A novel efficient (t, n) threshold proxy signature scheme

All previously proposed threshold proxy signature schemes have been based on discrete logarithms required for a protocol to generate and verify a shared secret among the proxy group. Therefore, it is necessary for the proxy signers to perform many expensive modular exponential computations and communications to obtain and verify a shared secret. Moreover, most of the existing threshold proxy signature schemes reveal that the receiver cannot find out who signed the proxy signatures. We propose an efficient (t, n) threshold proxy signature scheme based on Schnorr’s scheme. Compared with existing (t, n) threshold proxy signature schemes, our scheme can reduce the amount of computations and communications. In our method, not only the original signer can know who generated the proxy signature, but also the receiver can certify the actuality of the group signers who made the proxy signature. We offer convenience and fair distribution of auditing a document’s signers.     

Efficient many-to-one authentication with certificateless aggregate signatures

Aggregate signatures allow an efficient algorithm to aggregate n signatures of n distinct messages from n different users into one single signature. The resulting aggregate signature can convince a verifier that the n users did indeed sign the n messages. This feature is very attractive for authentications in bandwidth-limited applications such as reverse multicasts and senor networks. Certificateless public key cryptography enables a similar functionality of public key infrastructure (PKI) and identity (ID) based cryptography without suffering from complicated certificate management in PKI or secret key escrow problem in ID-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme which has the advantages of both aggregate signatures and certificateless cryptography. The scheme is proven existentially unforgeable against adaptive chosen-message attacks under the standard computational Diffie–Hellman assumption. Our scheme is also very efficient in both communication and computation and the proposal is practical for many-to-one authentication.     

Efficient threshold proxy signature protocol for mobile agents

Mobile agents can migrate across different execution environments through the network. One important task of a mobile agent is to act as a proxy signer to sign a digital signature on behalf of the agent owner. As the agent and the remote hosts are not trustworthy, or are probably malicious, there are great challenges for the task. In this paper, we propose an efficient, secure (t,n) threshold proxy signature scheme based on the RSA cryptosystem. The proposed scheme shares the proxy signing key with a simple Lagrange formula. However, it does not reveal any secret information. Owing to its simple algorithm and few parameter requirements, the proposed scheme requires few calculations and few transactions. The proxy signature generation stage and the proxy signature combining stage are completely non-interactive. Furthermore, the size of the partial proxy signing key and that of the partial proxy signature are constant and independent of the number of proxy signers.     

Sharing and hiding secret images with size constraint

This paper presents a method for sharing and hiding secret images. The method is modified from the (t,n) threshold scheme. (Comput.Graph. 26(5)(2002)765) The given secret image is shared and n shadow images are thus generated. Each shadow image is hidden in an ordinary image so as not to attract an attacker's attention. Any t of the n hidden shadows can be used to recover the secret image. The size of each stego image (in which a shadow image is hidden) is about 1/t of that of the secret image, avoiding the need for much storage space and transmission time (in the sense that the total size of t stego images is about the size of the secret image). Experimental results indicate that the qualities of both the recovered secret image and the stego images that contain the hidden shadows are acceptable. The photographers who work in enemy areas can use this system to transmit photographs.     

Strong (n, t, n) verifiable secret sharing scheme

A (t, n) secret sharing divides a secret into n shares in such a way that any t or more than t shares can reconstruct the secret; but fewer than t shares cannot reconstruct the secret. In this paper, we extend the idea of a (t, n) secret sharing scheme and give a formal definition on the (n, t, n) secret sharing scheme based on Pedersen’s (t, n) secret sharing scheme. We will show that the (t, n) verifiable secret sharing (VSS) scheme proposed by Benaloh can only ensure that all shares are t-consistent (i.e. any subset of t shares defines the same secret); but shares may not satisfy the security requirements of a (t, n) secret sharing scheme. Then, we introduce new notions of strong t-consistency and strong VSS. A strong VSS can ensure that (a) all shares are t-consistent, and (b) all shares satisfy the security requirements of a secret sharing scheme. We propose a strong (n, t, n) VSS based on Benaloh’s VSS. We also prove that our proposed (n, t, n) VSS satisfies the definition of a strong VSS.     

LHL门限群签名方案的安全缺陷

门限群签名是群签名的推广,其中只有群体中的授权子集才能代表整个群体进行剑名;一旦发生纠纷,签名成员的身份可以被追查出来,所以对门限群签名的一个重要安全要求就是防伪造性,即一个授权子集不能冒充其它授权子集进行签名,该文指出了LHL门限群签名方案的两个安全缺陷;存在签名伪造攻击和匿名性与可追查性不能同时具备,在伪造攻击中,通过控制群秘密密钥,部分成员合谋可以伪造看似来自于其他成员的有效门限群签名,而所有诚实成员仍可正常使用签名系统,所以他们感觉不到欺骗的存在。     

基于ECC的无可信中心的（t，n）门限秘密共享方案

利用椭圆曲线离散对数问题（ECDLP）,设计了一个无可信中心（SDC）的（t,n）门限秘密共享方案。系统的初始化、组成员的私钥、公钥的产生都不需要SDC的参与,利用各成员之间的秘密共享值,构造了秘密共享矩阵,结合Lagrange插值定理,实现了（t,n）门限秘密共享。分析表明,该方案具有较高的安全性和一定的实用价值。     

Intrusion-resilient identity-based signature: Security definition and construction

Traditional identity-based signatures depend on the assumption that secret keys are absolutely secure. Once a secret key is exposed, all signatures associated with this secret key have to be reissued. Therefore, limiting the impact of key exposure in identity-based signature is an important task. In this paper, we propose to integrate the intrusion-resilient security into identity-based signatures to deal with their key exposure problem. Compared with forward-secure identity-based signatures and key-insulated identity-based signatures, our proposal can achieve higher security. The proposed scheme satisfies that signatures in any other time periods are secure even after arbitrarily many compromises of base and signer, as long as the compromises do not happen simultaneously. Furthermore, the intruder cannot generate signatures pertaining to previous time periods, even if she compromises base and signer simultaneously to get all their secret information. The scheme enjoys nice average performance. There are no cost parameters including key setup time, key extract time, base (signer) key update time, base (signer) key refresh time, signing time, verifying time, and signature size, public parameter size, base (signer) storage size having complexity more than O(log T) in terms of the total number of time periods T in this scheme. We also give the security definition of intrusion-resilient identity-based signature scheme and prove that our scheme is secure based on this security definition in the random oracle model assuming CDH problem is hard.     

有效的门限签名算法

门限签名是一种特殊的数字签名,它在现实生活中具有广泛的用途。一个(t,n)门限签名方案是指n个成员组成的群中,群中任何不少于t个成员合作就能产生签名,然而任何少于t个成员合作都无法伪造签名。但是,现有的许多签名算法都存在一个普遍的缺陷,即不能抵抗合谋攻击,换句话说,任意t个成员合谋就可以恢复出秘密系统参数,从而就可以伪造其他签名小组签名。针对较小的n和t以及较大n和t分别提出两种有效的抗合谋攻击的门限签名方案,当n和t较小时,给出了一种基于分组秘密共享的RSA门限签名算法;当n和t比较大时,提供了一种具有指定签名者的方案来解决合谋攻击问题。     

Verifiable threshold quantum secret sharing with sequential communication

A (t, n) threshold quantum secret sharing (QSS) is proposed based on a single d-level quantum system. It enables the (t, n) threshold structure based on Shamir’s secret sharing and simply requires sequential communication in d-level quantum system to recover secret. Besides, the scheme provides a verification mechanism which employs an additional qudit to detect cheats and eavesdropping during secret reconstruction and allows a participant to use the share repeatedly. Analyses show that the proposed scheme is resistant to typical attacks. Moreover, the scheme is scalable in participant number and easier to realize compared to related schemes. More generally, our scheme also presents a generic method to construct new (t, n) threshold QSS schemes based on d-level quantum system from other classical threshold secret sharing.     

不需要可信任方的门限不可否认签名方案

在1992年澳大利亚密码会议上, Harn and Yang 第一次提出了(t,n)门限不可否认签名的概念.其中,只有成员个数不少于t的子集才能代表群体产生、确认和否认签名.随后,一些研究者又提出了几个方案,但这些方案都是不安全的.因此,到目前为止,怎样设计一个安全的(t,n)门限不可否认签名方案仍然是个公开问题.提出了一个基于离散对数密码系统的(t,n)门限不可否认签名方案.该方案不仅安全、高效,而且不需要可信任方.另外,方案还具有一个很好的性质,即成员的诚实性是可以验证的.这是由于在分发密钥时,采用了Schoenmakers在1999年美洲密码会议上提出的可公开验证秘密共享方案和两个用来提供正确性证据的离散对数恒等式协议.     

基于椭圆曲线的门限身份认证方案

提出了基于椭圆曲线的门限身份认证协议。证书中心采用无可信中心的门限密钥系统，任何t个有效成员组合均能有效地将用户提交的ID号和公钥以证书的形式绑定在一起，但t-1个成员则无法运行发放有效证书，从而实现了在用户与用户之间无需第3方的身份认证。在生成证书过程中每个参与者均能检验前面参与者的签名是否有效，防止了假冒者或来自系统内的攻击。由于用户密钥采取分散管理体制，因而具有更高的保密性。     

对一个无可信中心的（t，n）门限签名方案的改进

一个（t,n）门限签名方案中,任何t个成员的集合能够对任意的消息产生签名而任何少于t个成员的集合都不能发行签名。其中密钥通过可信中心或没有可信中心,通过所有的成员运行交互式协议在n个成员中分配。2006年,郭丽峰对王斌等的方案进行了安全性分析,指出王等的方案是不安全的,该文对王的方案进行了改进,使其抗广泛性攻击及内部攻击。     

对一个无可信中心的(t,n)门限签名方案的改进

一个(t,n)门限签名方案中,任何t个成员的集合能够对任意的消息产生签名而任何少于t个成员的集合都不能发行签名。其中密钥通过可信中心或没有可信中心,通过所有的成员运行交互式协议在n个成员中分配。2006年,郭丽峰对王斌等的方案进行了安全性分析,指出王等的方案是不安全的,该文对王的方案进行了改进,使其抗广泛性攻击及内部攻击。     

Verifiable quantum (k, n)-threshold secret sharing

In a conventional quantum (k, n) threshold scheme, a trusted party shares a quantum secret with n agents such that any k or more agents can cooperate to recover the original secret, while fewer than k agents obtain no information about the secret. Is the reconstructed quantum secret same with the original one? Or is the dishonest agent willing to provide a true share during the secret reconstruction? In this paper we reexamine the security of quantum (k, n) threshold schemes and show how to construct a verifiable quantum (k, n) threshold scheme by combining a qubit authentication process. The novelty of ours is that it can provide a mechanism for checking whether the reconstructed quantum secret is same with the original one. This mechanism can also attain the goal of checking whether the dishonest agent provides a false quantum share during the secret reconstruction such that the secret quantum state cannot be recovered correctly.     

New (t, n) threshold directed signature scheme with provable security

Directed signature scheme allows only a designated verifier to check the validity of the signature issued to him; and at the time of trouble or if necessary, any third party can verify the signature with the help of the signer or the designated verifier as well. Due to its merits, directed signature scheme is widely used in situations where the receiver’s privacy should be protected. Threshold directed signature is an extension of the standard directed signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. To the best of our knowledge, threshold directed signature has not been well studied till now. Therefore, in this paper, we would like to formalize the threshold directed signature and its security model, then present a new (t, n) threshold directed signature scheme from bilinear pairings and use the techniques from provable security to analyze its security.     

一个安全的(t,n)门限代理签名

在一个(t,n)门限代理签名方案中,任何t个成员组成的集合可以代表原始签名人进行代理签名,而任何少于t个成员的集合都不能进行代理签名。针对合谋攻击提出了一个安全的(t,n)门限代理签名方案。合谋攻击是指在不知道任何有效的门限代理签名的情况下,恶意代理成员人数大于或等于门限值时,他们能合谋重新构造代理群的秘密参数,从而可以伪造其他代理成员的签名。新方案不仅能满足门限代理签名的性质,而且能抵抗合谋攻击。     

一个可重复使用的门限共享验证签名方案

该文将秘密分享方案与ELGam al数字签名方案结合起来提出一种新的门限共享验证签名方案,并对该方案进行了分析。该方案的n个验证者中任意t个可以验证签名的有效性,而少于t个验证者不能验证签名的有效性。分析表明,本文的构造方案不仅具有较好的安全性和较低的计算复杂度,而且还具有如下特点:(1)签名者的私钥可以重复使用,签名不可伪造;(2)进行多次验证签名而不会暴露验证者的秘密份额以及验证者之间不能相互伪造验证信息,从而验证者可以使用相同秘密份额对多个签名进行验证。这些特点使得方案中的签名私钥和验证秘密份额都具有可重复使用性。     

一个基于双线性映射的前向安全门限签名方案的标注

前向安全门限签名是一种重要的分布式签名,它继承了前向安全签名和门限签名的优点,通过每个成员持有的份额周期性地更新密钥,而公钥在整个时间周期中保持不变.这种签名技术可以使得敌手更难危及签名的安全性:如果敌手不能在一个时间段中攻击法定数量的成员就不能伪造任何签名,即使能够在某个时间段内攻击法定数量的成员得到他们的密钥份额,也不能伪造以前时间段的签名.2007年,彭华熹等人提出了一个基于双向性映射的前向安全门限签名方案.对此方案的安全性进行了分析,给出了几种安全性攻击的方法,指出了该方案是不安全的,同时也给出了一些改进的方法.