the Shannon sense to the receiver. The sender is unable to cheat, if he cannot factor a large composite number before the protocol is completed. 相似文献
15.
At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC). 相似文献
16.
We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of
work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems.
In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature
and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and
a sample RSA signature on a single public message.
Our scheme possesses several attractive properties. First, provable security, as forging the undeniable signatures is as
hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition,
these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small
number of exponentiations). Furthermore, the RSA-based structure of our scheme provides with simple and elegant solutions
to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility
of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny
signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of
the signing and confirmation operations.
Due to the above properties and the fact that our undeniable nsignatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations.
Received 25 July 1997 and revised 5 November 1998 相似文献
17.
18.
19.
《Digital Communications & Networks》2019,5(3):139-146
Network application identification is one of the core elements in network operations and management to provide enhanced network service and security. For accurate identification, an approach using common patterns called “signatures” is widely used to compensate the limitations of the traditional transport-layer port-based classification. However, our simulation results indicate that using the signatures generated from a set of well known algorithms may lead to very poor identification performance, with less than 60% of true positives even in an optimal case. To improve the quality of signatures, we present a technique in this paper, which consists of two steps: (i) pairwise merging to consider every possible combination of the initially collected signatures to reduce their specificity that causes the signatures to be less common; and (ii) signature reduction to identify effective signatures with greater importance from a large set of signatures produced in the merging step, so as to manage the space/time complexity in the identification process for greater scalability. Our experimental results show that the proposed technique can dramatically improve the performance, even with a small number of signatures (e.g., 95% true positives rate with 30 signatures per application) which is more compact than the initial signature set. 相似文献
20.
We introduce the idea of a forward‐secure undetachable digital signature (FS‐UDS) in this paper, which enables mobile agents to generate undetachable digital signatures with forward security of the original signer's signing key. The definition and security notion of an FS‐UDS scheme are given. Then, the construction of a concrete FS‐UDS scheme is proposed; and the proof of security for the proposed scheme is also provided. In the proposed scheme, mobile agents need not carry the signing key when they generate digital signatures on behalf of the original signer, so the signing key will not be compromised. At the same time, the encrypted function is combined with the original signer's requirement; therefore, misuse of the signing algorithm can be prevented. Furthermore, in the case where a hacker has accessed the signing key of the original signer, he/she is not able to forge a signature for any time period prior to when the key was obtained. 相似文献