New (t, n) threshold directed signature scheme with provable security

Directed signature scheme allows only a designated verifier to check the validity of the signature issued to him; and at the time of trouble or if necessary, any third party can verify the signature with the help of the signer or the designated verifier as well. Due to its merits, directed signature scheme is widely used in situations where the receiver’s privacy should be protected. Threshold directed signature is an extension of the standard directed signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. To the best of our knowledge, threshold directed signature has not been well studied till now. Therefore, in this paper, we would like to formalize the threshold directed signature and its security model, then present a new (t, n) threshold directed signature scheme from bilinear pairings and use the techniques from provable security to analyze its security.     

有代理的门限签名方案

在门限代理签名方案中加入有代理的思想,提出了一个有代理的门限签名方案,实现了原始签名者与代理签名者联合进行签名,这就解决了当一部分原始签名者不能履行签名义务时,这部分原始签名者可以委托他们的代理签名者与剩下的原始签名者一起进行签名。这个方案也是门限代理签名的一个推广,它可以在更广的范围内得到应用。     

Efficient threshold proxy signature protocol for mobile agents

Mobile agents can migrate across different execution environments through the network. One important task of a mobile agent is to act as a proxy signer to sign a digital signature on behalf of the agent owner. As the agent and the remote hosts are not trustworthy, or are probably malicious, there are great challenges for the task. In this paper, we propose an efficient, secure (t,n) threshold proxy signature scheme based on the RSA cryptosystem. The proposed scheme shares the proxy signing key with a simple Lagrange formula. However, it does not reveal any secret information. Owing to its simple algorithm and few parameter requirements, the proposed scheme requires few calculations and few transactions. The proxy signature generation stage and the proxy signature combining stage are completely non-interactive. Furthermore, the size of the partial proxy signing key and that of the partial proxy signature are constant and independent of the number of proxy signers.     

一种不可否认门限代理签名方案的改进

在对Hsu等的方案进行安全性分析的基础上,提出了一种改进的门限代理签名方案,该方案有效地克服了Hsu方案不能有效抵抗内部协作伪造攻击的不足。由于该方案在签名生成阶段将实际签名群和代理签名群的隐秘信息都纳入到签名中,并在生成的签名中将它们区分开来,这就使得基于该方案的签名具有了基于Hsu方案的签名所不具有的可识别性和不可否认性。安全性分析表明,该方案是一种安全的切实可行的门限代理签名方案。     

基于(t,n)门限的代理签名方案

构造了一种基于(t,n)门限的代理签名方案，该方案通过构造Lagrange插值多项式，严格限制了签名授权证书的使用次数。与传统的一次授权代理签名方案相比，该方案有效地控制了代理签名者的签名次数，并且减少了时间开销，降低了通信量。     

A novel nonrepudiable threshold multi-proxy multi-signature scheme with shared verification

Tzeng et al. proposed a new threshold multi-proxy multi-signature scheme with threshold verification. In their scheme, a subset of original signers authenticates a designated proxy group to sign on behalf of the original group. A message m has to be signed by a subset of proxy signers who can represent the proxy group. Then, the proxy signature is sent to the verifier group. A subset of verifiers in the verifier group can also represent the group to authenticate the proxy signature. Subsequently, there are two improved schemes to eliminate the security leak of Tzeng et al.’s scheme. In this paper, we have pointed out the security leakage of the three schemes and further proposed a novel threshold multi-proxy multi-signature scheme with threshold verification.     

一个安全的门限代理签名方案

针对已有门限代理签名方案存在的安全及性能方面的问题,将双线性映射引入签名方案,并结合卡梅隆签名,提出了一种基于双线性映射的卡梅隆门限代理签名方案。该方案克服了已有方案的安全缺陷,同时满足了强安全门限代理签名方案应具备的所有安全属性,能抵御各种可能的攻击。     

A new threshold proxy signature scheme from bilinear pairings

~~A new threshold proxy signature scheme from bilinear pairings~~     

基于离散对数问题的多级代理盲签名方案

对蔡勉的多级代理签名方案（蔡勉,康莉. 一种安全的多级代理签名方案．中国科学院研究生院学报,2006,23(5)：653-659）进行分析,提出了一种构造普通多级代理签名方案的方法,并与原方案进行了对比分析;利用普通的多级代理签名方案的构造方法构造了多级代理盲签名方案。经分析,新方案在代理部分避免了原始签名者伪造和签名接收者伪造攻击,其盲签名部分具有强盲特性。     

Strong (n, t, n) verifiable secret sharing scheme

A (t, n) secret sharing divides a secret into n shares in such a way that any t or more than t shares can reconstruct the secret; but fewer than t shares cannot reconstruct the secret. In this paper, we extend the idea of a (t, n) secret sharing scheme and give a formal definition on the (n, t, n) secret sharing scheme based on Pedersen’s (t, n) secret sharing scheme. We will show that the (t, n) verifiable secret sharing (VSS) scheme proposed by Benaloh can only ensure that all shares are t-consistent (i.e. any subset of t shares defines the same secret); but shares may not satisfy the security requirements of a (t, n) secret sharing scheme. Then, we introduce new notions of strong t-consistency and strong VSS. A strong VSS can ensure that (a) all shares are t-consistent, and (b) all shares satisfy the security requirements of a secret sharing scheme. We propose a strong (n, t, n) VSS based on Benaloh’s VSS. We also prove that our proposed (n, t, n) VSS satisfies the definition of a strong VSS.     

基于双线性对的具有已知签名人的门限代理签名方案

（t,n）门限代理签名是代理签名的一种变形,其代理签名密钥由原始签名者指定n个代理签名者分享保存,只有t个或更多的代理签名者才能代表原始签名者产生对消息的签名。最近,钱海峰等人提出了一个基于双线性对的门限代理签名方案。不幸的是。本文显示了钱海峰等人的方案易受伪造攻击,即一小敌手能够伪造任意消息的门限代理签名。此外,钱海峰等人的方案还存在代理签名者能够任意更改门限值这一缺陷,而对此无论是原始签名者还是验证者都无法发现,这一点可能违背原始签名者的意图。本文提出了一个新的门限代理签名方案,新方案克服了钱海峰等人的上述缺陷。     

一个（t，n）门限代理签名的分析与改进

指出田志刚等提出的（t,n）门限代理签名方案存在3个缺陷,首先无法抵抗合谋攻击;其次,无法抵抗伪造攻击;第三,无法抵抗原始签名人的伪造攻击。为克服原方案的缺陷,给出了改进方案。     

指定接收人的（t，n）门限代理签名方案

为了满足原始签名人的意愿,提出一个指定接收人的门限代理签名方案。在代理授权的过程中,原始签名人通过授权指定代理签名的接收人,代理签名人在验证原始签名人所提供的授权参数合法的基础上产生代理签名密钥,从而可以产生代理签名。提出的签名方案具有代理签名方案的基本安全要求：不仅验证人在验证代理签名之后只能确信代理签名是代表原始签名人的签名而无法确定代理签名者身份;当出现争议时,原始签名人可通过代理群管理员追查出代理签名人的身份;而且保证代理签名人只能对所指定的签名接收人产生代表原始签名人的有效代理签名,从而防止了代理签名权利的滥用。     

一个安全的(t,n)门限代理签名

在一个(t,n)门限代理签名方案中,任何t个成员组成的集合可以代表原始签名人进行代理签名,而任何少于t个成员的集合都不能进行代理签名。针对合谋攻击提出了一个安全的(t,n)门限代理签名方案。合谋攻击是指在不知道任何有效的门限代理签名的情况下,恶意代理成员人数大于或等于门限值时,他们能合谋重新构造代理群的秘密参数,从而可以伪造其他代理成员的签名。新方案不仅能满足门限代理签名的性质,而且能抵抗合谋攻击。     

一个（t，n）门限签名-（k，m）门限验证的群签名方案

基于离散对数问题,提出了一个(t,n)门限签名-(k,m)门限验证的群签名方案。在该方案中,n个签名者中至少t个合作可以生成有效的群签名;而m个验证者中至少k个合作可以验证签名的有效性。参与者的公、私钥以及群公钥由参与者共同协商,无需可信中心参与;参与者之间的信息可以以明文形式传送;能够抵御内部相互欺诈和外部攻击。方案的安全性是基于离散对数问题的难解性。     

A general (k, n) scalable secret image sharing scheme with the smooth scalability

A novel (k, n) scalable secret image sharing (SSIS) scheme was proposed to encrypt a secret image into n shadow images. One can gradually reconstruct a secret image by stacking k or more shadows, but he/she cannot conjecture any information from fewer than k shadows. The advantage of a (k, n)-SSIS scheme is that it provides the threshold property (i.e., k is a threshold value necessary to start in to reveal the secret) as well as the scalability (i.e., the information amount of a reconstructed secret is proportional to the number of shadows used in decryption). All previous (k, n)-SSIS schemes did not have the smooth scalability so that the information amount can be “smoothly” proportional to the number of shadows. In this paper, we consider the smooth scalability in (k, n)-SSIS scheme.     

对一个无可信中心的(t,n)门限签名方案的改进

一个(t,n)门限签名方案中,任何t个成员的集合能够对任意的消息产生签名而任何少于t个成员的集合都不能发行签名。其中密钥通过可信中心或没有可信中心,通过所有的成员运行交互式协议在n个成员中分配。2006年,郭丽峰对王斌等的方案进行了安全性分析,指出王等的方案是不安全的,该文对王的方案进行了改进,使其抗广泛性攻击及内部攻击。     

A practical (t, n) threshold proxy signature scheme based on the RSA cryptosystem

In a (t, n) threshold proxy signature scheme, the original signer delegates the power of signing messages to a designated proxy group of n members. Any t or more proxy signers of the group can cooperatively issue a proxy signature on behalf of the original signer, but (t - 1) or less proxy signers cannot. Previously, all of the proposed threshold proxy signature schemes have been based on the discrete logarithm problem and do not satisfy all proxy requirements. In this paper, we propose a practical, efficient, and secure (t, n) threshold proxy signature scheme based on the RSA cryptosystem. Our scheme satisfies all proxy requirements and uses only a simple Lagrange formula to share the proxy signature key. Furthermore, our scheme requires only 5 percent of the computational overhead and 8 percent of the communicational overhead required in Kim's scheme.