Masayuki Tezuka,Keisuke Tanaka

DOI: https://doi.org/10.1587/transfun.2020DMP0013

2022-02-20

Abstract:Redactable signature allows anyone to remove parts of a signed message without invalidating the signature. The need to prove the validity of digital documents issued by governments is increasing. When governments disclose documents, they must remove private information concerning individuals. Redactable signature is useful for such a situation. However, in most redactable signature schemes, to remove parts of the signed message, we need pieces of information for each part we want to remove. If a signed message consists of l elements, the number of elements in an original signature is at least linear in l. As far as we know, in some redactable signature schemes, the number of elements in an original signature is constant, regardless of the number of elements in a message to be signed. However, these constructions have drawbacks in that the use of the random oracle model or generic group model. In this paper, we construct an efficient redactable signature to overcome these drawbacks. Our redactable signature is obtained by combining set-commitment proposed in the recent work by Fuchsbauer et al. (JoC 2019) and digital signatures.

Cryptography and Security

Deepak Maram,Harjasleen Malvai,Fan Zhang,Nerla Jean-Louis,Alexander Frolov,Tyler Kell,Tyrone Lobban,Christine Moy,Ari Juels,Andrew Miller

DOI: https://doi.org/10.1109/SP40001.2021.00038

2021-01-01

Abstract:We present CanDID, a platform for practical, user-friendly realization of decentralized identity, the idea of empowering end users with management of their own credentials.While decentralized identity promises to give users greater control over their private data, it burdens users with management of private keys, creating a significant risk of key loss. Existing and proposed approaches also presum...

Hu Xiong,Songyang Wu,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1007/s11277-014-2106-3

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:As an important approach to resist the threat of key leakage, key insulated security allows secret keys to be periodically updated by using a physically-secure but computation-limited device. Recently, key insulated mechanism has been introduced into identity based (ID-based) signature to solve the key-leakage problem in ID-based signature scenarios. In this paper, we present two compact ID-based key-insulated signature schemes that try to minimize the total amount of message and signature. Compared with the up-to-date ID-based key-insulated signatures, our schemes enjoy the minimum net bandwidth and computation overhead. We also provide formal security proofs of our schemes under the Computational Diffie–Hellman assumption in the random oracle model. We focus on potential applications of our schemes to secret handshakes, but we believe they will find many other applications as well.

Dimitrios Kasimatis,Sam Grierson,William J. Buchanan,Chris Eckl,Pavlos Papadopoulos,Nikolaos Pitropakis,Craig Thomson,Baraq Ghaleb

DOI: https://doi.org/10.48550/arXiv.2403.05271

2024-03-08

Cryptography and Security

Abstract:Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification method. This allows users to identify themselves through digital signatures without revealing which public key they used. To this end, the study proposed a novel decentralised identity method showcased in a decentralised identifier-based architectural framework. Additionally, the investigation assesses the repercussions of employing this new method in the verification process, focusing specifically on privacy and security aspects. Although ring signatures are an established asset of cryptographic protocols, this paper seeks to leverage their capabilities in the evolving domain of digital identities.

L HARN,SB YANG

DOI: https://doi.org/10.1109/49.223877

IF: 16.4

1993-01-01

IEEE Journal on Selected Areas in Communications

Abstract:In 1984, A. Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he or she only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. The authors here propose three identity-based cryptographic schemes based on the discrete logarithm problem: the user identification scheme, the digital signature scheme, and the key distribution scheme. The schemes are based on the digital signature scheme of G.B. Agnew et al. (1990), which is reviewed.

Zhenpeng Liu,Lele Ren,Ruilin Li,Qiannan Liu,Yonggang Zhao

DOI: https://doi.org/10.1016/j.cose.2022.102858

2022-10-01

Abstract:More and more companies, institutions and organizations are choosing to put vast amounts of data on the cloud. However, applications such as multimedia office, e-government and e-health systems need to withhold some data in order to hide highly confidential information when uploading to the cloud. A new data integrity auditing scheme is proposed to protect the privacy information and share the data. The idea of sanitizable signature is used to sanitize the private data to protect the privacy and generate effective signatures to verify the integrity of the data. At the same time, the identity-based encryption auditing mechanism simplifies the complex certificate management and improves the audit efficiency. The stability of the scheme is verified by calculating the Computational Diffie-Hellman Problem (CDHP) and Discrete Logarithm Problem (DLP) in the stochastic prediction model. The performance of the proposed scheme is evaluated by simulation experiments, which proves that the proposed scheme is safe and effective.

computer science, information systems

李保红,牛慧芳,赵银亮

DOI: https://doi.org/10.3321/j.issn:0253-987x.2009.12.010

2009-01-01

Abstract:Aiming at the problem of fair exchange of digital signatures,a scheme of revocable concurrent signatures is proposed.In the step of signing,the signer chooses a piece of special information named keystone.The one-way function is then used to compute the keystone footprint,and then the encryption of the signer's public key is obtained by raising the keystone footprint to the power of his secret key.The keystone footprints are computed once more from the released keystones after the exchange of signatures,and each signer's public key is raised to the power of the keystone footprint.Then the identities of signers are recognized by comparing the results with the encryptions of the public keys produced in the step of signing,and the ambiguity of signatures can be revoked.Compared with traditional concurrent signatures schemes,the proposed scheme can avoid various attacks.Moreover,when a pair of revocable concurrent signatures is produced,only one keystone is required so that exchange protocols are simplified.It has been verified in a concrete construction that the proposed scheme is secure in the random oracle model under the decisional Diffie-Hellman assumption and the discrete logarithms assumption.

Yanli Ren,Dawu Gu

DOI: https://doi.org/10.1109/isdpe.2007.76

2007-01-01

Abstract:Identity based crypto system is a public key cryptosystem where the public key can be represented as an arbitrary string. However, an identity based signature scheme that is fully secure in the standard model with a tight reduction has not been proposed until now. In this paper, we propose an identity based signature scheme that is fully secure in the standard model and has several advantages-computational efficiency, short public parameters, and a tight security reduction. In many situations we want to enjoy confidentiality and authenticity simultaneously. A traditional approach to achieve this objective is to "sign-then-encrypt" this message, or we can employ special cryptographic scheme like signcryption. To the best of our knowledge, reference [15] proposes the only identity based signcryption scheme in the standard model. But its security proof is based on a weaker model-"sample-ID" model and the reduction is not tight. Combining an identity based encryption scheme, we also propose the first identity based signcryption scheme that is fully secure in the standard model with a tight reduction. Moreover, our signcryption scheme has public verifiability.

Guomin Yang,Duncan S. Wong,Xiaotie Deng,Huaxiong Wang

DOI: https://doi.org/10.1007/11745853_23

2006-01-01

Abstract:Digital signature is one of the most important primitives in public key cryptography. It provides authenticity, integrity and non- repudiation to many kinds of applications. On signer privacy however, it is generally unclear or suspicious of whether a signature scheme itself can guarantee the anonymity of the signer. In this paper, we give some armative answers to it. We formally define the signer anonymity for digital signature and propose some schemes of this type. We show that a signer anonymous signature scheme can be very useful by proposing a new anonymous key exchange protocol which allows a client Alice to establish a session key with a server Bob securely while keeping her iden- tity secret from eavesdroppers. In the protocol, the anonymity of Alice is already maintained when Alice sends her signature to Bob in clear, and no additional encapsulation or mechanism is needed for the signa- ture. We also propose a method of using anonymous signature to solve the collusion problem between organizers and reviewers of an anonymous paper review system.

Rui Shi,Huamin Feng,Yang Yang,Feng Yuan,Yingjiu Li,Hwee Hwa Pang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3280914

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Threshold attribute-based credentials are suitable for decentralized systems such as blockchains as such systems generally assume that authenticity, confidentiality, and availability can still be guaranteed in the presence of a threshold number of dishonest or faulty nodes. Coconut (NDSS'19) was the first selective disclosure attribute-based credentials scheme supporting threshold issuance. However, it does not support threshold tracing of user identities and threshold revocation of user credentials, which is desired for internal governance such as identity management, data auditing, and accountability. The communication and computation complexities of Coconut for verifying credentials are linear in the number of each user's attributes and thus costly. Addressing these issues, we propose a novel efficient threshold attribute-based anonymous credential scheme. While retaining all the features of Coconut, our scheme supports threshold tracing of user identities and threshold revocation of user credentials, and it significantly reduces the computational and communication complexities of credential verification. In addition, we prove that our scheme enjoys strong security features, including anonymity, blindness, traceability, and non-frameability.

computer science, information systems, software engineering

Haotian Cheng,Xiaofeng Li,He Zhao,Tong Zhou,Bin Yu,Nianzu Sheng

DOI: https://doi.org/10.1016/j.jisa.2024.103735

IF: 4.96

2024-03-09

Journal of Information Security and Applications

Abstract:The popularization of digital credentials brings convenience to people, but it also increases the risks of privacy leakage and capability abuse. Designing an accountable anonymous credential scheme offers a promising solution to this problem. However, most existing schemes of accountable anonymous credentials cannot effectively support both decentralized verification and flexible revocation. In this paper, we present S-Cred, an accountable anonymous credential scheme with decentralized verification and flexible revocation, to provide a delegation issuance method for credentials. The ownership of attributes will be transferred to users' temporary identities on the blockchain. In order to prevent credentials misuse, we also design several constraint mechanisms for tracing misbehaving users and revoking their credentials. We further construct a non-fungible obfuscation mechanism by introducing special roles called cloakers. In addition, this paper conducts analysis on security, functionality, efficiency and performance. The results show that S-Cred combines decentralized authentication and flexible revocation with a low computational cost in verification, which demonstrates the practicality of our solution.

computer science, information systems

Xun Sun,Jianhua Li,Hu Yin,Gongliang Chen

DOI: https://doi.org/10.15388/informatica.2010.276

2010-01-01

Informatica

Abstract:In 2007, Kancharla et al. proposed an identity-based strong designated verifier signature (IBSDVS) scheme based on bilinear pairings, and claimed it unforgeable and non-delegatable. However, in this paper, we show that this scheme is actually delegatable.

Taehoon Kim,Daehee Seo,Su-Hyun Kim,Im-Yeong Lee

DOI: https://doi.org/10.3390/s24072215

IF: 3.9

2024-03-30

Sensors

Abstract:Decentralized Identifiers have recently expanded into Internet of Things devices and are crucial in securing users' digital identities and data. However, Decentralized Identifiers face challenges in scenarios necessitating authority delegation and anonymity, such as when dealing with legal guardianship for minors, device loss or damage, and specific medical contexts involving patient information. This paper aims to strengthen data sovereignty within the Decentralized Identifier system by implementing a secure authority delegation and anonymity scheme. It suggests optimizing verifiable presentations by utilizing a sequential aggregate signature, a Non-Interactive Zero-Knowledge Proof, and a Merkle tree to prevent against linkage and Sybil attacks while facilitating delegation. This strategy mitigates security risks related to delegation and anonymity, efficiently reduces the computational and verification efforts for signatures, and reduces the size of verifiable presentations by about 1.2 to 2 times.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Andrew C. Yao,Yunlei Zhao

2012-01-01

Abstract:Digital signature is one of the basic primitives in cryptography. A common paradigm of obtaining signatures, known as the Fiat-Shamir (FS) paradigm, is to collapse any Σ-protocol (which is 3-round public-coin honest-verifier zero-knowledge) into a non-interactive scheme with hash functions that are modeled to be random oracles (RO). The Digital Signature Standard (DSS) and Schnorr’s signature schemes are two salient examples following the FS-paradigm. In this work, we present a modified Fiat-Shamir paradigm, named challenge-divided Fiat-Shamir paradigm, which is applicable to a variant of Σ-protocol with divided random challenges. This new paradigm yields a new family of (online/offline efficient) digital signatures from challenge-divided Σ-protocols, including in particular a variant of Schnorr’s signature scheme called challenge-divided Schnorr signature. We then present a formal analysis of the challenge-divided Schnorr signature in the random oracle model. Finally, we give comparisons between the challenge-divided Schnorr signature and DSS and Schnorr’s signature, showing that the newly developed challenge-divided Schnorr signature can enjoy better (online/offline) efficiency (besides provable security in the random oracle model). Of independent interest is a new forking lemma, referred to as divided forking lemma, for dealing with multiple ordered rewinding points in the RO model, which is of independent interest and can be applied to analyzing other cryptographic schemes in the RO model.

Shuang Hu,Renjun Zhang,Fuqun Wang,Kefei Chen,Bin Lian,Gongliang Chen

DOI: https://doi.org/10.1016/j.jisa.2022.103371

IF: 4.96

2022-01-01

Journal of Information Security and Applications

Abstract:Sanitizable signcryption adds sanitization functionality to signcryption, such that a delegated sanitizer can modify a signcryptext and still derive a valid signcryptext without cooperation of the original sender. Sanitizable signcryption is useful for data sharing with authentication and access control. Existing sanitizable signcryption scheme cannot achieve public verifiability, which can prevent malicious senders or sanitizers from cheating the receivers. In order to realize public verifiability, we propose a new composition method called "Encrypt-then-Commit-then-Sign (EtCtS)". In particular, our method carefully embeds a key-exposure free chameleon hash function (also known as trapdoor commitment) between encryption and signing operations. Accordingly, we convert the sanitization operation into finding collisions in the key-exposure free chameleon hash function using the trapdoor key, and after sanitization the plaintext is still confidential to the sanitizer. Based on the EtCtS method, we construct the first sanitizable signcryption scheme that is public verifiable. We give a rigorous security proof of our scheme in the random oracle model. We also provide an implementation of our scheme for performance analysis.

Jinhua Ma,Shengmin Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/TIFS.2022.3156808

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Immutability has been widely accepted as a fundamental property protecting the security of blockchain technology. However, this property impedes the development of blockchain because of the abuse of blockchain storage and legal obligations. To mitigate this issue, a novel construction of blockchain, called redactable blockchain, was introduced. It enables a central authority to issue the rewriting privilege to a particular party who can rewrite a registered object, e.g., a block or a transaction, in a controlled way. Unfortunately, the central authority must be fully trusted and is an obvious target suffering from various attacks. In this paper, we introduce a redactable blockchain controlled at a fine-grained level in a decentralized setting. In our solution, the rewriting privilege is issued by multiple authorities for reducing the vulnerability of the centralized setting. To formalize our solution, we introduce a novel cryptographic notion, called decentralized policy-based chameleon hash (DPCH), with the formal definition and security model. By applying several simple cryptographic tools, such as chameleon hash, digital signature, and multi-authority attribute-based encryption, we present the generic construction of DPCH along with rigorous security proofs. By applying RSA-based chameleon hash and BLS short signature, we give a practical instantiation of DPCH with performance evaluation. The comprehensive evaluation shows that our solution has superior performance than the state-of-the-art solution.

秦志光,廖永建

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.05.033

2009-01-01

Abstract:Compared with ordinary digital signature,the designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party.In designated verifier signature scheme,no third party can even verify the validity of a designated verifier signature since it must use the designated verifier's secret key in verification.Recently,an ID-based strong designated verifier scheme,ID-based designated verifier proxy signature scheme,and partial cryptanalysis ware proposed.In this paper,we show that the designated verifier signature scheme is delegatable,and the designated verifier proxy signature is forgeable since construction of the proxy scheme is unreasonable.

Yang Liu,Debiao He,Qi Feng,Min Luo,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tifs.2023.3274435

IF: 7.231

2023-05-26

IEEE Transactions on Information Forensics and Security

Abstract:The anonymous credential has broad-ranging applications, for example for the pay-as-you-go strategy in the electronic subscription. However, the 'plain vanilla' pay-as-you-go strategy may not be suitable for non-regular users since the latter group is likely to require a tighter identity supervision mechanism. We also note that a key building block in the construction of an anonymous credential system is identity supervision. Since identity supervision is more than revocation, the approach to regulating user behavior needs to be both reasonable and practical. In a situation where the user is allowed to control their own identities, the latter approach could be more flexible compared to the revocation. There are existing works about the limitation on the k-times or epochs. However, due to the weaknesses of these single restrictions, the combination of the customized k-times and epochs is necessary and remains to be done. In this paper, we present a permissioned redactable credentials scheme, which allows fine-grained supervision, user control, and user redaction. In our approach, we choose times and epochs as the regulation dimensions, which limits users invoke the credential show method for customized times in each epoch determined by the certificate authority. The users could also redact their credentials to realize selective disclosure. We then evaluate the proposed scheme's performance and present a comparative summary to demonstrate potential utility.

computer science, theory & methods,engineering, electrical & electronic

Denis Roio,Alberto Ibrisevic,Andrea D'Intino

DOI: https://doi.org/10.48550/arXiv.2105.14527

2021-05-30

Cryptography and Security

Abstract:Reflow is a novel signature scheme supporting unlinkable signatures by multiple parties authenticated by means of zero-knowledge credentials. Reflow integrates with blockchains and graph databases to ensure confidentiality and authenticity of signatures made by disposable identities that can be verified even when credential issuing authorities are offline. We implement and evaluate Reflow smart contracts for Zenroom and present an application to produce authenticated material passports for resource-event-agent accounting systems based on graph data structures. Reflow uses short and computationally efficient authentication credentials and can easily scale signatures to include thousands of participants.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science