Andrew Chi-Chih Yao,Yunlei Zhao

DOI: https://doi.org/10.1109/tifs.2012.2232653

IF: 7.231

2012-01-01

IEEE Transactions on Information Forensics and Security

Abstract:When digital signature is applied on low-power devices, like smart cards, wireless sensors and RFID tags, some specific properties, e.g., better offline storage, more modular and flexible deployment, are desired. To meet these needs, a new variant of the Fiat-Shamir transformation for digital signatures, referred to as Γ -transformation, is introduced and formalized in this work. Following this new transformation approach, some new signature schemes (referred to as Γ-signatures) are presented and discussed. In particular, it is shown that the Γ-signatures for discrete logarithm problem (DLP) developed in this work combine, in essence, the advantages of both Schnorr's signature and the digital signature standard (DSS), while saving from the disadvantages of them both.

Zongyang Zhang,Yu Chen,Sherman S. M. Chow,Goichiro Hanaoka,Zhenfu Cao,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-319-26059-4_24

2015-01-01

Abstract:A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle RO model. The work of Fischlin and Fleischhacker Eurocrypt﾿'13 investigated the case of Schnorr signature and generally, Fiat-Shamir signatures and showed the reliance of RO model is inherent. We generalize their results to a large class of \"malleable\" hash-and-sign signatures, where one can efficiently \"maul\"any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys. We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a one-more cryptographic problem depending on the signature instantiation. Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers $$\\Gamma $$-signature Yao and Zhao, IEEE Transactions on Information Forensics and Security﾿'13, and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

Lior Rotem,Gil Segev

DOI: https://doi.org/10.1007/s00145-024-09506-5

2024-06-08

Journal of Cryptology

Abstract:The Schnorr identification and signature schemes have been among the most influential cryptographic protocols of the past 3 decades. Unfortunately, although the best-known attacks on these two schemes are via discrete logarithm computation, the known approaches for basing their security on the hardness of the discrete logarithm problem encounter the "square-root barrier." In particular, in any group of order p where Shoup's generic hardness result for the discrete logarithm problem is believed to hold (and is thus used for setting concrete security parameters), the best-known t -time attacks on the Schnorr identification and signature schemes have success probability , whereas existing proofs of security only rule out attacks with success probabilities and , respectively, where denotes the number of random oracle queries issued by the attacker. We establish tighter security guarantees for identification and signature schemes which result from -protocols with special soundness based on the hardness of their underlying relation, and in particular for Schnorr's schemes based on the hardness of the discrete logarithm problem. We circumvent the square-root barrier by introducing a high-moment generalization of the classic forking lemma, relying on the assumption that the underlying relation is " d -moment hard": The success probability of any algorithm in the task of producing a witness for a random instance is dominated by the d th moment of the algorithm's running time. In the concrete context of the discrete logarithm problem, already Shoup's original proof shows that the discrete logarithm problem is 2-moment hard in the generic group model, and thus, our assumption can be viewed as a highly plausible strengthening of the discrete logarithm assumption in any group where no better-than-generic algorithms are currently known. Applying our high-moment forking lemma in this context shows that, assuming the 2-moment hardness of the discrete logarithm problem, any t -time attacker breaks the security of the Schnorr identification and signature schemes with probabilities at most and , respectively.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Zhoujun Ma,Li Yang,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-319-49151-6_7

2016-01-01

Abstract:Digital signature is fundamental to information security. Today many signature schemes based on discrete logarithm problem (DLP), including Schnorr, DSA and their variants, have been standardized and widely used. In this work, we review and make a comparative study on the DLP-based schemes included in some standard documents such as ISO/IEC 14888-3 and ISO-11889. We find some disadvantages of these standardized schemes in efficiency, security and usage, which shows that further improvement on digital signatures is still possible.In this work, we present a new G-protocol (an extension of Sigma-protocol), and transform this protocol into a concrete signature scheme (referred to as EC-CDSA) based on elliptic curve groups. We show that our EC-CDSA scheme combines, in essence, the advantages of the current standardized signature schemes based on DLP, while saving from or alleviating the disadvantages of them all.

Guilin Wang,Fubiao Xia,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-25516-8_28

2011-01-01

Abstract:After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer . If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification , in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analyzed in generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.

Leila Zahhafi,Omar Khadir

DOI: https://doi.org/10.48550/arXiv.2101.09494

2021-01-23

Cryptography and Security

Abstract:In this paper we propose a new digital signature protocol inspired by the DSA algorithm. The security and the complexity are analyzed. Our method constitutes an alternative if the classical scheme DSA is broken.

Christopher Battarbee,Delaram Kahrobaei,Ludovic Perret,Siamak F. Shahandashti

2023-06-27

Abstract:In this paper, we present a new diverse class of post-quantum group-based Digital Signature Schemes (DSS). The approach is significantly different from previous examples of group-based digital signatures and adopts the framework of group action-based cryptography: we show that each finite group defines a group action relative to the semidirect product of the group by its automorphism group, and give security bounds on the resulting signature scheme in terms of the group-theoretic computational problem known as the Semidirect Discrete Logarithm Problem (SDLP). Crucially, we make progress towards being able to efficiently compute the novel group action, and give an example of a parameterised family of groups for which the group action can be computed for any parameters, thereby negating the need for expensive offline computation or inclusion of redundancy required in other schemes of this type.

Cryptography and Security

Yanbo Chen,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-031-17146-8_19

2022-01-01

Abstract:An aggregate signature (AS) scheme allows an unspecified aggregator to compress many signatures into a short aggregation. AS schemes can save storage costs and accelerate verification. They are desirable for applications where many signatures need to be stored, transferred, or verified together, including blockchain systems, sensor networks, certificate chains, network routing, etc. However, constructing AS schemes based on general groups, only requiring the hardness of the discrete logarithm problem, is quite tricky and has been a long-standing research question. Recently, Chalkias et al. [6] proposed a half-aggregate scheme for Schnorr signatures. We observe the scheme lacks a tight security proof and does not well support incremental aggregation, i.e., adding more signatures into a pre-existing aggregation. This work's contributions are threefold. We first give a tight security proof for the scheme in [6] in the ROM and the algebraic group model (AGM). Second, we provide a new half-aggregate scheme for Schnorr signatures that perfectly supports incremental aggregation, whose security also tightly reduces to Schnorr's security in the AGM+ROM. Third, we present a Schnorr-based sequential aggregate signature (SAS) scheme that is tightly secure as Schnorr signature scheme in the ROM (without the AGM). Our work may pave the way for applying Schnorr aggregation in real-world cryptographic applications.

Manoj Kumar

DOI: https://doi.org/10.48550/arXiv.cs/0501010

2005-01-07

Abstract:In this thesis, we propose some directed signature schemes. In addition, we have discussed their applications in different situations. In this thesis, we would like to discuss the security aspects during the design process of the proposed directed digital signature schemes. The security of the most digital signature schemes widely use in practice is based on the two difficult problems, viz; the problem of factoring integers (The RSA scheme) and the problem of finding discrete logarithms over finite fields (The ElGamal scheme). The proposed works in this thesis is divided into seven chapters.

Cryptography and Security

Xin Lv,Feng Xu,Ping Ping,Xuan Liu,Huaizhi Su

DOI: https://doi.org/10.1109/DCABES.2015.48

2015-01-01

Abstract:Ring signatures enable a user to sign a message so that a ring of possible signers is identified, without revealing exactly which member of that ring actually generated the signature. In some situations, however, an actual signer may possibly want to expose himself, for instance, if doing so, he will acquire an enormous benefit. In this paper, a signature scheme with designated verifiability based on Schnorr ring signature is proposed. The scheme provides a confirmation procedure, in which the real signer is able to convince a designated party that he is the one who generates the signature. The confirming procedure involves an interactive Zero-Knowledge proof protocol, which is non-transferable, and it only can be triggered by the signer. Based on the intractability of Discrete Logarithm Problem (DLP), the scheme is existentially unforgeable under adaptive-chosen message attack in the random oracle model.

Jun-Rui Wang,Xing Xie,Yu-Chi Chen

DOI: https://doi.org/10.6688/JISE.20220938(5).0011

2022-01-01

Journal of information science and engineering

Abstract:Designated verifier signature (DVS) is a variant of digital signature which can desig-nate a verifier to verify signatures. The key difference between message authentication code and DVS is that there is no initial and shared key in DVS. In this paper, we propose a new generic construction of DVS from standard cryptographic algorithms. Our DVS construc-tion is very modular and composed of a few fundamentally cryptographic primitives (i.e., message authentication code, public key encryption and collision resistant hash). Based on the DVS construction, we can also obtain a generic construction of threshold designated verifier signature with only slight modification.

Fengxia Liu,Zhiyong Zheng,Zixian Gong,Kun Tian,Yi Zhang,Zhe Hu,Jia Li,Qun Xu

DOI: https://doi.org/10.1186/s42400-023-00198-1

2024-04-04

Abstract:Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation, rich mathematical foundation and worst-case security, and also an important tool for constructing cryptography. This survey explores lattice-based digital signatures, a promising post-quantum resistant alternative to traditional schemes relying on factoring or discrete logarithm problems, which face increasing risks from quantum computing. The study covers conventional paradigms like Hash-and-Sign and Fiat-Shamir, as well as specialized applications including group, ring, blind, and proxy signatures. It analyzes the versatility and security strengths of lattice-based schemes, providing practical insights. Each chapter summarizes advancements in schemes, identifying emerging trends. We also pinpoint future directions to deploy lattice-based digital signatures including quantum cryptography.

Jiale Chen,Dima Grigoriev,Vladimir Shpilrain

2023-12-21

Abstract:We offer two very transparent digital signature schemes: one using non-square matrices and the other using scrap automorphisms. The former can be easily converted to a public key encryption scheme.

Cryptography and Security,Rings and Algebras

Farzin Renan,Péter Kutas

2024-04-24

Abstract:Adaptor signatures can be viewed as a generalized form of the standard digital signature schemes where a secret randomness is hidden within a signature. Adaptor signatures are a recent cryptographic primitive and are becoming an important tool for blockchain applications such as cryptocurrencies to reduce on-chain costs, improve fungibility, and contribute to off-chain forms of payment in payment-channel networks, payment-channel hubs, and atomic swaps. However, currently used adaptor signature constructions are vulnerable to quantum adversaries due to Shor's algorithm. In this work, we introduce $\mathsf{SQIAsignHD}$, a new quantum-resistant adaptor signature scheme based on isogenies of supersingular elliptic curves, using SQIsignHD - as the underlying signature scheme - and exploiting the idea of the artificial orientation on the supersingular isogeny Diffie-Hellman key exchange protocol, SIDH, as the underlying hard relation. We, furthermore, show that our scheme is secure in the Quantum Random Oracle Model (QROM).

Cryptography and Security

Bing-Hong Li,Yuan-Mei Xie,Xiao-Yu Cao,Chen-Long Li,Yao Fu,Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.1103/PhysRevApplied.20.044011

2023-10-05

Abstract:Quantum digital signatures (QDS), generating correlated bit strings among three remote parties for signatures through quantum law, can guarantee non-repudiation, authenticity, and integrity of messages. Recently, one-time universal hashing QDS framework, exploiting the quantum asymmetric encryption and universal hash functions, has been proposed to significantly improve the signature rate and ensure unconditional security by directly signing the hash value of long messages. However, similar to quantum key distribution, this framework utilizes keys with perfect secrecy by performing privacy amplification that introduces cumbersome matrix operations, thereby consuming large computational resources, causing delays and increasing failure probability. Here, we prove that, different from private communication, imperfect quantum keys with limited information leakage can be used for digital signatures and authentication without compromising the security while having eight orders of magnitude improvement on signature rate for signing a megabit message compared with conventional single-bit schemes. This study significantly reduces the delay for data postprocessing and is compatible with any quantum key generation protocols. In our simulation, taking two-photon twin-field key generation protocol as an example, QDS can be practically implemented over a fiber distance of 650 km between the signer and receiver. For the first time, this study offers a cryptographic application of quantum keys with imperfect secrecy and paves a way for the practical and agile implementation of digital signatures in a future quantum network.

Quantum Physics,Cryptography and Security

Hua-Lei Yin,Yao Fu,Chen-Long Li,Chen-Xun Weng,Bing-Hong Li,Jie Gu,Yu-Shuo Lu,Shan Huang,Zeng-Bing Chen

DOI: https://doi.org/10.1093/nsr/nwac228

IF: 20.6

2022-10-22

National Science Review

Abstract:Abstract Cryptography promises four information security objectives, namely, confidentiality, integrity, authenticity, and non-repudiation, to support trillions of transactions annually in digital economy. Efficient digital signatures, ensuring integrity, authenticity, and non-repudiation of data with information-theoretical security are highly urgent and intractable open problems in cryptography. Here, we propose a high-efficiency quantum digital signature (QDS) protocol using asymmetric quantum keys acquired via secret sharing, one-time universal2 hashing, and one-time pad. We just need to use a 384-bit key to sign documents of up to 264 lengths with a security bound of 10−19. If one-megabit document is signed, the signature efficiency is improved by more than 108 times compared with previous QDS protocols. Furthermore, we build the first all-in-one quantum secure network integrating information-theoretically secure communication, digital signatures, secret sharing, and conference key agreement and experimentally demonstrate this signature efficiency advantage. Our work completes the cryptography toolbox of the four information security objectives.

multidisciplinary sciences

Mengqi Feng,Chao Lin,Wei Wu,Debiao He

DOI: https://doi.org/10.1016/j.csi.2023.103763

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:As an equivalent of a handwritten signature, digital signature can resist against information tampering and identity impersonation during digital communication, but it fails to meet the specific anonymity requirement in circumstances like voting, credit reporting, and whistle-blowing. Ring signature was introduced as a special digital signature to further achieve anonymity, and classical schemes constructed from single ring were faced with linearly increasing size. In CRYPTO 2021, Yuen et al. proposed a novel construction paradigm (namely, DualRing) for reaping logarithmic-sized ring signature. Existing DualRing-based ring signature schemes are based on its supported Type-T standard signature algorithms (Three-move type, e.g. Schnorr signature). In this paper, we are motivated to seek a SM2-based ring signature scheme upon the DualRing technology, among which the SM2 digital signature is widely adopted as an international standard but not with a Type-T architecture. Therefore, we first transform the SM2 digital signature into Type-T and integrate DualRing with the variant of the SM2 digital signature. After that, we prove the unforgeability and anonymity of our schemes, together with proposing optimized and linkable schemes. Finally, we put our schemes into practice to display their performance in communication and computation costs.

computer science, software engineering, hardware & architecture

Huang Xiu-Ju,Li Zhen-Zhen,Li Zi-Chen

DOI: https://doi.org/10.1007/s10773-022-05171-1

2022-01-01

International Journal of Theoretical Physics

Abstract:Characterized by integrity and non-repudiation, digital signatures play an essential role in real life. Quantum digital signatures, which outperform classical types generally in safety, have been widely used in secure communications. In this paper, a novel quantum signature scheme based on quantum encryption, XOR encryption and secret sharing without entanglement is designed. Furthermore, it can be extended to a quantum multi-signature scheme. Unlike existing schemes, it is more efficient in guaranteeing safety, more practical and does not need to prepare a large number of entanglements or operations.

Guomin Yang,Duncan S. Wong,Xiaotie Deng,Huaxiong Wang

DOI: https://doi.org/10.1007/11745853_23

2006-01-01

Abstract:Digital signature is one of the most important primitives in public key cryptography. It provides authenticity, integrity and non- repudiation to many kinds of applications. On signer privacy however, it is generally unclear or suspicious of whether a signature scheme itself can guarantee the anonymity of the signer. In this paper, we give some armative answers to it. We formally define the signer anonymity for digital signature and propose some schemes of this type. We show that a signer anonymous signature scheme can be very useful by proposing a new anonymous key exchange protocol which allows a client Alice to establish a session key with a server Bob securely while keeping her iden- tity secret from eavesdroppers. In the protocol, the anonymity of Alice is already maintained when Alice sends her signature to Bob in clear, and no additional encapsulation or mechanism is needed for the signa- ture. We also propose a method of using anonymous signature to solve the collusion problem between organizers and reviewers of an anonymous paper review system.

Yingjie Xia,Xuejiao Liu,Fubiao Xia,Guilin Wang

DOI: https://doi.org/10.1016/j.tcs.2015.12.025

IF: 1.002

2016-01-01

Theoretical Computer Science

Abstract:Since the invention of designated confirmer signatures (DCS), a number of schemes with various properties and different underlying mathematical problems have been developed. Although a considerable amount of work has been dedicated to the design of DCS schemes, the confusions of the security notions in the existing DCS models have not been formally discussed and clarified to achieve a proper level of confirmer's security. In order to achieve provable security, we propose a reduced security model and prove that a DCS cryptosystem only requires transcript-simulatability or alternatively invisibility plus non-transferability from a modelling perspective. Accompanied by the reduced DCS model, a generic DCS scheme is also constructed that still retains the feature of full verification, i.e., either the signer or the confirmer can interactively verify arbitrary signatures by providing a convincing proof. Our proposed scheme employs a computationally binding commitment scheme, together with an IND-CCA2 secure public encryption scheme, to achieve a provable security in the standard model. Meanwhile, we present an efficient concrete instantiation by using BLS signatures, CS-Paillier encryption scheme with labels, and Perdesen commitment scheme.