Wen PANG,Jun-sheng WU

DOI: https://doi.org/10.3969/j.issn.1671-654X.2006.02.035

2006-01-01

Abstract:RSA is the most widely used arithmetic in the field of digital signature at present.Giving a detailed account of the arith-principle and arithmetic process of RSA,analyzed the leak and defect on the aspect of security matter,and formulated a series suggestion on the safety concern of how to enhancing the parameter selective program and avoiding attacked solution.Finally,the developing tend of RSA is prospected.

Chenchen Zhang,Yuan Luo,Guangtao Xue

DOI: https://doi.org/10.1016/j.ins.2016.05.008

IF: 8.1

2016-01-01

Information Sciences

Abstract:There have been many ways to construct a threshold cryptosystem. Most often they are constructed by combining original public encryption schemes with some methods such as Shamir's secret sharing. In this paper a new threshold cryptosystem based on RSA is presented, which is constructed by several RSA instances with chosen moduli and private keys. In fact, by computing the common private keys of some individual RSA instances and modifying the moduli, we combine those RSA instances and get a new threshold cryptosystem (hereinafter called combined RSA for simplification). First, it is proved that this system has similar security properties to the CRT-based (Chinese remainder theorem) threshold RSA while being convenient to implement, i.e., it only needs modular multiplication once to encrypt or decrypt respectively. Although the new system has the same security strength as the CRT-based RSA theoretically, it will provide fewer opportunities for adversaries in practical applications as there is only one step for encryption or decryption. Second, for complexity, as plain RSA is efficient, the combined RSA is also practical in computation. Therefore, if a plain RSA user wants to develop threshold decryption or threshold signature more conveniently and more securely, the combined RSA would be suitable. Finally, an application of the combined RSA is provided in this paper to realize distributed data access control with collusion-resistance.

Xuan Hong,Ke-fei Chen,Yu Long

DOI: https://doi.org/10.1007/s12204-008-0659-6

2008-01-01

Abstract:Recently some efforts were made towards capturing the security requirements within the composable security framework. This modeling has some significant advantages in designing and analyzing complex systems. The threshold signature was discussed and a definition was given based on the universal composability framework, which is proved to be equivalent to the standard security definition. Furthermore, a simple, efficient and proactive threshold RSA signature protocol was presented. It is proved to be correct, consistent and unforgeable relative to the environment that at most t − 1 parties are corrupted in each proactive stage. It is also secure under the universal composability framework. It is a UC based security and is proved to be equivalent to the standard security.

Fengying Li,Qingshui Xue,Zhenfu Cao

DOI: https://doi.org/10.1109/itng.2007.61

2007-01-01

Abstract:In a (t,n) threshold proxy signature scheme, an original signer delegates a group of n proxy signers to sign messages on behalf of him or her. When the proxy signature is created, t or more proxy signers cooperate to generate valid proxy signatures and any less than t proxy signers can't cooperatively produce valid proxy signatures. In 2003, Hwang et al. proposed a practical threshold proxy signature scheme (HLL-scheme) which is based on RSA crypto system for the first time. In 2004, Wang et al. had provided some comments on HLL-scheme. They showed that some mistakes of equations had made HLL-scheme become insecure. Moreover, in 2005, Kuo and Chen also showed two security weaknesses in Hwang et al.'s scheme: one is similar to RSA reblocking problem and the other is that the value of Li is not clearly defined. In addition, to overcome the second shortcoming of HLL-scheme, Kuo and Chen also provided a modified threshold proxy signature scheme (KC-scheme) based on HLL-scheme. By observation, we find that KC-scheme cannot still work. In other words, in KC-scheme, the value of Li cannot still be worked out, as makes KC-scheme not workable. To design a workable threshold proxy signature scheme, based on KC-scheme, an improved scheme is proposed

Yu Long,Xiang-xue Li,Ke-fei Chen,Xuan Hong

DOI: https://doi.org/10.1007/s12204-009-0102-7

2009-01-01

Abstract:This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti’s adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.

Jiang Lei,Liu Shengli,Chen Kefei

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.01.001

2009-01-01

Abstract:The security of fail-stop signature schemes does not rely on assumption of computational power of forger.Fail-stop signature schemes provide security even if a forger possesses unlimited computation power by enabling the sender to provide a proof on forgery if it occurs.Currently the study of fail-stop signature based on RSA has been mature.We construct a new threshold fail-stop signature scheme based on it and provide security analysis of the scheme.Our scheme is based on a provably secure RSA fail-stop signature scheme with the advantage of cheater detection(verification of partial signatures) and efficient proof of forgery.

Cao Zhenfu,Zhu Haojin,Lu Rongxing

DOI: https://doi.org/10.1007/s11432-006-2013-7

2006-01-01

Abstract:Threshold digital signature and blind signature are playing important roles in cryptography as well as in practical applications such as e-cash and e-voting systems. Over the past few years, many cryptographic researchers have made considerable headway in this field. However, to our knowledge, most of existing threshold blind signature schemes are based on the discrete logarithm problem. In this paper, we propose a new robust threshold partial blind signature scheme based on improved RSA cryptosystem. This scheme is the first threshold partial blind signature scheme based on factoring, and the robustness of threshold partial blind signature is also introduced. Moreover, in practical application, the proposed scheme will be especially suitable for blind signature-based voting systems with multiple administrators and secure electronic cash systems to prevent their abuse.

QS Xue,ZF Cao,FL Tang

2004-01-01

Abstract:The proxy signature scheme, a variation of ordinary digital signature schemes, enables a proxy signer to sign messages on behalf of the original signer. In a (t, n) threshold proxy signature scheme, the original signer authorizes a proxy group with n proxy members. Only the cooperation of I or more proxy members is allowed to generate the proxy signature. Former threshold proxy signature schemes are all based on the difficulty of discrete logarithm. In 2003, for the first time, Hwang et al proposed a practical (t,n) threshold proxy signature scheme based on the difficulty of factoring the RSA modulus. By our observation, their scheme can't provide the properties of proxy protection, strong unforgeability, strong nonrepudiation, strong identifiability and known signers. To overcome their drawbacks, based on their scheme, we propose an improved version. The improved scheme provides the properties of not only proxy protection, strong unforgeability, strong identiflability and strong nonrepudiation, but also known signers.

F. Li,C. Xu,S. Zhou

DOI: https://doi.org/10.1080/1206212x.2008.11441915

2008-01-01

International Journal of Computers and Applications

Abstract:In 2005, Ma et al. proposed an efficient and proactive threshold signcryption scheme. They defined some security models with regard to the threshold signcryption versions of confidentiality, existential unforgeability and robustness. They claimed that their scheme is secure under these models. In this paper, we show that their scheme cannot achieve the claimed existential unforgeability by demonstrating an insider attack. We further propose an improved scheme that overcomes the weakness of the Ma et al.'s scheme.

Changshe Ma,Kefei Chen,Dong Zheng,Shengli Liu

DOI: https://doi.org/10.1007/11556992_17

2005-01-01

Abstract:To make the system more secure and robust, threshold schemes are proposed to avoid single point failure. At the same time, there are more and more applications which utilize the two basic blocks encryption and digital signature to secure message delivery (such as SSL, SSH). Combining the three tools organically leads to an interesting security tool termed as threshold signcryption which can be used in distributed systems especially the mobile networks. In this paper, we present an efficient threshold signcryption scheme. The scheme is designed for an asynchronous network model which may better present practical distributed systems, especially Internet or mobile ad hoc networks. In order to resist mobile attacks, we add proactive property to our scheme. To the best of our knowledge, the proposed scheme is the first threshold signcryption scheme which is noninteractive, proactive and provably secure and works on asynchronous network models.

Wei Yuan,Liang Hu,Hongtu Li,Jianfeng Chu

DOI: https://doi.org/10.4304/jcp.7.6.1345-1352

2011-01-01

Abstract:Signcryption can realize the function of encryption and signature in a reasonable logic step, which can lower computational costs and communication overheads. In 2008, Fagen Li et al. proposed an efficient secure id-based threshold signcryption scheme. The authors declared that their scheme had the attributes of confidentiality and unforgeability in the random oracle model. In this paper, we show that scheme is insecure against malicious attackers and give our attacker method to forge the ciphertext. Following our method, any malicious attacker can forge a valid message in their scheme. Further, we propose a probably-secure improved scheme to correct the vulnerable and give the unforgeability and confidentiality of our improved scheme under the existing security assumption.

Wei Gao,Zhenyou Wang,Fei Li,Li'e Chen

DOI: https://doi.org/10.1109/cis.2009.40

2009-01-01

Abstract:We present a robust threshold signature scheme which is provably secure without random oracles under the computational Diffie-Hellman assumption. Our construction derives from a novel application of the recent signature scheme due to Waters. Compared with Wang et al.'s threshold signature scheme without random oracles, the signing procedure of our scheme is much more efficient in terms of communication and computation. In fact, our threshold signature scheme's efficiency is comparable to Boldyreva's threshold signature scheme which is provably secure in the random oracle model (ROM).

ZHANG Jianzhong,XIE Junqin

DOI: https://doi.org/10.3778/j.issn.1002-8331.1205-0088

2013-01-01

Abstract:An improved threshold signature scheme is proposed to overcome the weakness of Cai et al's scheme.The security of this scheme is analyzed.The results show that the improved scheme can not only resist conspiracy attacks and forgery attacks essentially,but also protect the personal broadcasted information with applying message recovery equation.In addition,it can realize the computing ability of group's public key by constructing a secure distributed key generation protocol.As a result,the improved scheme is securer than the former schemes.

Wu Chunhui,Chen Xiaofeng,Long Dongyang

2009-01-01

Abstract:It seems that all existing on-line/off-line (threshold) signature schemes based on Shamir-Tauman's paradigm suffer from the key exposure problem of chameleon hashing. In this paper, we firstly propose a new efficient generic on-line/off-line threshold signature scheme without key exposure. Compared with Crutchfield et al.'s scheme, the advantages of our scheme are the lower computation and storage cost in off-line phase and lower communication cost in on-line phase. Meanwhile, we prove our scheme can achieve the desired security notions.

Shao Jun,Lu Rong-xing,Cao Zhen-fu

DOI: https://doi.org/10.1007/bf02828665

2005-01-01

Abstract:To prevent active attack, we propose a new threshold signature scheme using self-certified public keys, which makes use of hash function and discrete logarithm problem. The scheme has less commutnication and computation cost than previous schemes. Furthermore, the signature process of the proposed scheme is non-interative.

Yuanju Gan,Licheng Wang,Jianhua Yan,Yixian Yang

DOI: https://doi.org/10.4304/jsw.8.5.1245-1253

2013-01-01

Journal of Software

Abstract:Most threshold key encapsulation mechanisms (KEM) have been studied in a weak model–static corruption model or random oracle model. In this paper, we propose a threshold KEM scheme with provable security based on the bilinear groups of composite order in the standard model. We use a direct construction from Boyen-Mei-Waters’ KEM scheme and Libert and Yung’s threshold decryption scheme to obtain a threshold KEM scheme that can withstand adaptive chosen ciphertext attacks (CCA) and adaptive corruption attacks. However, to achieve a higher security level, our construction does not increase overall additional size of ciphertext compare to other schemes.

Shaohua Tang

2004-01-01

Journal of Information and Computational Science

Abstract:A new secret sharing and a new threshold RSA signature scheme are presented. The secret sharing scheme is characterized by fast computation as well as simple and secure operations, since only simple addition and union operations are adopted in this algorithm. The secret is divided into N pieces, and each piece is delivered to each different participant. Any K or greater than K participants out of N can reconstruct the secret, but any (M-1) or less than (M-1) participants would fail to recover the secret, where M = ⌈N/(N-K+1)⌉. This secret sharing scheme is applied to digital signature to construct a new threshold RSA signature. Each participant should calculate the partial signature for the message by using its own piece of shadow. Any K or greater than K participants out of N can combine each partial signature to form a complete signature for the message. But any (M-1) or less than (M-1) participants would fail to calculate the complete signature. During the phases of partial signature generation and partial signature combination, the RSA private key is never reconstructed and each participant's partial secret (shadow) is not necessary to expose to others, thus the secret of the RSA private key will not be exposed. Two schemes possess the security of threshold cryptography.

WANG Ding,WANG Ping,LEI Ming

DOI: https://doi.org/10.3969/j.issn.0372-2112.2015.01.028

2015-01-01

Abstract:It remains an open problem to design a secure and efficient RSA-based password-authenticated key exchange (PAKE )protocol in the areas of cryptography .In 2011 ,Wei proposed the first provably secure gateway-oriented PAKE protocol us-ing RSA ,and claimed that the protocol is provably secure in the random oracle model based on the intractability of the integer fac-torization problem .However ,in this short paper ,we point out that an adversary can launch the separation attack on their protocol by exploiting the oracle service unwittingly provided by the server ,and a user’s password can thus be guessed just after tens of mali-cious sessions .Our cryptanalysis result invalidates Wei’s claim that their protocol can achieve the security goal of password protec-tion ,and highlights the damaging threat that separation attack poses to RSA-based PAKE protocols .Furthermore ,we uncover the flaws in their formal security proof and put forward an enhancement to overcome the identified defect .The analysis results show that the improved protocol eliminates the vulnerability of Wei’s protocol while keeping the merit of high performance ,suitable for mo-bile application scenarios .

Jianghong Hu,Jianzhong Zhang

DOI: https://doi.org/10.1016/j.csi.2007.11.002

2012-01-01

Abstract:A (t, n) threshold proxy signature scheme allows any t or more proxy signers to cooperatively sign messages on behalf of an original signer, but t−1 or fewer proxy signers cannot. In a recent work [C.H. Yang, S.F. Tzeng, M.S. Hwang, On the efficiency of nonrepudiable threshold proxy signature scheme with known signers, Systems and Software 73(3) (2004) 507–514], C.H. Yang, S.F. Tzeng and M.S. Hwang proposed a new threshold proxy signature scheme (called as YTH scheme), which is more efficient in algorithm and communication than Hsu et al.'s scheme proposed in 2001. However, YTH scheme still has some security weaknesses. In this paper, we show that YTH scheme cannot resist frame attack and public-key substitute attack. A new improvement with high safety and efficiency is proposed. The new scheme remedies the weaknesses of YTH scheme, especially, it can resist public-key substitute attack successfully by Zero-Knowledge Proof. Furthermore, the system doesn't need a security channel and computational complexity can be lowered.

Liangliang Wang,Mi Wen,Kefei Chen,Zhongqin Bi,Yu Long

DOI: https://doi.org/10.1007/978-3-319-69471-9_19

2017-01-01

Abstract:Through the application of certificateless signature, certificate management in traditional signatures can be simplified. Furthermore, the key escrow problem in identity-based signatures can be solved as well. As history has shown, there has not been a general pairing-free certificateless signature scheme which is mainly designed with modular exponentiation and modular multiplication that can possess resistance to Type I and Type II adversaries so far. Therefore, a new hard mathematic problem is firstly defined in this paper, which is called variant of RSA problem. In the next step, a new general pairing-free certificateless signature scheme is proposed based on the newly defined variant of RSA problem and the well known discrete logarithm problem. Fortunately, the proposed scheme is also the first RSA-based certificateless signature scheme that can possess resistance to Type I and Type II adversaries. In addition, a formal security proof is provided to demonstrate that, under adaptively chosen message attacks, the proposed scheme is provably secure against Type I and Type II adversaries in the random oracle model. When compared with other known pairing-free certificateless signature schemes of the same type, the computation cost of our scheme is slightly higher, however, a higher security level can be achieved.