Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems

We propose and analyze two efficient signature schemes whose security is tightly related to the Diffie-Hellman problems in the random oracle model. The security of our first scheme relies on the hardness of the computational Diffie-Hellman problem; the security of our second scheme - which is more efficient than the first-is based on the hardness of the decisional Diffie-Hellman problem, a stronger assumption. Given the current state of the art, it is as difficult to solve the Diffie-Hellman problems as it is to solve the discrete logarithm problem in many groups of cryptographic interest. Thus, the signature schemes shown here can currently offer substantially better efficiency (for a given level of provable security) than existing schemes based on the discrete logarithm assumption. The techniques we introduce can also be applied in a wide variety of settings to yield more efficient cryptographic schemes (based on various number-theoretic assumptions) with tight security reductions.     

RSA-Based Undeniable Signatures

We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems. In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and a sample RSA signature on a single public message. Our scheme possesses several attractive properties. First, provable security, as forging the undeniable signatures is as hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition, these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small number of exponentiations). Furthermore, the RSA-based structure of our scheme provides with simple and elegant solutions to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of the signing and confirmation operations. Due to the above properties and the fact that our undeniable nsignatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations. Received 25 July 1997 and revised 5 November 1998     

基于零知识证明的电子现金

在零知识证明系统的基础上提出了一种不同于以往的构造电子现金的方案。它不基于特定的盲签名方案和零知识证明系统,从而提供了基于任意零知识证明系统和盲签名方案构筑电子现金的方法。在合理的密码学假设前提下,证明了方案的安全性。     

带系数的离散对数知识签名

知识签名就是签名者在非交互的情况下向别人证明其知道某个秘密而不泄露该秘密本身,现在知识签名广泛应用在群签名中.本文主要研究了带系数的离散对数知识签名,并对几种类型的带系数签名函数进行了定义和证明.通过对签名函数增加系数,可以有效地扩大签名函数的选择范围,增加知识签名的适用性.     

基于椭圆曲线的代理数字签名

现有的代理数字签名方案都是基于离散对数问题和大数因子分解问题的方案.本文我们将代理签名的思想应用于椭圆曲线数字签名,提出了一种新的基于椭圆曲线离散对数问题的代理签名方案,并对方案的复杂性和安全性进行了分析.在对方案的安全性分析中,我们还提出了两类椭圆曲线上的困难问题.新方案不仅推广和丰富了代理签名的研究成果,而且也扩展了椭圆曲线密码的密码功能,为信息安全问题的解决提供了新的密码学方法.     

密码学中的随机预言模型与标准模型

随机预言模型与标准模型是密码学可证明安全理论中非常重要的两类模型。在此对这两种模型进行了描述,并研究了运用它们证明密码方案或协议安全性时所采取的不同技术,包括随机预言模型在加密和数字签名方案中的应用研究,以及标准模型下可证明安全性理论在加密方案中的应用研究。此外对进一步研究方向进行了展望。     

Tightly Secure Signatures From Lossy Identification Schemes

In this paper, we present three digital signature schemes with tight security reductions in the random oracle model. Our first signature scheme is a particularly efficient version of the short exponent discrete log-based scheme of Girault et al. (J Cryptol 19(4):463–487, 2006). Our scheme has a tight reduction to the decisional short discrete logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the original scheme of Girault et al. is based. The second signature scheme we construct is a modification of the scheme of Lyubashevsky (Advances in Cryptology—ASIACRYPT 2009, vol 5912 of Lecture Notes in Computer Science, pp 598–616, Tokyo, Japan, December 6–10, 2009. Springer, Berlin, 2009) that is based on the worst-case hardness of the shortest vector problem in ideal lattices. And the third scheme is a very simple signature scheme that is based directly on the hardness of the subset sum problem. We also present a general transformation that converts what we term \(lossy \) identification schemes into signature schemes with tight security reductions. We believe that this greatly simplifies the task of constructing and proving the security of such signature schemes.     

对一种群签名方案的安全性分析

1998年,Lee 和Chang提出了一种基于离散对数问题的群签名方案。Tseng 和Jan,敖等[3]分别在此基础上给出了新的改进方案。本文对Tseng-Jan方案[2]Ⅱ和敖等[3]的方案进行了分析,通过构造伪造签名,指出这两种方案存在着安全漏洞。     

一种基于比特承诺的部分盲签名方案

本文讨论了部分盲签名的概念,并提出了一种基于比特承诺的部分盲签名方案,该方案主要用于提高离线电子现金系统的效率,在基于离散对数假设的前提下,我们还证明了所提出的方案的安全性。     

Attribute-based signatures on lattices

Because of its wide application in anonymous authentication and attribute-based messaging, the attribute-based signature scheme has attracted the public attention since it was proposed in 2008. However, most of the existing attribute-based signature schemes are no longer secure in quantum era. Fortunately, lattice-based cryptography offers the hope of withstanding quantum computers. And lattices has elevated it to the status of a promising potential alternative to cryptography based on discrete log and factoring, owing to implementation simplicity, provable security reductions and quantum-immune. In this paper, the first lattice attribute-based signature scheme in random oracle model is proposed, which is proved existential unforgeability and perfect privacy. Compared with the current attribute-based signature schemes, our new attribute-based signature scheme can resist quantum attacks and has much shorter public-key size and signature size. Furthermore, this scheme is extended into an attribute-based signature scheme on number theory research unit (NTRU) lattice, which is also secure even in quantum era and has much higher efficiency than the former.     

无随机预言机下的指定验证者代理签名方案

在指定验证者代理签名中,原始签名者把自己的签名权力授权给一个代理签名者,后者可以代表前者签名消息,但是仅仅只有指定验证者能够相信签名的有效性。已知的指定验证者代理签名方案的安全性证明都是在随机预言机模型中的,该文中基于Waters签名方案,首次提出无随机预言机下可证安全的指定验证者代理签名方案。在弱Gap Bilinear Diffie-Hellman假设下,证明所提方案能够抵抗适应性选择消息攻击下的存在性伪造。     

基于门限哈希函数的有效代理签名机制的设计与研究

当今的代理签名技术是在原有签名机制上的改进,无法提供强大的安全保证机制.对比提出了一种基于离散对数的门限哈希函数的方法来构建安全代理签名机制,并提供了详细的安全和性能分析.分析结果显示该机制安全性高、性能稳定.     

基于ElGamal签名的电子现金体制

简要讨论了电子现金的特点,并在EIGamal签名、承诺方案和ZK的基础上构造了一种电子现金方案,最后对此方案的安全性作了说明。     

Provable secure identity‐based multi‐proxy signature scheme

Multi‐proxy signature is one of the useful primitives of the proxy signature. Till now, only a few schemes of identity‐based multi‐proxy signature (IBMPS) have been proposed using bilinear pairings, but most of the schemes are insecure or lack a formal security proof. Because of the important application of IBMPS scheme in distributed systems, grid computing, and so on, construction of an efficient and provable‐secure IBMPS scheme is desired. In 2005, Li & Chen proposed an IBMPS scheme from bilinear pairings, but their paper lacks a formal model and proof of the security. Further, in 2009, Cao & Cao presented an IBMPS scheme with the first formal security model for it. Unfortunately, their scheme is not secure against the Xiong et al's attack. In this paper, first, we present an IBMPS scheme, then we formalize a security model for the IBMPS schemes and prove that the presented scheme is existential unforgeable against adaptive chosen message and identity attack in the random oracle model under the computational Diffie–Hellman assumption. Also, our scheme is not vulnerable for the Xiong et al's attack. The presented scheme is more efficient in the sense of computation and operation time than the existing IBMPS schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

一种新的等价于大整数分解的公钥密码体制研究

在弱的安全假设下构造可证明安全的密码体制原型可以有效提高密码体制的安全性,该文对用Lucas序列构造公钥密码体制做进一步研究,给出一种新的可证明安全的密码体制原型,该密码体制的加、解密效率比现有的LUC密码体制效率高,并证明它的安全性等价于分解RSA模数,最后给出该体制在签名方面的应用,伪造签名等价于分解RSA模数。     

基于椭圆曲线的盲签名与离线电子现金协议

将基于乘法群的离散对数的数字签名映射到椭圆曲线上，提出了一个基于椭圆曲线的盲签名方案，并在其基础上利用Brands的受限盲签名技术构建了一个高效的离线电子现金协议。     

基于RSA与离散对数的门限群签名方案

基于RSA的因式分解和离散对数问题,文中提出了一种安全性高,具有良好特性的(t,n)门限群签名方案。其安全性是基于求离散对数和RSA大整数因式分解的困难。方案不仅具有可追踪性和防止群内成员共谋获得系统秘密参数,而且还具有签名验证简单且计算量少,签名的匿名性和防冒充性等优点。     

An improved and provable self‐certified digital signature scheme with message recovery

This paper presents a self‐certified digital signature scheme with message recovery that is proven to be secure. So far, many schemes of this kind have been proposed to keep message secret in the transmission. But Zhang et al. has proposed the man‐in‐middle attack to Shao's self‐certified signature scheme, which is based on discrete logarithm. The attacker can make a new signature by using an old one, but the reason of such man‐in‐middle attack was not referred. We present the scheme of Yoon et al., which is also based on discrete logarithm, that cannot resist man‐in‐middle attack either, give the analysis of the attack, and propose a new scheme. The proposed scheme can resist forgery attack in the random oracle model and avoid message leakage, the man‐in‐middle attack, and meanwhile has several security characters. Compared with some self‐certified schemes, our scheme is the best because of the time cost. Copyright © 2013 John Wiley & Sons, Ltd.     

Pairing-Free ID-Based Key-Insulated Signature Scheme

Without the assumption that the private keys are kept secure perfectly, cryptographic primitives cannot be deployed in the insecure environments where the key leakage is inevitable. In order to reduce the damage caused by the key exposure in the identity-based (ID-based) signature scenarios efficiently, we propose an ID-based key-insulated signature scheme in this paper, which eliminates the expensive bilinear pairing operations. Compared with the previous work, our scheme minimizes the computation cost without any extra cost. Under the discrete logarithm (DL) assumption, a security proof of our scheme in the random oracle model has also been given.     

Short Signatures from the Weil Pairing

We introduce a short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves. For standard security parameters, the signature length is about half that of a DSA signature with a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or are sent over a low-bandwidth channel. We survey a number of properties of our signature scheme such as signature aggregation and batch verification.