Threshold signature scheme with threshold verification based on multivariate linear polynomial

Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults), by gating the critical action on cooperation from t(t ∈ Z ⁺) of n(n ∈ Z ⁺) users. A (t, n) threshold scheme (t < n) is a method by which a trusted party computes secret shares Γ _i (1 ⩽ i ⩽ n) from an initial secret Γ ₀ and securely distributes Γ _i to user. Any t or more users who pool their shares may easily recover Γ ₀, but any group knowing only t−1 or fewer shares may not. By the ElGamal public key cryptophytes and the Schnorr’s signature scheme, this paper proposes a new (t, n) threshold signature scheme with (k,m) (k,m ∈ Z ⁺) threshold verification based on the multivariate linear polynomial.     

Democratic group signatures with threshold traceability

This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold trace-ability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a valid democratic group signature such that any subset with more than t members can jointly reconstruct a secret and reveal the identity of the signer. Any active adversary cannot do this even if he can corrupt up to t - 1 group members.     

Cryptanalysis and Improvement of Digital Multisignature Scheme Based on RSA

Introduction Multisignature is a joint signature generated by agroup of signers. The group has a security policy thatrequires a multisignature to be signed by all groupmembers with the knowledge of multiple privatekeys. Digital multisignatures should have…     

一种基于椭圆曲线的多重数字签名方案

对基本的椭圆曲线数字签名算法（ECDSA）进行了改进，提出了一种新的基于椭圆曲线的多重数字签名方案．该方案能够允许多个用户按顺序地对一份文件进行签名，最后形成一个群体签名．并提出一种新的签名验证方案，可以有效地防止成员的欺诈行为．签名者可以通过验证操作发现伪签名，同时签名中心可以及时通过签名者提供的失败信息查找原因并进行处理，签名中心还可验证签名者公钥的有效性以防止成员内部的欺诈行为．方案充分利用椭圆曲线密码体制密钥小、速度快等优点，降低了通信成本，因而更具有安全性和实用性．     

Efficient Dynamic Threshold Group Signature Scheme Based on Elliptic Curve Cryptosystem

The short secret key characteristic of elliptic curve cryptosystem （ECC） are integrated with the （ t, n ） threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang＇s conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.     

一种高效的基于身份的代理盲签名方案

在代理签名中,原始签名人能将数字签名的权力委托给代理签名人;而在盲签名方案中,签名者不能看到被签消息的内容。签名被接受者得到后,签名者不能追踪签名,结合代理签名与盲签名的优点,利用基于椭圆曲线上的Weil配对（WeilPair—ing）的双线性映射,构造了一个高效的基于身份的代理盲签名方案．分析表明,该方案不仅满足代理盲签名所要求的所有性质,而且其效率也优于已有同类方案．     

Batch RSA signature scheme

We describe a batch RSA digital signature scheme in which a signer can sign messages for multiple recipients simultaneously. The construction is quite efficient due to the batch signing method. This is useful to improve the performance of a high-loaded signing server, for example a secure electronic transaction (SET) gateway. Theoretical calculations and experimental results show that the proposed scheme can improve the performance of the signing server significantly. Foundation item: the National Basic Research Program (973) of China (No. 2005CB321804)     

对两种代理盲签名体制的密码学分析

代理盲签名结合了代理签名与盲签名的优点，而多级代理签名实现了签名权利在许可范围内逐级向下代理的要求。利用椭圆曲线上的双线性对，陈玲玲等人提出了一种基于身份的代理盲签名方案，胡江红等人提出了一种基于身份的多级强代理盲签名方案。给出了这两个方案的密码学分析，指出在陈玲玲等人的方案中，代理签名人可以利用授权证书计算得到原始签名人的私钥，从而可直接伪造原始签名人的签名或授权，同时指出所提的两个方案也无法满足不可追踪性．代理签名人可以将自己在签名协议中的签名和签名的消息联系起来从而跟踪消息的拥有者，从而证明了这两个方案是不安全的。     

Identity-based key-insulated proxy signature without random oracles

In an identity based proxy signature (IBPS) scheme, a designated proxy signer can generate the signature on behalf of an original signer. Traditional IBPS schemes normally rely on the assumption that private keys are kept perfectly secure. However, due to viruses, worms or other break-ins allowed by operating-system holes, key exposure seems inevitable. To minimize the damage caused by key exposure in IBPS, we propose an identity-based key-insulated proxy signature (IBKIPS) scheme in the standard model, i.e. without random oracles.     

An efficient threshold key-insulated signature scheme

To tackle the key-exposure problem in signature settings, this paper introduces a new cryptographic primitive named threshold key-insulated signature (TKIS) and proposes a concrete TKIS scheme. For a TKIS system, at least k out of n helpers are needed to update a user’s temporary private key. On the one hand, even if up to k−1 helpers are compromised in addition to the exposure of any of temporary private keys, security of the non-exposed periods is still assured. On the other hand, even if all the n helpers are compromised, we can still ensure the security of all periods as long as none of temporary private keys is exposed. Compared with traditional key-insulated signature (KIS) schemes, the proposed TKIS scheme not only greatly enhances the security of the system, but also provides flexibility and efficiency.     

On constructing certificateless proxy signature from certificateless signature

In proxy signature schemes, an original signer A delegates its signing capability to a proxy signer B, in such a way that B can sign message on behalf of A.The recipient of the final message verifies at the same time that B computes the signature and that A has delegated its signing capability to B.Recently many identity-based(ID-based) proxy signature schemes have been proposed, however, the problem of key escrow is inherent in this setting.Certificateless cryptography can overcome the key escrow problem.In this paper, we present a general security model for certificateless proxy signature scheme.Then, we give a method to construct a secure certificateless proxy scheme from a secure certificateless signature scheme, and prove that the security of the construction can be reduced to the security of the original certificateless signature scheme.     

Identity-based verifiably committed signature scheme without random oracles

An identity-based verifiably committed signature scheme （IB-VCS） was proposed, which is proved secure in the standard model （i.e., without random oracles）. It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman （CDH） problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt＇s identity based signature （IBS） scheme is secure, which is proven true based on the CDH assumption in the standard model.     

Certificateless message recovery signatures providing girault’s level-3 security

A digital signature with message recovery is a signature that the message itself (or partial of the message) is not required to be transmitted together with the signature. It has the advantage of small data size of communication comparing with the traditional digital signatures. In this paper, combining both advantages of the message recovery signatures and the certificateless cryptography, we propose the first certificatelss signature scheme with message recovery. The remarkable feature of our scheme is that it can achieve Girault’s Level-3 security while the conventional certificateless signature scheme only achieves Level-2 security. The security of the scheme is rigorously proved in the random oracle model based on the hardness of the k bilinear Diffie-Hellman inverse (k-BDHI) problem.     

Attribute-based signature on lattices

Attribute-based signature is a versatile class of digital signatures. In attribute-based signature, a signer obtains his private key corresponding to the set of his attributes from a trusted authority, and then he can sign a message with any predicate that is satisfied by his attributes set. Unfortunately, there does not exist an attribute- based signature which is resistance to the quantum attacks. This means we do not have secure attribute-based signature schemes in a post-quantum world. Based on this consideration, an attribute-based signature on lattices, which could resist quantum attacks, is proposed. This scheme employs ＂bonsai tree＂ techniques, and could be proved secure under the hardness assumption of small integer solution problem.     

Directed proxy signature in the standard model

A directed signature is a type of signature with restricted verification ability. Directed signatures allow only a designated verifier to check the validity of the signature issued to him, and at the time of trouble or if necessary, any third party can verify the signature with the help of the signer or the designated verifier. Directed signature schemes are widely used in situations where the receiver’s privacy should be protected. Proxy signatures allow an entity to delegate its signing capability to another entity in such a way that the latter can sign message on behalf of the former when the former is not available. Proxy signature schemes have found numerous practical applications such as distributed systems and mobile agent applications. In this paper, we firstly define the notion of the directed proxy signature by combining the proxy signature and directed signature. Then, we formalize its security model and present a concrete scheme in the standard model. Finally, we use the techniques from provable security to show that the proposed scheme is unforgeable under the gap Diffie-Hellman assumption, and invisible under the decisional Diffie-Hellman assumption.     

一种动态门限群签名方案的弱点

已有的门限群签名方案几乎都存在弱点,设计性能良好的门限群签名是密码学中的一个公开问题。针对一种动态门限群签名方案详细分析了其存在的弱点,其中最主要的弱点是:部分成员可以合谋得到系统的秘密参数,从而伪造群签名。     

基于椭圆曲线的不可否认门限代理签名方案

针对已有的门限代理签名方案不能有效地抵抗签名人协作攻击和伪造攻击,以及在某些场合实用性不强的缺点提出了改进方案.在代理签名生成阶段要求每个实际签名人提供自己的私钥信息,在形成的代理签名中不仅包含每个代理签名人的秘密信息,还包含了每个实际签名人的秘密信息,从而能有效抵抗协作攻击和伪造攻击.另外,用椭圆曲线密码机制替换了已有的方案中用的ElGamal离散对数密钥机制,使系统效率更高.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

Democratic group signatures with linkability from gap Diffie-Hellman group

Democratic group signatures(DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager.Security results of existing work are based on decisional Diffie-Hellman(DDH) assumption.In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman(GDH) group where DDH problem is easily but computational Diffie-Hellman(CDH) problem is hard to be solved.Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key.Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman(DPDH) assumption which is weaker than DDH one.     

A high-performance low cost inverse integer transform architecture for AVS video standard

A high-performance, low cost inverse integer transform architecture for advanced video standard (AVS) video coding standard was presented. An 8×8 inverse integer transform is required in AVS video system which is compute-intensive. A hardware transform is inevitable to compute the transform for the real-time ap-plication. Compared with the 4×4 transform for H.264/AVC, the 8×8 integer transform is much more complex and the coefficient in the inverse transform matrix Ts is not inerratic as that in H.264/AVC. Dividing the Ts into matrix S8 and R8, the proposed architecture is implemented with the adders and the specific CSA-trees instead of multipliers, which are area and time consuming. The architecture obtains the data processing rate up to 8 pixels per-cycle at a low cost of area. Synthesized to TSMC 0.18 μm COMS process, the architecture attains the operating frequency of 300 MHz at cost of 34 252 gates with a 2-stage pipeline scheme. A reusable scheme is also introduced for the area optimization, which results in the operating frequency of 143 MHz at cost of only 19 758 gates.