Attack and improvements of fair quantum blind signature schemes

Blind signature schemes allow users to obtain the signature of a message while the signer learns neither the message nor the resulting signature. Therefore, blind signatures have been used to realize cryptographic protocols providing the anonymity of some participants, such as: secure electronic payment systems and electronic voting systems. A fair blind signature is a form of blind signature which the anonymity could be removed with the help of a trusted entity, when this is required for legal reasons. Recently, a fair quantum blind signature scheme was proposed and thought to be safe. In this paper, we first point out that there exists a new attack on fair quantum blind signature schemes. The attack shows that, if any sender has intercepted any valid signature, he (she) can counterfeit a valid signature for any message and can not be traced by the counterfeited blind signature. Then, we construct a fair quantum blind signature scheme by improved the existed one. The proposed fair quantum blind signature scheme can resist the preceding attack. Furthermore, we demonstrate the security of the proposed fair quantum blind signature scheme and compare it with the other one.     

基于格的变色龙签名方案

与普通数字签名相比,变色龙签名不仅满足不可否认性,而且具有非交互式、不可传递的特点。然而,基于传统数学难题构造的变色龙签名方案不能抵杭量子计算机的攻击。为了设计在量子计算机环境下依然安全的变色龙签名,利用格上小整数解问题SIS(Small Integer Solution)和非齐次小整数解问题ISIS(Inhomogeneous Small Integer Solution)的困难性假设,构造了基于格的变色龙签名方案。在随机预言模型下,证明了该方案在适应性选择消息攻击下 是安全的。     

Comment on “The enhanced quantum blind signature protocol”

Recently, Yang et al. (Quantum Inf Process 12:109–117, 2013) proposed an enhancement on a quantum blind signature based on the two-state vector formalism, afterward a special attack strategy on Yang et al.’s enhanced scheme is put forward, in which the dishonest signer can illegally reveal 25 % of the message of the blind signature requester, but an effective solution has not been presented in their paper. In this paper, we further analyze Yang el al.’s enhanced scheme and find that there is another potential loophole which the blind signature requester can forge the message signer’s signature. Then, an improvement scheme is proposed. Finally, analysis results show that our improved scheme can withstand the blind signature requester’s forgery attack and the above special attack strategy, and our quantum efficiency will still be the same as the primary scheme.     

辫群上代理签名体制的分析与设计*

为了研究抵抗量子分析的密码体制,对两种辫群上的代理签名体制进行分析,指出其不能抵抗已知签名的存在性伪造攻击;基于匹配共轭搜索问题的难解性构造了新的代理签名体制。分析表明该体制满足代理签名的各种安全需求,且计算效率高、签名长度短。     

基于量子信息拆分的多人验证签名方案

提出了一种利用W态实现的对经典信息的多人验证签名方案。协议基于量子信息拆分原理,将签名信息拆分成两部分,由一次一密算法和量子单向函数加密签名信息,两个验证人验证签名。方案满足经典安全性要求的不可伪造性和不可否认性,同时也能够抵御量子攻击策略当中的截获重发攻击和纠缠附加粒子攻击,相较其他量子签名方案,效率和安全性都有所提高。     

基于hash函数的一次群签名模型

针对基于大整数的素数分解和离散对数问题的传统数字签名不能抵抗量子时代量子计算的攻击问题,提出一种基于hash函数的一次群签名模型。该模型基于hash函数的单向性,由hash运算完成密钥生成、签名和验证,获得了更高的效率,并且可有效抵抗量子时代量子计算的攻击。通过实验,对签名模型进行验证,效率比ECC(密钥长度为224)高21倍,可达RSA-2048的102倍。     

Quantum broadcasting multiple blind signature with constant size

Using quantum homomorphic signature in quantum network, we propose a quantum broadcasting multiple blind signature scheme. Different from classical signature and current quantum signature schemes, the multi-signature proposed in our scheme is not generated by simply putting the individual signatures together, but by aggregating the individual signatures based on homomorphic property. Therefore, the size of the multi-signature is constant. Furthermore, based on a wide range of investigation for the security of existing quantum signature protocols, our protocol is designed to resist possible forgery attacks against signature and message from the various attack sources and disavowal attacks from participants.     

Efficient identity-based signature over NTRU lattice

Identity-based signature has become an important technique for lightweight authentication as soon as it was proposed in 1984. Thereafter, identity-based signature schemes based on the integer factorization problem and discrete logarithm problem were proposed one after another. Nevertheless, the rapid development of quantum computers makes them insecure. Recently, many efforts have been made to construct identity-based signatures over lattice assumptions against attacks in the quantum era. However, their efficiency is not very satisfactory. In this study, an efficient identity-based signature scheme is presented over the number theory research unit (NTRU) lattice assumption. The new scheme is more efficient than other lattice- and identity-based signature schemes. The new scheme proves to be unforgeable against the adaptively chosen message attack in the random oracle model under the hardness of the γ-shortest vector problem on the NTRU lattice.     

Cryptanalysis of enhancement on “quantum blind signature based on two-state vector formalism”

Recently, Yang et al. (Quantum Inf Process 12(1):109, 2013) proposed an enhanced quantum blind signature based on two-taste vector formalism. The protocol can prevent signatory Bob from deriving Alice’s message with invisible photon eavesdropping attack or fake photon attack. In this paper, we show that the enhanced protocol also has a loophole that Alice can utilize an entanglement swapping attack to obtain Bob’s secret key and forge Bob’s valid signature at will later. Then, we reanalyze two existing protocols and try to find some further methods to fix them.     

Enhancement on ��quantum blind signature based on two-state vector formalism��

Recently, Su et?al. (Opt Comm 283:4408?C4410, 2010) proposed a quantum blind signature based on the two-state vector formalism. Their protocol is rather practical because the signer and the blind signature requester only have to perform measurement operations to complete the quantum blind signature. This study points out that a dishonest signer in their scheme can reveal the blind signature requester??s secret key and message without being detected by using Trojan horse attacks or the fake photon attack. A modified scheme is then proposed to avoid these attacks.     

格上基于身份的可链接环签名方案

为了抵抗量子算法的攻击和应对恶意签名者利用环签名技术的完全匿名性输出多个签名从而进行双重开销攻击这一缺陷,同时为了解决不必要的系统开销浪费问题,提出了一种新的格上基于身份的可链接环签名方案。该方案以格上近似最短向量问题为安全基础,将该问题的求解规约于碰撞问题的求解,利用矩阵向量间的线性运算生成签名,同时结合了基于身份的密码技术。解决了系统开销浪费问题,不涉及陷门生成和高斯采样等复杂算法,提高了签名效率,降低了存储开销,并在随机预言模型下验证了方案满足完全匿名性和强存在不可伪造性。经分析,该方案是一个安全高效的环签名方案。     

Cryptanalysis and improvement of verifiable quantum (<Emphasis Type="Italic">k</Emphasis>, <Emphasis Type="Italic">n</Emphasis>) secret sharing

After analyzing Yang’s verifiable quantum secret sharing (VQSS) scheme, we show that in their scheme a participant can prepare a false quantum particle sequence corresponding to a forged share, while other any participant cannot trace it. In addition, an attacker or a participant can forge a new quantum sequence by transforming an intercepted quantum sequence; moreover, the forged sequence can pass the verification of other participants. So we propose a new VQSS scheme to improve the existed one. In the improved scheme, we construct an identity-based quantum signature encryption algorithm, which ensures chosen plaintext attack security of the shares and their signatures transmitted in the quantum tunnel. We employ dual quantum signature and one-way function to trace against forgery and repudiation of the deceivers (dealer or participants). Furthermore, we add the reconstruction process of quantum secret and prove the security property against superposition attack in this process.     

Arbitrated quantum signature of classical messages without using authenticated classical channels

This paper points out design confusion existing in all the arbitrated quantum signatures (AQS) that require public discussions over authenticated classical channels. Instead, an AQS scheme of classical messages without using authenticated classical channels is proposed here. A cryptographic hash function is used in combine with quantum mechanics to check the existence of an eavesdropping or to verify a signature. In addition, by using only single photons, this scheme provides higher efficiency both in quantum transmissions and generations. The proposed AQS scheme is shown to be immune to several well-known attacks, i.e., the Trojan-horse attacks and the existential forgery attack.     

Improving the security of arbitrated quantum signature against the forgery attack

As a feasible model for signing quantum messages, some cryptanalysis and improvement of arbitrated quantum signature (AQS) have received a great deal of attentions in recent years. However, in this paper we find the previous improvement is not suitable implemented in some typical AQS protocols in the sense that the receiver, Bob, can forge a valid signature under known message attack. We describe the forgery strategy and present some corresponding improved strategies to stand against the forgery attack by modifying the encryption algorithm, an important part of AQS. These works preserve the merits of AQS and lead some potential improvements of the security in quantum signature or other cryptography problems.     

高效的不可否认的门限代理签名新方案

基于Kim等人的门限代理签名方案,Sun提出了已知签名人的不可否认的门限代理签名方案。在Sun的方案中,代理签名人不能否认他们所进行的代理签名。随后,Hsu等人证明Sun方案不能抵抗共谋攻击,并提出了相应的改进方案。论文首先证明了Hsu等人的改进方案不能抵抗公钥替换的内部攻击,即任何恶意的内部攻击者,不需要其他代理签名人的密钥,对任意的消息能够伪造一个有效的门限代理签名。然后提出了一种不可否认的门限代理签名新方案,能同时抵抗内部的公钥替换攻击和共谋攻击。就计算复杂度和通信成本而言,该文的方案比Hsu等人的方案更有效、更实用。     

RAKA:一种新的基于Ring-LWE的认证密钥协商协议

后量子时代,基于格理论的公钥密码被认为是最有前途的抵抗量子计算机攻击的公钥密码体制.然而,相对于格上公钥加密体制和数字签名方案的快速发展,基于格上困难问题的密钥协商协议成果却较少.因此,现阶段如何构建格上安全的密钥协商协议是密码学领域具有挑战性的问题之一.针对上述问题,基于环上带错误学习问题困难假设,采用调和技术构造了一种新的认证密钥协商协议RAKA(authenticated key agreement protocol based on reconciliation technique),该方案采用格上陷门函数技术提供了单向认证功能,并且在Ring-LWE假设下证明是安全的.与现有的基于LWE的密钥协商协议相比,该方案的共享会话密钥减小为2nlogq,效率更高;同时,由于该方案的安全性是基于格上困难问题,因此可以抵抗量子攻击.     

Efficient identity-based RSA multisignatures

A digital multisignature is a digital signature of a message generated by multiple signers with knowledge of multiple private keys. In this paper, an efficient RSA multisignature scheme based on Shamir's identity-based signature (IBS) scheme is proposed. To the best of our knowledge, this is the first efficient RSA-based multisignature scheme with both fixed length and the verification time. The proposed identity-based multisignature scheme is secure against forgerability under chosen-message attack. It is also secure against multi-signer collusion attack and adaptive chosen-ID attack.     

一种基于NTRU新型认证密钥协商协议的设计

NTRU是目前最实用的基于格构造的密码体制,然而相对于基于NTRU的加密、签名方案,其密钥协商协议却一直很少见诸文献。针对这一问题,提出了一种基于NTRU格的认证密钥协商协议。在随机预言机模型下,该方案是eCK模型中可证明安全,并且可以抵抗中间人攻击、重放攻击、冒充攻击、达到弱完美前向安全;与传统的DH、ECDH等方案相比,该方案计算效率更高,同时因其安全性可以规约到基于格中最短向量困难问题,可以抗量子攻击。     

基于多变量密码体制的签密方案

为了解决基于传统公钥密码的签密方案不能抵抗量子攻击的问题,提出了一种基于多变量公钥密码的签密方案。结合多层Matsumoto-Imai(MMI)方案中心映射的多层构造、CyclicRainbow签名方案,以及隐藏域方程(HFE)的中心映射构造,提出了一种改进的中心映射构造方法,并由此设计了相应的签密方案。分析表明,所设计的方案与MMI方案相比,在实现了加密和签名的同时,方案密钥量和密文量分别减少了5%和50%。在随机预言模型下,基于多变量方程组求解困难问题假设和多项式同构困难问题假设,证明了该方案在适应性选择密文攻击下具有不可区分性,在适应性选择消息攻击下具有不可伪造性。     

Security of a sessional blind signature based on quantum cryptograph

We analyze the security of a sessional blind signature protocol based on quantum cryptograph and show that there are two security leaks in this protocol. One is that the legal user Alice can change the signed message after she gets a valid blind signature from the signatory Bob, and the other is that an external opponent Eve also can forge a valid blind message by a special attack, which are not permitted for blind signature. Therefore, this protocol is not secure in the sense that it does not satisfy the non-forgeability of blind signatures. We also discuss the methods to prevent the attack strategies in the end.