Digital signature for Diffie-Hellman public keys without using aone-way function

The author proposes digital signature schemes without using a one-way function to sign Diffie-Hellman public keys. The advantage of this approach is, instead of relying overall security on either the security of the signature scheme or the security of the one-way function, the security of this proposed scheme is based on the discrete logarithm problem     

Efficient and provably secure identification scheme without random oracles

The research on the identification scheme is an important and active area in computer and communication security. A series of identification schemes were proposed to improve the efficiency and security of the protocols by various methods. Based on the hardness assumption of the discrete logarithm problem in a gap Diffie-Hellman group and the difficulty of the collusion attack algorithm with k traitors, an efficient identification scheme is presented. Without random oracle models, the proposed scheme is then proved secure against impersonation and reset attacks in both concurrent and reset attack setting. Since the proposed scheme is simple, memory-saving, computation-efficient, and perfectly-secure, it is well suitable for use in smart cards.     

Transitive signatures: new schemes and proofs

We present novel realizations of the transitive signature primitive introduced by Micali and Rivest, enlarging the set of assumptions on which this primitive can be based, and also providing performance improvements over existing schemes. More specifically, we propose new schemes based on factoring, the hardness of the one-more discrete logarithm problem, and gap Diffie-Hellman (DH) groups. All these schemes are proven transitively unforgeable under adaptive chosen-message attack in the standard (not random-oracle) model. We also provide an answer to an open question raised by Micali and Rivest regarding the security of their Rivest-Shamir-Adleman (RSA)-based scheme, showing that it is transitively unforgeable under adaptive chosen-message attack assuming the security of RSA under one-more inversion. We then present hash-based modifications of the RSA, factoring, and gap Diffie-Hellman based schemes that eliminate the need for "node certificates" and thereby yield shorter signatures. These modifications remain provably secure under the same assumptions as the starting scheme, in the random oracle model.     

高效的无证书多接收者匿名签密方案

针对已有的基于身份的多接收者签密方案存在的密钥托管问题,研究了无证书多接收者签密安全模型,进而基于椭圆曲线密码体制,提出一个无证书多接收者签密方案,并在随机预言机模型下证明方案的安全性建立在计算Diffie-Hellman问题及椭圆曲线离散对数问题的困难性之上。该方案无需证书管理中心,在签密阶段和解签密阶段均不含双线性对运算,且可确保发送者和接收者的身份信息不被泄露,可以方便地应用于网络广播签密服务。     

Identity-based multisignature and aggregate signature schemes from m-torsion groups

I. Introduction A multisignature allows any subgroup of a given group of potential signers to jointly sign a message such that a verifier is convinced that each member of the subgroup participated in signing. An aggre-gate signature, recently proposed by Boneh et al.[1], however, is a scheme that allows n members of a given group of potential signers to sign n different messages and all these signatures can be aggregated into a single signature. This single signature will convince the verifie…     

标准模型下可公开验证的匿名IBE方案

利用弱困难性假设构造强安全的加密系统在基于身份的加密（ Identity-Based Encryption ,IBE）中具有重要的理论与实际意义。本文基于弱困难性的判定性双线性Diffie-Hellman假设,构造了一个对于选择明文攻击安全的匿名的身份加密方案,解决了利用弱困难性假设构造强安全的基于身份加密系统的问题,同时也解决了基于身份的加密系统的隐私保护问题。与现有的基于较强困难性假设的方案相比,新方案实现的条件更容易满足,可以公开验证而且效率更高。     

基于椭圆曲线的代理数字签名

现有的代理数字签名方案都是基于离散对数问题和大数因子分解问题的方案.本文我们将代理签名的思想应用于椭圆曲线数字签名,提出了一种新的基于椭圆曲线离散对数问题的代理签名方案,并对方案的复杂性和安全性进行了分析.在对方案的安全性分析中,我们还提出了两类椭圆曲线上的困难问题.新方案不仅推广和丰富了代理签名的研究成果,而且也扩展了椭圆曲线密码的密码功能,为信息安全问题的解决提供了新的密码学方法.     

Provable secure proxy signature scheme without bilinear pairings

Proxy signature is an active research area in cryptography. A proxy signature scheme allows an entity to delegate his or her signing capability to another entity in such a way that the latter can sign messages on behalf of the former. Many proxy signature schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is more than 10 times of the scalar multiplication over elliptic curve group. In order to save the running time and the size of the signature, we propose a proxy signature scheme without bilinear pairings and prove its security against adaptive chosen‐message attack in random oracle model. The security of our scheme is based on the hardness of the elliptic curve discrete logarithm problem. With the running time being saved greatly, our scheme is more practical than the previous related scheme for practical applications. Copyright © 2011 John Wiley & Sons, Ltd.     

Security Arguments for Digital Signatures and Blind Signatures

Since the appearance of public-key cryptography in the seminal Diffie—Hellman paper, many new schemes have been proposed and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years is often considered as a kind of validation procedure. A much more convincing line of research has tried to provide ``provable' security for cryptographic protocols. Unfortunately, in many cases, provable security is at the cost of a considerable loss in terms of efficiency. Another way to achieve some kind of provable security is to identify concrete cryptographic objects, such as hash functions, with ideal random objects and to use arguments from relativized complexity theory. The model underlying this approach is often called the ``random oracle model.' We use the word ``arguments' for security results proved in this model. As usual, these arguments are relative to well-established hard algorithmic problems such as factorization or the discrete logarithm. In this paper we offer security arguments for a large class of known signature schemes. Moreover, we give for the first time an argument for a very slight variation of the well-known El Gamal signature scheme. In spite of the existential forgery of the original scheme, we prove that our variant resists existential forgeries even against an adaptively chosen-message attack. This is provided that the discrete logarithm problem is hard to solve. Next, we study the security of blind signatures which are the most important ingredient for anonymity in off-line electronic cash systems. We first define an appropriate notion of security related to the setting of electronic cash. We then propose new schemes for which one can provide security arguments. Received 24 October 1997 and revised 22 May 1998     

Certificateless signature and blind signature

Certificateless public key cryptography is a new paradigm introduced by Al-Riyami and Paterson. It eliminates the need of the certificates in traditional public key cryptosystems and the key escrow problem in IDentity-based Public Key Cryptography （ID-PKC）. Due to the advantages of the certificateless public key cryptography, a new efficient certificateless pairing-based signature scheme is presented, which has some advantages over previous constructions in computational cost. Based on this new signature scheme, a certificateless blind signature scheme is proposed. The security of our schemes is proven based on the hardness of computational Diffie-Hellman problem.     

Identity‐based proxy signature over NTRU lattice

Proxy signature scheme is an important cryptographic primitive, for an entity can delegate his signing right to another entity. Although identity‐based proxy signature schemes based on conventional number‐theoretic problems have been proposed for a long time, the researchers have paid less attention to lattice‐based proxy signature schemes that can resist quantum attack. In this paper, we first propose an identity‐based proxy signature scheme over Number Theory Research Unit (NTRU)‐lattice. We proved that the proposed paradigm is secure under the hardness of the γ‐shortest vector problem on the NTRU lattice in random oracle model; furthermore, the comparison with some existing schemes shows our scheme is more efficient in terms of proxy signature secret key size, proxy signature size, and computation complexity. As the elemental problem of the proposed scheme is difficult even for quantum computation model, our scheme can work well in quantum age.     

无双线性配对的无证书签名方案

为解决身份基公钥密码体制中的密钥托管问题以及基于传统公钥证书密码体制中的公钥管理过程过于繁琐的问题,Al-Riyami和Paterson提出了无证书公钥密码的概念.在已有的许多无证书签名方案中,在签名产生或者签名的验证过程中都需要双线性配对运算,并且,这些方案的安全性都基于较强的难题假设.提出了一种新的无双线性配对运算的无证书签名方案,并在随机预言机模型下基于较弱的离散对数困难假设证明了它的安全性,而且其效率优于已有方案     

安全的无可信PKG的部分盲签名方案

利用gap Diffie-Hellman(GDH)群,在部分盲签名机制的基础上,提出了一个有效的基于身份的无可信私钥生成中心(PKG,private key generator)的部分盲签名方案.方案中PKG不能够伪造合法用户的签名,因为它只能生成一部分私钥.在随机预言模型下,新方案能抵抗适应性选择消息攻击和身份攻击下的存在性伪造,其安全性依赖于CDHP问题.该方案满足正确性和部分盲性,与Chow方案相比具有较高的效率.     

无双线性对的基于身份的在线/离线门限签名方案

为了减少公钥密码体制中证书管理带来的开销和提高在线/离线门限签名方案的性能,利用分布式密钥生成协议和可验证秘密共享协议,提出了一种基于身份的在线/离线门限签名方案,并在离散对数假设下证明了新方案满足顽健性和不可伪造性。分析结果表明,新方案避免了传统公钥证书的管理问题和复杂的双线性对运算,大大降低了离线门限签名算法和签名验证算法的计算复杂度,在效率上优于已有的在线/离线门限签名方案。     

Tightly Secure Signatures From Lossy Identification Schemes

In this paper, we present three digital signature schemes with tight security reductions in the random oracle model. Our first signature scheme is a particularly efficient version of the short exponent discrete log-based scheme of Girault et al. (J Cryptol 19(4):463–487, 2006). Our scheme has a tight reduction to the decisional short discrete logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the original scheme of Girault et al. is based. The second signature scheme we construct is a modification of the scheme of Lyubashevsky (Advances in Cryptology—ASIACRYPT 2009, vol 5912 of Lecture Notes in Computer Science, pp 598–616, Tokyo, Japan, December 6–10, 2009. Springer, Berlin, 2009) that is based on the worst-case hardness of the shortest vector problem in ideal lattices. And the third scheme is a very simple signature scheme that is based directly on the hardness of the subset sum problem. We also present a general transformation that converts what we term \(lossy \) identification schemes into signature schemes with tight security reductions. We believe that this greatly simplifies the task of constructing and proving the security of such signature schemes.     

基于ELGamal签名方程的盲签名方案

进一步完善ELGamal盲签名体制，研究了基于ELGamal签名方程的盲签名方案。概述了盲签名的定义及其分类标准，基于不同的签名方程，和有限域上离散对数难解性假设，得到了相应的强盲签名和弱盲签名方案。首次系统地对不同的ELGamal签名方程进行了盲性研究，并对每个盲签名方案进行了盲性分析和安全性分析。     

Improved group signature scheme based on discrete logarithm problem

In 1998, an efficient group signature scheme (the Lee-Chang scheme) was proposed based on the discrete logarithm problem. In this scheme, different group signatures of a signer for different messages contain some identical information. Once one group signature is identified, all previous group signatures are also identified at the same time. This is impractical for applications of group signatures. The authors propose an improvement on the Lee-Chang scheme to solve the above problem. The improved group signature scheme preserves the main merits inherent in most of the Lee-Chang scheme. The security of the improved scheme is also based on the discrete logarithm problem     

Dynamic ID-based remote user mutual authentication scheme with smartcard using Elliptic Curve Cryptography

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography （ECC）, however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.     

高效的无证书广义指定验证者聚合签名方案

研究无证书广义指定验证者聚合签名的安全模型,基于双线性映射提出无证书广义指定验证者聚合签名方案。在随机预言模型和计算Diffie-Hellman困难问题假设下,证明方案不仅可以抵抗无证书广义指定验证者聚合签名的3类伪造攻击,而且满足指定验证性和不可传递性。方案的聚合签名长度和单用户签名长度相当,签名公共验证和指定验证需要的双线性对数固定。     

改进的基于离散对数的代理签名体制

基于离散对数的代理签名方案,一般分为需要可信中心和不需要可信中心两种。但在现实中,许多特定的应用环境下,一个完全可信的第三方认证中心并不存在,而且在第三方认讧中心出现问题时。吞易对信息的安全性造成直接影响。因此,构造一个不需要可信中心的代理签名方案显得非常重要。它通过对代理授权信息的盲化,加强了信息的安全性,使得授权信息可以在公共信道中传输。这样不但保证了方案在授权阶段的信息保密性,还在一定程度上提高了方案的性能。