Kwangsu Lee,Dong Hoon Lee,Moti Yung

DOI: https://doi.org/10.1016/j.tcs.2015.02.019

2015-02-24

Abstract:The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings such as in reducing bandwidth of certificate chains and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters (EUROCRYPT 2006) presented the first sequential aggregate signature scheme in the standard model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore, they suggested as an open problem the construction of such a scheme with short keys. In this paper, we propose the first sequential aggregate signature schemes with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups that are secure under static assumptions in the standard model. Furthermore, our schemes employ a constant number of pairing operations per message signing and message verification operation. Technically, we start with a public-key signature scheme based on the recent dual system encryption technique of Lewko and Waters (TCC 2010). This technique cannot directly provide an aggregate signature scheme since, as we observed, additional elements should be published in a public key to support aggregation. Thus, our constructions are careful augmentation techniques for the dual system technique to allow it to support sequential aggregate signature schemes. We also propose a multi-signature scheme with short public parameters in the standard model.

Cryptography and Security

Li-Hong Guo,Hai-Tao Wu,Qing Yang

DOI: https://doi.org/10.2991/icwcsn-16.2017.32

2016-01-01

Abstract:Proxy signature schemes have been suggested for use in a number of applications, so the security of proxy signature scheme is more and more important. However, at present, almost all the proxy signature schemas were proven secure in the random oracle model, which has received a lot of criticism. Recently, Yu et al. proposed a designated verifier proxy signature scheme without random oracles by using Waters hashing technique. The formal models and a strictly logical process were provided in this schema. But Kang et al. show some attacks on Yu et al.s scheme and offer its insecurity proof. In this paper, in order to overcome the weaknesses in Yu et al.s scheme we make supplements on it and make it secure resist Kang et al.s attacks.

Yanbo Chen,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-031-17146-8_19

2022-01-01

Abstract:An aggregate signature (AS) scheme allows an unspecified aggregator to compress many signatures into a short aggregation. AS schemes can save storage costs and accelerate verification. They are desirable for applications where many signatures need to be stored, transferred, or verified together, including blockchain systems, sensor networks, certificate chains, network routing, etc. However, constructing AS schemes based on general groups, only requiring the hardness of the discrete logarithm problem, is quite tricky and has been a long-standing research question. Recently, Chalkias et al. [6] proposed a half-aggregate scheme for Schnorr signatures. We observe the scheme lacks a tight security proof and does not well support incremental aggregation, i.e., adding more signatures into a pre-existing aggregation. This work's contributions are threefold. We first give a tight security proof for the scheme in [6] in the ROM and the algebraic group model (AGM). Second, we provide a new half-aggregate scheme for Schnorr signatures that perfectly supports incremental aggregation, whose security also tightly reduces to Schnorr's security in the AGM+ROM. Third, we present a Schnorr-based sequential aggregate signature (SAS) scheme that is tightly secure as Schnorr signature scheme in the ROM (without the AGM). Our work may pave the way for applying Schnorr aggregation in real-world cryptographic applications.

Yang Muxiang,Su Li,Li Jun,Hong Fan

DOI: https://doi.org/10.1007/bf02831833

2006-01-01

Wuhan University Journal of Natural Sciences

Abstract:In multisignature schemes signers can sign either in a linear order or not in any specified order, but neither of them is adequate in some scenarios where require mixture using of orderless and ordered multisignature. Most order-specified multisignatures specified the orders as linear ones. In this paper, we proposed an order-specified multisignature scheme based on DSA secure against active insider attack. To our knowledge, it is the first order-specified multisignature shceme based on DSA signature scheme, in which signers can sign in flexible order represented by series-parallel graphs. In the multisignature scheme verification to both signers and signing order are available. The security of the scheme is proved by reduce to an identification scheme that is proved have some concrete security. The running time of verifying a signature is comparable to previous schemes while the running time of multisignature generation and the space needed is less than those schemes.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/IJESDF.2014.064409

2014-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.

Tian Qiu,Lin Hou,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-030-41579-2_21

2019-01-01

Abstract:Group signature allows group members to sign on behalf of the group anonymously, and incorporate some tracing mechanism to identify the actual signer. Multi-group signature (MGS), introduced by Ateniese and Tsudik (FC'99), is a proper generalization of group signature. It allows signers to sign messages anonymously on behalf of multiple groups and has extensive applications in electronic commerce. However, all existing MGS schemes are from classical assumptions and will be insecure once quantum computers come true.In this paper, we propose the first MGS scheme in the lattice setting which is also the first quantum-resistant proposal. The keystone of our work is a zero-knowledge argument of knowledge (ZKAoK) system of different syndromes of the same vector based on the work by Libert et al. (Asiacrypt'16) and Ling et al. (PKC'18). With additional signing and encryption layers, our ZKAoK allows the signer to prove memberships in multiple groups simultaneously, which is the key issue on the MGS construction, and it can be of independent interest. For security proofs, we formalize the MGS model in the framework of Bellare et al. (CT-RSA'05).

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Hu Xiong,Zhi Guan,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2012.07.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:An aggregate signature scheme enables an algorithm to aggregate n signatures of n distinct messages from n users into a single short signature. This primitive is useful in resource-constrained environment since they allow bandwidth and computational savings. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we present an efficient certificateless aggregate signature scheme with constant pairing computations. The security of the proposed scheme can be proved to be equivalent to the standard computational Diffie–Hellman problem in the random oracle with a tight reduction. Furthermore, our scheme does not require synchronization for aggregating randomness, which makes it more suitable for ad hoc networks.

Zhong-mei Wan,Xue-jia Lai,Jian Weng,Sheng-li Liu,Yu Long,Xuan Hong

DOI: https://doi.org/10.1007/s12204-010-1064-5

2010-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.

XU Yan,HUANG Liu-sheng,TIAN Miao-miao,ZHONG Hong

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.11.014

2014-01-01

Abstract:Certificate less sequential multi-signature scheme could resolve the problem of authentication of recommendation information transmitted through trust train.Qin yan-lin，et al proposed an efficient certificateless sequential multi-signature scheme，and proved the security is based on the fact that computational Diffie-Hellman problem is hard in the random oracle.It is found that Qin's scheme is insecure against the forgery attack after analysing the security proof.If an adversary has obtained the signers’ multi-signature，it can forgery the multi-signature for any other message.Then，a more efficient certificateless sequential multi-signature scheme is construced which has lower computation cost and communication cost for using less bilinear pairings and only generating one signature message.Finally，the security proof shows that the proposed scheme can resist the forgery attack under the model of random oracle.

Hu Xiong,Shikun Wu,Ji Geng,Emmanuel Ahene,Songyang Wu,Zhiguang Qin

DOI: https://doi.org/10.3837/tiis.2015.03.023

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:Certificate-based signature (CBS) combines the advantages of both public key-based signature and identity-based signature, while saving from the disadvantages of drawbacks in both PKS and IBS. The insecure deployment of CBS under the hostile circumstances usually causes the exposure of signing key to be inescapable. To resist the threat of key leakage, we present a pairing-free key insulated CBS scheme by incorporating the idea of key insulated mechanism and CBS. Our scheme eliminates the costly pairing operations and as a matter of fact outperforms the existing key insulated CBS schemes. It is more suitable for low-power devices. Furthermore, the unforgeability of our scheme has been formally proven to rest on the discrete logarithm assumption in the random oracle model.

Han Shen,Jianhua Chen,Hao Hu,Jian Shen

DOI: https://doi.org/10.1587/transfun.E99.A.660

2016-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Recently, H. Liu et al. [H. Liu, M. Liang, and H. Sun, A secure and efficient certificateless aggregate signature scheme, IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, vol.E97-A, no.4, pp.991-915, 2014] proposed a new certificateless aggregate signature (CLAS) scheme and demonstrated that it was provably secure in the random oracle model. However, in this letter, we show that their scheme cannot provide unforgeability, i.e., an adversary having neither the user's secret value nor his/her partial private key can forge a legal signature of any message.

Zheng Gong,Yu Long,Xuan Hong,Kefei Chen

2008-01-01

Abstract:Aggregate signature is a digital signature with a striking property that anyone can aggregate n individual signatures on n different messages which are signed by n distinct signers, into a single compact signature to reduce computational and storage costs. In this work, two practical certificateless aggregate signature schemes are proposed from bilinear maps. The first scheme CAS-1 reduces the costs of communication and signer-side computation but trades off the storage, while CAS-2 minimizes the storage but sacrifices the communication costs. One can choose either of the schemes by consideration of the application requirement. Compare with ID-based schemes, our schemes do not entail public key certificates as well and achieve the trust Level 3, which imply the frauds of the authority are detectable. Both of the schemes are proven secure in the random oracle model by assuming the intractability of the computational Diffie-Hellman problem over the groups with bilinear maps, where the forking lemma technique is avoided.

Yuchen Xiao,Lei Zhang,Yafang Yang,Wei Wu,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1016/j.csi.2023.103819

IF: 3.721

2023-12-07

Computer Standards & Interfaces

Abstract:The multi-signature scheme plays a crucial role in addressing trust and authentication challenges in digital transactions and other scenarios by allowing multiple users to sign the same message. Among various signature schemes, the SM2 signature scheme stands out for its exceptional security and efficiency, making it widely adopted in numerous fields. In this paper, we propose the first provably secure multi-signature scheme based on the standard SM2 signature scheme, i.e., the scheme can be reduced to the standard SM2 signature scheme when there is only one signer. We prove that our scheme is existential unforgeability under chosen message attacks in the bijective random oracle model, based on the assumption that the elliptic curve discrete logarithm problem is hard. Compared with the existing multi-signature schemes based on the SM2 signature scheme in the same category, our scheme exhibits improved efficiency in terms of communication delay and computational cost.

computer science, software engineering, hardware & architecture

Yanan Chen,Weixiang Xu,Hu Xiong

DOI: https://doi.org/10.1007/s12243-015-0461-z

2015-01-01

Abstract:To protect signing rights against the compromise of secret key, the key-insulated signature (KIS) has attracted a lot of attention from the industry and academia. It would be interesting to investigate the notion of KIS in the certificateless public key cryptography (CL-PKC) environment to solve the problem of certificate management and key escrow simultaneously. To capture the seeming neglected attack mounted by the malicious key generation center (KGC), a stronger security model for the CL-PKC should be considered. In this paper, we first show that the only known CL-KIS scheme is vulnerable against malicious KGC attack, and then propose the first CL-KIS scheme secure against malicious KGC attack, with security proof in the standard model.

Masayuki Tezuka,Keisuke Tanaka

DOI: https://doi.org/10.1007/978-3-031-29371-9_16

2023-04-01

Abstract:Synchronized aggregate signature is a special type of signature that all signers have a synchronized time period and allows aggregating signatures which are generated in the same period. This signature has a wide range of applications for systems that have a natural reporting period such as log and sensor data, or blockchain protocol. In CT-RSA 2016, Pointcheval and Sanders proposed the new randomizable signature scheme. Since this signature scheme is based on type-3 pairing, this signature achieves a short signature size and efficient signature verification. In this paper, we design the Pointchcval-Sanders signature-based synchronized aggregate signature scheme and prove its security under the generalized Pointcheval-Sanders assumption in the random oracle model. Our scheme offers the most efficient aggregate signature verification among synchronized aggregate signature schemes based on bilinear groups.

Cryptography and Security

Yan XU,Liu-sheng HUANG,Miao-miao TIAN,Hong ZHONG,Jie CUI

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.011

2016-01-01

Abstract:Aggregate signature schemes are particularly useful for authentication in resource-constrained wireless net-works for realizing batch verification.Certificateless cryptosystems can resolve the certificate management problem or key es-crow problem in aggregate signature schemes.This paper firstly analyzed a certificatelss aggregate signature(CLAS)scheme. Then,a more efficient CLAS scheme that requires less bilinear paring operations was provided.The security analysis showed that this scheme can resist the forgery attack under the random oracle model,the security was equal to resolve CDH problem.

Shuai Han,Tibor Jager,Eike Kiltz,Shengli Liu,Jiaxin Pan,Doreen Riepel,Sven Schaege

DOI: https://doi.org/10.1007/978-3-030-84259-8_23

2021-01-01

Abstract:We construct the first authenticated key exchange protocols that achieve tight security in the standard model. Previous works either relied on techniques that seem to inherently require a random oracle, or achieved only "Multi-Bit-Guess" security, which is not known to compose tightly, for instance, to build a secure channel. Our constructions are generic, based on digital signatures and key encapsulation mechanisms (KEMs). The main technical challenges we resolve is to determine suitable KEM security notions which on the one hand are strong enough to yield tight security, but at the same time weak enough to be efficiently instantiable in the standard model, based on standard techniques such as universal hash proof systems. Digital signature schemes with tight multi-user security in presence of adaptive corruptions are a central building block, which is used in all known constructions of tightly-secure AKE with full forward security. We identify a subtle gap in the security proof of the only previously known efficient standard model scheme by Bader et al. (TCC 2015). We develop a new variant, which yields the currently most efficient signature scheme that achieves this strong security notion without random oracles and based on standard hardness assumptions.

Jiang Deng,Chunxiang Xu,Huai Wu,Liju Dong

DOI: https://doi.org/10.1002/cpe.3551

2016-01-01

Abstract:SummaryTo satisfy the applications in certificateless environment, many researchers have been investigating certificateless aggregate signature schemes. Several schemes that are independent with the aggregated numbers are proposed to reduce the computation overhead. In these schemes, the pairing computations that in verification procedure needs are a constant value. Recently, Hou et al. proposed an improved certificateless aggregate signature scheme. They demonstrated the scheme is provably secure in the random oracle model. However, we find that their scheme is insecure in their security model by giving a concrete attack. Then, we propose an improved certificateless signature scheme and use it to construct a new certificateless signature scheme with enhanced security and aggregation. Furthermore, we provide formal security proof of our new scheme. Compared with other four schemes, our enhanced protocol is more suitable for realistic applications. Copyright © 2015 John Wiley & Sons, Ltd.

D. He,J. Chen,R. Zhang

DOI: https://doi.org/10.1002/dac.1330

2011-01-01

International Journal of Communication Systems

Abstract:SUMMARYCertificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identitybased cryptography. The certificateless signature scheme is studied widely as an important primitive. Following the pioneering work done by Al‐Riyami et al., many certificateless signature schemes using bilinear pairings have been proposed ever since. However, the relative computation cost of the pairing is approximately 20 times higher than that of the scalar multiplication over the elliptic curve group. To improve the performance we propose a certificateless signature scheme without bilinear pairings. With the running time being reduced greatly, our scheme is more practical than the previous related schemes for practical application. Copyright © 2011 John Wiley & Sons, Ltd.