Bryan Kumara,Mark Hooper,Carsten Maple,Timothy Hobson,Jon Crowcroft

DOI: https://doi.org/10.48550/arXiv.2310.17297

2023-10-26

Abstract:Redactable signature schemes and sanitizable signature schemes are methods that permit modification of a given digital message and retain a valid signature. This can be applied to decentralized identity systems for delegating identity issuance and redacting sensitive information for privacy-preserving verification of identity. We propose implementing these protocols on a digital credential and compare them against other privacy-enhancing techniques to assess their suitability

Cryptography and Security,Computers and Society

Masayuki Tezuka,Keisuke Tanaka

DOI: https://doi.org/10.1587/transfun.2020DMP0013

2022-02-20

Abstract:Redactable signature allows anyone to remove parts of a signed message without invalidating the signature. The need to prove the validity of digital documents issued by governments is increasing. When governments disclose documents, they must remove private information concerning individuals. Redactable signature is useful for such a situation. However, in most redactable signature schemes, to remove parts of the signed message, we need pieces of information for each part we want to remove. If a signed message consists of l elements, the number of elements in an original signature is at least linear in l. As far as we know, in some redactable signature schemes, the number of elements in an original signature is constant, regardless of the number of elements in a message to be signed. However, these constructions have drawbacks in that the use of the random oracle model or generic group model. In this paper, we construct an efficient redactable signature to overcome these drawbacks. Our redactable signature is obtained by combining set-commitment proposed in the recent work by Fuchsbauer et al. (JoC 2019) and digital signatures.

Cryptography and Security

Jie Liu,Jianhua Li

DOI: https://doi.org/10.1109/isa.2008.37

2008-01-01

Abstract:Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al.’s scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al.’s scheme and makes it more efficient in computation and communication.

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Shuai Han,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-57728-4_1

2024-01-01

Abstract:In this paper, we study the design of efficient signature and public-key encryption (PKE) schemes in the presence of both leakage and tampering attacks. Firstly, we formalize the strong leakage and tamper-resilient (sLTR) security model for signature, which provides strong existential unforgeability, and deals with bounded leakage and restricted tampering attacks, as a counterpart to the sLTR security introduced by Sun et al. (ACNS 2019) for PKE. Then, we present direct constructions of signature and chosen-ciphertext attack (CCA) secure PKE schemes in the sLTR model, based on the matrix decisional Diffie-Hellman (MDDH) assumptions (which covers the standard symmetric external DH (SXDH) and k-Linear assumptions) over asymmetric pairing groups. Our schemes avoid the use of heavy building blocks such as the true-simulation extractable non-interactive zero-knowledge proofs (tSE-NIZK) proposed by Dodis et al. (ASIACRYPT 2010), which are usually needed in constructing schemes with leakage and tamper-resilience. Especially, our SXDH-based signature and PKE schemes are more efficient than the existing schemes in the leakage and tamper-resilient setting: our signature scheme has only 4 group elements in the signature, which is about 5x similar to 8x shorter, and our PKE scheme has only 6 group elements in the ciphertext, which is about 1.3x similar to 3.3x shorter. Finally, we note that our signature scheme is the first one achieving strong existential unforgeability in the leakage and tamper-resilient setting, where strong existential unforgeability has important applications in building more complex primitives such as signcryption and authenticated key exchange.

Thiago Bergamaschi,Naresh Goud Boddu

2023-11-28

Abstract:Tamper-detection codes (TDCs) and non-malleable codes (NMCs) are now fundamental objects at the intersection of cryptography and coding theory. Both of these primitives represent natural relaxations of error-correcting codes and offer related security guarantees in adversarial settings where error correction is impossible. While in a TDC, the decoder is tasked with either recovering the original message or rejecting it, in an NMC, the decoder is additionally allowed to output a completely unrelated message. In this work, we study quantum analogs of one of the most well-studied adversarial tampering models: the so-called split-state tampering model. In the $t$-split-state model, the codeword (or code-state) is divided into $t$ shares, and each share is tampered with "locally". Previous research has primarily focused on settings where the adversaries' local quantum operations are assisted by an unbounded amount of pre-shared entanglement, while the code remains unentangled, either classical or separable. We construct quantum TDCs and NMCs in several $\textit{resource-restricted}$ analogs of the split-state model, which are provably impossible using just classical codes. In particular, against split-state adversaries restricted to local (unentangled) operations, local operations and classical communication, as well as a "bounded storage model" where they are limited to a finite amount of pre-shared entanglement. We complement our code constructions in two directions. First, we present applications to designing secret sharing schemes, which inherit similar non-malleable and tamper-detection guarantees. Second, we discuss connections between our codes and quantum encryption schemes, which we leverage to prove singleton-type bounds on the capacity of certain families of quantum NMCs in the split-state model.

Quantum Physics

J Pieprzyk,HX Wang,CP Xing

DOI: https://doi.org/10.1007/978-3-540-24654-1_7

2004-01-01

Abstract:Multiple-time signatures are digital signature schemes where the signer is able to sign a predetermined number of messages. They are interesting cryptographic primitives because they allow to solve many important cryptographic problems, and at the same time offer substantial efficiency advantage over ordinary digital signature schemes like RSA. Multiple-time signature schemes have found numerous applications, in ordinary, on-line/off-line, forward-secure signatures, and multicast/stream authentication. We propose a multiple-time signature scheme with very efficient signing and verifying. Our construction is based on a combination of one-way functions and cover-free families, and it is secure against the adaptive chosen-message attack.

André Chailloux,Simona Etinski

DOI: https://doi.org/10.1007/S10623-023-01329-Y

2024-08-28

Abstract:Stern's signature scheme is a historically important code-based signature scheme. A crucial optimization of this scheme is to generate pseudo-random vectors and a permutation instead of random ones, and most proposals that are based on Stern's signature use this optimization. However, its security has not been properly analyzed, especially when we use deterministic commitments. In this article, we study the security of this optimization. We first show that for some parameters, there is an attack that exploits this optimization and breaks the scheme in time $O(2^{\frac{\lambda}{2}})$ while the claimed security is $\lambda$ bits. This impacts in particular the recent Quasy-cyclic Stern signature scheme [BGMS22]. Our second result shows that there is an efficient fix to this attack. By adding a string $salt \in \{0,1\}^{2\lambda}$ to the scheme, and changing slightly how the pseudo-random strings are generated, we prove not only that our attack doesn't work but that for any attack, the scheme preserves $\lambda$ bits of security, and this fix increases the total signature size by only $2\lambda$ bits. We apply this construction to other optimizations on Stern's signature scheme, such as the use of Lee's metric or the use of hash trees, and we show how these optimizations improve the signature length of Stern's signature scheme.

Cryptography and Security

Alberto Tarable,Rudi Paolo Paganelli,Elisabetta Storelli,Alberto Gatto,Marco Ferrari

2024-06-28

Abstract:This paper introduces Generalized Quantum-assisted Digital Signature (GQaDS), an improved version of a recently proposed scheme whose information theoretic security is inherited by adopting QKD keys for digital signature purposes. Its security against forging is computed considering a trial-and-error approach taken by the malicious forger and GQaDS parameters are optimized via an analytical approach balancing between forgery and repudiation probabilities. The hash functions of the previous implementation are replaced with Carter-Wegman Message Authentication Codes (MACs), strengthening the scheme security and reducing the signature length. For particular scenarios where the second verifier has a safe reputation, a simplified version of GQaDS, namely deterministic GQaDS, can further reduce the required signature length, keeping the desired security strength.

Cryptography and Security

Chenhuang Wu,Hui Huang,Kun Zhou,Chunxiang Xu

DOI: https://doi.org/10.23919/jcc.2021.01.013

2021-01-01

China Communications

Abstract:Digital signature, as an important cryptographic primitive, has been widely used in many application scenarios, such as e-commerce, authentication, cloud computing, and so on. Certificateless Public Key Cryptography (PKC) can get rid of the certificate management problem in the traditional Public Key Infrastructure (PKI) and eliminate the key-escrow problem in the identity-based PKC. Lately, a new Certificateless Signature (CLS) scheme has been proposed by Kyung-Ah Shim (IEEE SYSTEMS JOURNAL, 2018, 13(2)), which claimed to achieve provable security in the standard model. Unfortunately, we present a concrete attack to demonstrate that the scheme cannot defend against the Type I adversary. In this type of attack, the adversary can replace the public key of the signer, and then he plays the role of the signer to forge a legal certificateless signature on any message. Furthermore, we give an improved CLS scheme to resist such an attack. In terms of the efficiency and the signature length, the improved CLS is preferable to the original scheme and some recently proposed CLS schemes in the case of precomputation.

Zongyang Zhang,Yu Chen,Sherman S. M. Chow,Goichiro Hanaoka,Zhenfu Cao,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-319-26059-4_24

2015-01-01

Abstract:A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle RO model. The work of Fischlin and Fleischhacker Eurocrypt﾿'13 investigated the case of Schnorr signature and generally, Fiat-Shamir signatures and showed the reliance of RO model is inherent. We generalize their results to a large class of \"malleable\" hash-and-sign signatures, where one can efficiently \"maul\"any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys. We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a one-more cryptographic problem depending on the signature instantiation. Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers $$\\Gamma $$-signature Yao and Zhao, IEEE Transactions on Information Forensics and Security﾿'13, and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

HM Sun,BC Chen,HT Yeh

DOI: https://doi.org/10.1016/j.jcss.2003.10.003

IF: 1.043

2004-01-01

Journal of Computer and System Sciences

Abstract:To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp we can neither trust signed documents when the signer's signature key, was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that he has accidentally lost his signature key. Based on relative temporal authentication, several linking schemes for digital time-stamping have been proposed to solve this problem. However, these schemes suffer from the forward forgery which is an attempt to stamp a present time-stamp on a past document by an unauthorized one. In addition, the verification cost in these schemes is too high because it is dependent upon the number of the issued time-stamps. In this paper, we propose four time-stamped signature schemes that are based on absolute temporal authentication. These proposed schemes are very efficient in verifying the validity of time-stamped signatures and are quite secure against the forward forgery. It is natural that the time-stamped signature schemes based on absolute temporal authentication suffer from the weakness when the signer colludes with the Time-Stamping Service. To combat the collusion problem, time-stamped signature schemes with hybrid temporal authentication are therefore proposed.

Joo Woo,Kwangsu Lee,Jong Hwan Park

DOI: https://doi.org/10.1371/journal.pone.0310708

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In 2009, Lyubashevsky proposed a lattice-based signature scheme using the Schnorr-like identification and the Fiat-Shamir heuristic and proved its security under the collision resistance of a generalized compact knapsack function. However, their security analysis requires the witness indistinguishability property, leading to significant inefficiency and an increase of sizes of public key and signature. To overcome the efficiency issue associated with the WI property, we introduce a new lattice-based assumption, called the target-modified one-wayness problem of the GCK function and show its reduction to well-known lattice-based problems. Additionally, we present a simple and efficient GCK-based signature scheme, GCKSign, whose security is based on the Module GCK-TMO problem in the random oracle model. GCKSign is a natural extension of Lyubashevsky's scheme in a module setting, but achieves considerable efficiency gains due to eliminating the witness indistinguishability property. As a result, GCKSign achieves approximately 3.4 times shorter signature size and 2.4 times shorter public key size at the same security level.

Andrew C. Yao,Yunlei Zhao

2012-01-01

Abstract:Digital signature is one of the basic primitives in cryptography. A common paradigm of obtaining signatures, known as the Fiat-Shamir (FS) paradigm, is to collapse any Σ-protocol (which is 3-round public-coin honest-verifier zero-knowledge) into a non-interactive scheme with hash functions that are modeled to be random oracles (RO). The Digital Signature Standard (DSS) and Schnorr’s signature schemes are two salient examples following the FS-paradigm. In this work, we present a modified Fiat-Shamir paradigm, named challenge-divided Fiat-Shamir paradigm, which is applicable to a variant of Σ-protocol with divided random challenges. This new paradigm yields a new family of (online/offline efficient) digital signatures from challenge-divided Σ-protocols, including in particular a variant of Schnorr’s signature scheme called challenge-divided Schnorr signature. We then present a formal analysis of the challenge-divided Schnorr signature in the random oracle model. Finally, we give comparisons between the challenge-divided Schnorr signature and DSS and Schnorr’s signature, showing that the newly developed challenge-divided Schnorr signature can enjoy better (online/offline) efficiency (besides provable security in the random oracle model). Of independent interest is a new forking lemma, referred to as divided forking lemma, for dealing with multiple ordered rewinding points in the RO model, which is of independent interest and can be applied to analyzing other cryptographic schemes in the RO model.

Yan Xu,Miaomiao Tian,Liusheng Huang,Wei Yang

2014-01-01

Abstract:Recently, Boyen at PKC 2010 proposed a lattice-based signature scheme in the standard model. In this paper, we show that his signature scheme does not satisfy strong unforgeability. In other words, an adversary can produce a new signature for a message M after seeing a signature of the message M. Then we present an improved scheme and prove that the improved scheme satisfies strong unforgeability. Furthermore, the improved signature scheme is as efficient as Boyen’s signature scheme.

Yong-Dong Zhang,Sheng Tang,Jin-Tao Li

DOI: https://doi.org/10.1007/s11390-007-9079-6

2007-01-01

Abstract:In this paper, a secure and incidental distortion tolerant signature method for image authentication is proposed. The generation of authentication signature is based on Hotelling’s T-square Statistic (HTS) via Principal Component Analysis (PCA) of block DCT coefficients. HTS values of all blocks construct a unique and stable “block-edge image”, i.e., Structural and Statistical Signature (SSS). The characteristic of SSS is that it is short, and can tolerate content-preserving manipulations while keeping sensitive to content-changing attacks, and locate tampering easily. During signature matching, the Fisher criterion is used to obtain optimal threshold for automatically and universally distinguishing incidental manipulations from malicious attacks. Moreover, the security of SSS is achieved by encryption of the DCT coefficients with chaotic sequences before PCA. Experiments show that the novel method is effective for authentication.

Huiqiang Liang,Jianhua Chen

DOI: https://doi.org/10.1007/s11704-022-2288-x

IF: 2.6688

2024-01-01

Frontiers of Computer Science

Abstract:A threshold signature is a special digital signature in which the N-signer share the private key x and can construct a valid signature for any subset of the included t-signer, but less than t-signer cannot obtain any information. Considering the breakthrough achievements of threshold ECDSA signature and threshold Schnorr signature, the existing threshold SM2 signature is still limited to two parties or based on the honest majority setting, there is no more effective solution for the multiparty case. To make the SM2 signature have more flexible application scenarios, promote the application of the SM2 signature scheme in the blockchain system and secure cryptocurrency wallets. This paper designs a non-interactive threshold SM2 signature scheme based on partially homomorphic encryption and zero-knowledge proof. Only the last round requires the message input, so make our scheme non-interactive, and the pre-signing process takes 2 rounds of communication to complete after the key generation. We allow arbitrary threshold t≤n and design a key update strategy. It can achieve security with identifiable abort under the malicious majority, which means that if the signature process fails, we can find the failed party. Performance analysis shows that the computation and communication costs of the pre-signing process grows linearly with the parties, and it is only 1/3 of the Canetti’s threshold ECDSA (CCS'20).

王斌,潘皓东,李建华

DOI: https://doi.org/10.3321/j.issn:1006-2467.2002.09.030

2002-01-01

Abstract:Group Oriented ( T,N ) threshold signature is a kind of special digital signature scheme, some members of the group can sign document on behalf of the group, however, the security weakness in the existing group oriented threshold signature schemes slows down the application of the threshold signature. In these schemes, either some members conspire to get the secret parameters of the system or attackers forge the signature according to the acquired valid signature. Based on the idea of multiple signature and different signing combination using different polynomial ,this paper presented a modified scheme. Through security analysis ,the new scheme can avoid the two attack ways mentioned above.

Junke Duan,Wei Wang,Licheng Wang,Lize Gu

DOI: https://doi.org/10.1109/tifs.2024.3436925

IF: 7.231

2024-08-20

IEEE Transactions on Information Forensics and Security

Abstract:Immutability is widely recognized as one of the blockchain's key security attributes. However, in recent years, incidents involving the use of blockchain for disseminating illegal or malicious information have raised concerns over its strict immutability. To address these issues, redactable blockchains are proposed as a novel solution, permitting authorized content redactions without compromising the structural integrity of the blockchain. Unfortunately, current solutions are unable to restrict the abuse of redaction privilege, except for relying on a trusted authority or committee, which contradicts the trustlessness principle of blockchain. In this paper, we propose a controlled redactable blockchain protocol that allows for a limited number of redactions and supports a transparent setup. The cryptographic tools enabling this functionality are our proposed t-times chameleon hash (t-CH) and signature (t-CS) schemes, where generating more than t collisions will expose the trapdoor. We present security models, discrete logarithm-based instantiations, and formal security proofs for both t-CH and t-CS. Subsequently, we present the construction of our redaction protocol in both permissioned and permissionless settings. Finally, we experimentally demonstrate the effectiveness of the proposed protocol in practice.

computer science, theory & methods,engineering, electrical & electronic

Antonio Parziale,Moises Diaz,Miguel A. Ferrer,Angelo Marcelli

DOI: https://doi.org/10.1016/j.patrec.2018.07.029

2024-05-20

Abstract:Building upon findings in computational model of handwriting learning and execution, we introduce the concept of stability to explain the difference between the actual movements performed during multiple execution of the subject's signature, and conjecture that the most stable parts of the signature should play a paramount role in evaluating the similarity between a questioned signature and the reference ones during signature verification. We then introduce the Stability Modulated Dynamic Time Warping algorithm for incorporating the stability regions, i.e. the most similar parts between two signatures, into the distance measure between a pair of signatures computed by the Dynamic Time Warping for signature verification. Experiments were conducted on two datasets largely adopted for performance evaluation. Experimental results show that the proposed algorithm improves the performance of the baseline system and compares favourably with other top performing signature verification systems.

Computer Vision and Pattern Recognition,Artificial Intelligence