Peng Li,Junzuo Lai,Dehua Zhou,Lianguan Huang,Meng Sun,Wei Wu,Ye Yang

DOI: https://doi.org/10.1007/s11704-023-3225-3

IF: 2.6688

2024-11-23

Frontiers of Computer Science

Abstract:To prevent misuse of privacy, numerous anonymous authentication schemes with linkability and/or traceability have been proposed to ensure different types of accountabilities. Previous schemes cannot simultaneously achieve public linking and tracing while holding access control, therefore, a new tool named linkable and traceable anonymous authentication with fine-grained access control (LTAA-FGAC) is offered, which is designed to satisfy: (i) access control, i.e., only authorized users who meet a designated authentication policy are approved to authenticate messages; (ii) public linkability, i.e., anyone can tell whether two authentications with respect to a common identifier are created by an identical user; (iii) public traceability, i.e., everyone has the ability to deduce a double-authentication user's identity from two linked authentications without the help of other parties. We formally define the basic security requirements for the new tool, and also give a generic construction so as to satisfy these requirements. Then, we present a formal security proof and an implementation of our proposed LTAA-FGAC scheme.

computer science, information systems, theory & methods, software engineering

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Peng Li,Junzuo Lai,Dehua Zhou,Ye Yang,Wei Wu,Junbin Fang

DOI: https://doi.org/10.1016/j.comnet.2023.109828

IF: 5.493

2023-05-25

Computer Networks

Abstract:Incentive-based applications enable users to obtain rewards after they complete a task, but how to balance the privacy and accountability is one of the most serious concerns currently. Publicly accountable anonymous authentication provides an excellent way verifying a user's identity in a privacy-preserving way while ensuring public accountability in case of dispute. Although different kinds of these schemes have been proposed, they all assume that there is a single centralized certificate authority issuing a certificate to users, and are not suitable for an actual scenario which always involves multiple authorities. Therefore, a new primitive called multi-authority linkable and traceable anonymous authentication is proposed to address this issue, enabling privacy protection while holding public accountability under a multi-authority setting. We formally define a security model for this new notion and simultaneously design a generic construction while giving the security proof. Additionally, we implement the proposed scheme to show its efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

彭志宇,李善平,杨朝晖,林欣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2010.05.011

2010-01-01

Abstract:An anonymous authorization mechanism was proposed to protect the user's privacy in the process of authorization in trust management. User requested for services using their real identification in most of the classic trust-management language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request, the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider. Results showed that the anonymous mechanism shared the same worst-case time complexity with the traditional forward credential-chain-searching method. A method of caching all the members in the nodes was proposed to improve the performance in time spending. Simulation results showed that the performance in time spending greatly improved in the relative stable systems, in which the credentials change slowly.

Fang Li,Xiaofen Wang,Xiong Li,Xichen Zhang,Rongxing Lu,Tao Chen

DOI: https://doi.org/10.21203/rs.3.rs-2562683/v1

2023-01-01

Abstract:Abstract As an electronic form of traditional voting, electronic voting is becoming more and more popular in today’s information society. Most of the existing electronic voting protocols need a trusted center to calculate the voting result, but the requirement of a trusted center is often unrealistic and prone to single point of failure. In this regard, the decentralized electronic voting protocols based on blockchain have been proposed. Unfortunately, most existing blockchain-based voting protocols fail to ensure anonymity, legitimacy, and correctness of counting. Besides, they do not satisfy robustness, i.e., the voting result cannot be counted in the event of voter abstention. To address the above challenges, we propose a novel blockchain-based self-tallying voting protocol, where the group signature and zero-knowledge proof are utilized in a way that the voter can securely distribute anonymous and unlinkable electronic ballots, thereby guaranteeing complete anonymity and legitimacy. Meanwhile, a novel signcryption algorithm is designed by combining distributed ElGamal encryption and Paillier encryption algorithms, which enhances the computational efficiency of voting results while supporting robustness. The security proof shows that our protocol ensures the confidentiality of ballots, complete anonymity, legitimacy, fairness, dispute-freeness and resistance against multi-voting. In addition, our protocol satisfies robustness, i.e., voting result can be correctly calculated and verified even if some voters abstain from voting. Finally, extensive experiments show that our protocol greatly reduces the computational cost and communication overhead, and is more practical than existing self-tallying voting protocols.

Meiqi Li,Xinyi Luo,Wentuo Sun,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/icc45855.2022.9838840

2022-01-01

Abstract:E-voting plays a vital role in modern social life. However, traditional e-voting systems usually rely on a trusted third party and therefore non-verifiable and prone to a single point of failure. In recent years, many researchers have tried to turn to blockchain to eliminate the vulnerabilities of e-voting systems. However, blockchain-based e-voting brings new problems in protecting voters’ privacy and ballots’ confidentiality, and causes a great performance degradation. In this paper, we propose AvecVoting, an anonymous and verifiable blockchain-based e-voting scheme, providing both strong security and high performance. Specifically, we utilize threshold encryption and one-time ring signature to protect voters’ privacy and ballots’ confidentiality. Furthermore, to improve the performance, we introduce the concept "counter" to count the ballots. Through the carefully designed RandomSortition and reputation-based PayOff algorithms based on smart contracts, AvecVoting can achieve correct counting even when some counters are untrustworthy. Our security and performance analyses show that AvecVoting provides strong security such as anonymity, non-repeatability, confidentiality, verifiability, etc., and meanwhile overcome the performance issues caused by blockchain and provides good efficiency in both voting and counting stages.

Meixia Miao,Lin Tang,Jiawei Li,Xuefeng Zhang

DOI: https://doi.org/10.1109/tnse.2023.3336516

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Electronic voting plays a key role in the functioning of modern democracies. However, existing electronic voting protocols have some disadvantages, such as inability to trace the identity of malicious voters, insecurity of the voting process, and lack of a score voting paradigm. To address these issues, we propose a novel blockchain-based publicly traceable self-tallying voting protocol that implements scored voting. The protocol enables voters to score each candidate within a specified range. At the end of voting, the candidate with the highest total score is declared the winner of the election. Meanwhile, we take advantage of traceable ring signatures and homomorphic time-lock puzzles to balance the anonymity and accountability, and guarantee time-bounded privacy of the ballots. We prove that the proposed protocol satisfies the properties of full-anonymity, linkability, public traceability and time-bounded privacy. In addition, performance analysis shows that our protocol guarantees various properties of score voting with reasonable overhead.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Ao Sun,H. Song,Yan Tong,Rongbo Zhu,Shiwei Xu,Zhengwei Ren,Tao Wang

DOI: https://doi.org/10.1109/TITS.2024.3383668

2024-09-01

Abstract:As the Internet of Vehicles (IoV) has become the critical part of Intelligent Vehicular Transportation Systems (IVTS), massive IoV entities (e.g., RSU, OBU, pedestrians’ mobile devices, etc.) get involved into IVTS. At present, one of the biggest challenges with IoV/IVTS is how to maintain a balance between security and privacy. The receivers need to be sure that they are receiving reliable messages from the origin and could trace or link the attacker’s identity, but the tracing or linking may work against the sender’s need for identity privacy. To solve the security and privacy problem, most of current works have proposed authentication solutions to provide anonymous, traceable and unlinkable schemes, which are still vulnerable to either Sybil attacks or quantum attacks. Therefore, we propose the blockchain-based post-quantum anonymous, traceable and linkable authentication scheme by utilizing NIST winner post-quantum algorithms and related post-quantum linkable ring signature. Grounded on the authentication scheme, we also develop key exchange mechanism, which help IoV entities perform efficient message authentication encryption/decryption during P2P communication and broadcast. The security analysis shows that our proposal is resistant to Sybil attack and provides other essential security characteristics including man-in-the-middle-proof and anti-replay. Finally, we perform detailed performance evaluation including each on-chain API execution time, the off-chain communication time and the on-board/on-chain storage requirements. To further evaluate the feasibility of our scheme in the IoV/IVTS environment, we also show the effectiveness of our proposal in a blockchain-based simulation study.

Engineering,Computer Science

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer

DOI: https://doi.org/10.48550/arXiv.1804.07201

2018-04-19

Abstract:Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

Cryptography and Security

Jiazhuo Lyu,Zoe L. Jiang,Xuan Wang,Zhenhao Nong,Man Ho Au,Junbin Fang

DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2019.00082

2019-01-01

Abstract:E-voting plays a significant role in social activities. The trust of the voting results and the privacy of each voter are always the most important concerns in designing secure e-voting system. In this paper, we design a decentralized trustless e-voting system based on the smart contract. To guarantee the correctness of the voting result, the smart contract on Blockchain is used to provide a trusted public bulletin board and trusted computing environment. To hide the identity of each voter as well as avoid multiple voting, linkable ring signature is used for each voter to group a signing ring. In addition, to make sure that all voters will see the voting result at the same time, or nobody can get it, threshold encryption without trusted third party is used to make secret-key secretly before tally stage. Moreover, the trust (power) of the voting system is separated to all voters. Even though some of them are malicious, the final result will not be influenced. The contract is deployed on the Ethereum private network. Some feasibility and cost analysis on money and time are also provided.

Panagiotis Grontas,Aris Pagourtzis,Alexandros Zacharakis,Bingsheng Zhang

2018-01-01

Abstract:In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.

Lan Nguyen

DOI: https://doi.org/10.1007/11958239_6

2006-01-01

Abstract:In k-times anonymous authentication (k-TAA) schemes, members of a group can be anonymously authenticated to access applications for a bounded number of times determined by application providers. Dynamick-TAA allows application providers to independently grant or revoke group members from accessing their applications. Dynamic k-TAA can be applied in several scenarios, such as k-show anonymous credentials, digital rights management, anonymous trial of Internet services, e-voting, e-coupons etc. This paper proposes the first provably secure dynamic k-TAA scheme, where authentication costs do not depend on k. This efficiency is achieved by using a technique called “efficient provable e-tag”, which could be applicable to other e-tag systems.

Zikai Wang,Xinyi Luo,Meiqi Li,Wentuo Sun,Kaiping Xue

DOI: https://doi.org/10.1109/globecom48099.2022.10001590

2022-01-01

Abstract:E-voting plays a vital role in guaranteeing and promoting social fairness and democracy. However, traditional e-voting schemes rely on a centralized organization, leading to a crisis of trust in the vote-counting results. In response to this problem, researchers have introduced blockchain to realize decentralized e-voting, but the adoption of blockchain also brings new issues in terms of flexibility, anonymity, and usability. To this end, in this paper, we propose WeVoting, which provides weight-based flexibility with solid anonymity and enhances usability by designing a voter-independent on-chain counting mechanism. Specifically, we use distributed ElGamal homomorphic encryption and zero-knowledge proof to achieve voting anonymity with weight. Besides, WeVoting develops a counter-based counting mechanism to enhance usability compared with those self-tallying schemes. By critically designing an honesty-and-activity-based incentive algorithm, WeVoting can guarantee a correct counting result even in the presence of malicious counters. Our security and performance analyses elaborate that WeVoting achieves high anonymity in weighed voting under the premise of meeting the basic security requirements of e-voting. And meanwhile, its counting mechanism is sufficient for practical demands with reasonable overheads.

Kazue Sako,Jun Furukawa,Isamu Teranishi

DOI: https://doi.org/10.1587/TRANSFUN.E92.A.147

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features that allow 1) no one, not even an authority, identify users who have been authenticated within the allowable number, and that allow 2) anyone to trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Although identity escrow/group signature schemes allow users to be anonymously authenticated, the authorities in these schemes have the unnecessary ability to trace any user. Moreover, since it is only the authority who is able to trace users, one needs to make cumbersome inquiries to the authority to see how many times a user has been authenticated. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

Computer Science

Lai Jin,Fan Yushun

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.01.045

2003-01-01

Abstract:These years, people have proposed several anonymous based electronic voting schemes, however there is still some security weakness in them. In this paper, A improved scheme is put forward in which we use the technology of multi_blind signature to prevent the probable cheating of visa officials, propose a kind of confirmable serial NO to identify the ballots and introduce custodians to supervise the work of ballots collector. So the scheme can resolve such problems as " vote collision", " visa officials' fraud " and " voter quit in the midway", which exit

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Lingyue Zhang,Huilin Li,Yannan Li,Yong Yu,Man Ho Au,Baocang Wang

DOI: https://doi.org/10.1016/j.future.2019.05.081

IF: 7.307

2019-12-01

Future Generation Computer Systems

Abstract:<p>Cryptocurrencies, led by bitcoin launched in 2009, have obtained wide attention in recent years. Anonymous cryptocurrencies are highly essential since users need to preserve their privacy when conducting transactions. However, some users might misbehave with the cover of anonymity such as rampant trafficking or extortion. Thus, it is important to balance anonymity and accountability of anonymous cryptocurrencies. In this paper, we address this issue by proposing a linkable group signature for signing cryptocurrency transactions, which can be used to trace a payer's identity in consortium blockchain based anonymous cryptocurrencies, in case a payer misbehaves in the system. The anonymity can be retained if a user behaves honestly. We prove that the proposed scheme achieves full-anonymity, full-traceability and linkability in the random oracle model. Implementation of the proposed linkable group signature scheme demonstrates its high efficiency and thus, can be adopted in anonymous cryptocurrencies in reality.</p>

Shunrong Jiang,Guohuai Sang,Xuedan Jia,Fengjiao Li,Haotian Chi

DOI: https://doi.org/10.1109/globecom54140.2023.10437252

2023-01-01

Abstract:Conditional privacy-preserving authentication can provide anonymity and traceability to Vehicular Ad-Hoc Networks (VANETs), which protects users' privacy while resisting malicious users and false messages. However, existing schemes suffer from various disadvantages, such as unavailable batch verification, unrenewable user public keys/certificates, and untimely revocation. In this work, we design an efficient conditional privacy-preserving authentication scheme with the on-chain key management (EAKM) for VANETs. To achieve lightweight authentication, we design an efficient Signature of Knowledge (SoK) and a batch verification algorithm. Moreover, we use the hash chain technology to update users' anonymous public keys. In addition, based on the blockchain technology and smart contract, we could manage users' anonymous public keys efficiently and transparently. Security analysis and simulation results show that EAKM ensures conditional privacy with less authentication overhead.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer,Nick Wils

DOI: https://doi.org/10.48550/arXiv.1811.07642

2019-04-11

Abstract:An anonymous Single Sign-On (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link service requests of a user even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorise new verifiers to authenticate the user on behalf of the original verifier. Furthermore, if required, a central verifier is authorised to deanonymise users and trace their service requests. We formalise the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimising the collection of personal information of users is increasingly important to transport organisations due to privacy regulations such as General Data Protection Regulations (GDPR).

Cryptography and Security

Yong Woon Hwang,Taehoon Kim,Daehee Seo,Im-Yeong Lee

DOI: https://doi.org/10.1080/09540091.2023.2287979

2024-01-10

Connection Science

Abstract:In order to provide the reliability of transmitted data in the era of big data, it is necessary to communicate by applying signature technology to data. There are various signature schemes, among which attribute-based signatures perform signatures based on user attributes. This ensures signer anonymity by allowing users to create and verify signatures without exposing the signer's sensitive information. However, the verifier can verify normally if the attribute period expires and a user without signing authority creates and transmits a signature with the existing signing key and attributes. In addition, signers who abuse anonymity can disclose their signing keys and attributes for some purpose (Money, profit) because there is no risk of being caught. Unauthorized users can use public information to sign and send messages. Therefore, in this paper, we propose a Traceable Attribute-based Signature scheme provided with anonymous credentials. The proposed scheme has the feature of verifying the validity of the signer by using the pseudonym ID included in the user list in the cloud server. In addition, the signer's identity is expressed as an Oblivious Transfer-based pseudonym ID. The signer's identity can be verified through tracing in case of a problem.

computer science, artificial intelligence, theory & methods