P Thanalakshmi,R Anitha,N Anbazhagan,Woong Cho,Gyanendra Prasad Joshi,Eunmok Yang

DOI: https://doi.org/10.3390/s21248417

2021-12-16

Abstract:As a standard digital signature may be verified by anybody, it is unsuitable for personal or economically sensitive applications. The chameleon signature system was presented by Krawczyk and Rabin as a solution to this problem. It is based on a hash then sign model. The chameleon hash function enables the trapdoor information holder to compute a message digest collision. The holder of a chameleon signature is the recipient of a chameleon signature. He could compute collision on the hash value using the trapdoor information. This keeps the recipient from disclosing his conviction to a third party and ensures the privacy of the signature. The majority of the extant chameleon signature methods are built on the computationally infeasible number theory problems, like integer factorization and discrete log. Unfortunately, the construction of quantum computers would be rendered insecure to those schemes. This creates a solid requirement for construct chameleon signatures for the quantum world. Hence, this paper proposes a novel quantum secure chameleon signature scheme based on hash functions. As a hash-based cryptosystem is an essential candidate of a post-quantum cryptosystem, the proposed hash-based chameleon signature scheme would be a promising alternative to the number of theoretic-based methods. Furthermore, the proposed method is key exposure-free and satisfies the security requirements such as semantic security, non-transferability, and unforgeability.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Xiao Zhang,Shengli Liu,Dawu Gu,Joseph K. Liu

DOI: https://doi.org/10.1016/j.tcs.2018.12.012

IF: 1.002

2019-01-01

Theoretical Computer Science

Abstract:In this paper, we present a generic construction of tightly secure signature schemes in the multi-user setting, which is in turn used to construct tightly secure identity-based signature schemes. Both of the securities of the constructions are based on the hardness of some subset membership problems (SMP). By instantiating SMP with the Decisional Composite Residuosity (DCR) and Matrix Decisional Diffie–Hellman (MDDH) problems, we obtain tightly secure signature schemes and tightly secure identity-based signatures based on the DCR and MDDH assumptions, respectively.

Shuai Han,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-30620-4_5

2023-01-01

Abstract:In this paper, we consider tight multi-user security under adaptive corruptions, where the adversary can adaptively corrupt some users and obtain their secret keys. We propose generic constructions for a bunch of primitives, and the instantiations from the matrix decisional Diffie-Hellman (MDDH) assumptions yield the following schemes: As byproducts, our SIG and SC naturally derive the first strongly secure message authentication code (MAC) and the first authenticated encryption (AE) schemes achieving almost tight multi-user security under adaptive corruptions in the standard model. We further optimize constructions of SC, MAC and AE to admit better efficiency. Furthermore, we consider key leakages besides corruptions, as a natural strengthening of tight multi-user security under adaptive corruptions. This security considers a more natural and more complete “all-or-part-or-nothing” setting, where secret keys of users are either fully exposed to adversary (“all”), or completely hidden to adversary (“nothing”), or partially leaked to adversary (“part”), and it protects the uncorrupted users even with bounded key leakages. All our schemes additionally support bounded key leakages and enjoy full compactness. This yields the first SIG, PKE, SC, MAC, AE schemes achieving almost tight multi-user security under both adaptive corruptions and leakages.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.3233/jcs-220121

2024-01-01

Journal of Computer Security

Abstract:Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Nan Li,Yingjiu Li,Mark Manulis,Yangguang Tian,Guomin Yang

DOI: https://doi.org/10.1093/comjnl/bxae075

2024-07-30

The Computer Journal

Abstract:Abstract Policy-based chameleon hash functions have been widely proposed for its use in blockchain rewriting systems. They allow anyone to create a mutable transaction associated with an access policy, while an authorized user who possesses sufficient rewriting privileges from a trusted authority satisfying the access policy can rewrite the mutable transaction. However, existing chameleon hash functions lack certain fundamental security guarantees, including forward security and backward security. In this paper, we introduce a new primitive called forward/backward-secure policy-based chameleon hash (FB-PCH for short). We present a practical instantiation. We prove that the proposed scheme achieves forward/backward-secure collision-resistance, and show its practicality through implementation and evaluation analysis.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Junzuo Lai,Robert H. Deng,Shengli Liu

DOI: https://doi.org/10.1007/978-3-642-19379-8_14

2011-01-01

Abstract:In STOC'08, Peikert and Waters introduced a new powerful primitive called lossy trapdoor functions (LTDFs) and a richer abstraction called all-but-one trapdoor functions (ABO-TDFs). They also presented a black-box construction of CCA-secure PKE from an LTDF and an ABO-TDF. An important component of their construction is the use of a strongly unforgeable one-time signature scheme for CCA-security.In this paper, we introduce the notion of chameleon ABO-TDFs, which is a special kind of ABO-TDFs. We give a generic as well as a concrete construction of chameleon ABO-TDFs. Based on an LTDF and a chameleon ABO-TDF, we presented a black-box construction, free of one-time signature, of variant of the CCA secure PKE proposed by Peikert and Waters.

Angsuman Das,Avishek Adhikari

DOI: https://doi.org/10.1016/j.aml.2010.04.024

2011-03-09

Abstract:In this paper, a renewable, multi-use, multi-secret sharing scheme for general access structure based on one-way collision resistant hash function is presented in which each participant has to carry only one share. By applying collision-resistant one-way hash function, the proposed scheme is secure against conspiracy attacks even if the pseudo-secret shares are compromised. Moreover, high complexity operations like modular multiplication, exponentiation and inversion are avoided to increase its efficiency. Finally, in the proposed scheme, both the combiner and the participants can verify the correctness of the information exchanged among themselves.

Cryptography and Security

Vivek Nair,Dawn Song

DOI: https://doi.org/10.1109/EuroSP57164.2023.00013

2023-06-14

Abstract:Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure against credential disclosure. Unfortunately, the relatively low tolerance of users to added latency places an upper bound on the deployment of this technique in most applications. In this paper, we present a multi-factor credential hashing function (MFCHF) that incorporates the additional entropy of multi-factor authentication into password hashes to provide asymmetric resistance to brute-force attacks. MFCHF provides full backward compatibility with existing authentication software (e.g., Google Authenticator) and hardware (e.g., YubiKeys), with support for common usability features like factor recovery. The result is a 10^6 to 10^48 times increase in the difficulty of cracking hashed credentials, with little added latency or usability impact.

Cryptography and Security

Shi-Feng Sun,Dawu Gu,Udaya Parampalli,Yu,Baodong Qin

DOI: https://doi.org/10.1016/j.jcss.2017.03.004

IF: 1.043

2017-01-01

Journal of Computer and System Sciences

Abstract:In this work, we investigate how to protect public key encryption from both key-leakage attacks and tampering attacks. First, we formalize the notions of chosen ciphertext (CCA) security against key-leakage and tampering attacks. To this goal, we then introduce the concept of key-homomorphic hash proof systems and present a generic construction of public key encryption based on this new primitive. Our construction, compared with previous works, realizes leakage-resilience and tampering-resilience simultaneously but completely independently, so it can tolerate a larger amount of bounded-memory leakage and be instantiated with more flexibility. Moreover, it allows for an unbounded number of affine-tampering queries, even after the challenge phase. With slight adaptations, our construction also achieves CCA security against subexponentially hard auxiliary-input leakage attacks and a polynomial of affine-tampering attacks. Thus, to the best of our knowledge, we get the first public key encryption scheme secure against both auxiliary-input leakage attacks and tampering attacks.

Heng Guo,Kun Tian,Feng Liu,Zhiyong Zheng

2024-12-02

Abstract:At present, in lattice-based linearly homomorphic signature schemes, especially under the standard model, there are very few schemes with tight security. This paper constructs the first lattice-based linearly homomorphic signature scheme that achieves tight security against existential unforgeability under chosen-message attacks (EUF-CMA) in the standard model. Furthermore, among existing schemes, the scheme proposed in this paper also offers certain advantages in terms of public key size, signature length, and computational cost.

Cryptography and Security,Information Theory

Feng Bao,Robert H. Deng,Xuhua Ding,Junzuo Lai,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-21554-4_12

2011-01-01

Abstract:At ACNS 2008, Canard et al. introduced the notion of trapdoor sanitizable signature (TSS) based on identity-based chameleon hash (IBCH). Trapdoor sanitizable signatures allow the signer of a message to delegate, at any time, the power of sanitization to possibly several entities who can modify predetermined parts of the message and generate a new signature on the sanitized message without interacting with the original signer. In this paper, we introduce the notion of hierarchical identity-based chameleon hash (HIBCH), which is a hierarchical extension of IBCH. We show that HIBCH can be used to construct other cryptographic primitives, including hierarchical trapdoor sanitizable signature (HTSS) and key-exposure free IBCH. HTSS allows an entity who has the sanitization power for a given signed message, to further delegate its power to its descendants in a controlled manner. Finally, we propose a concrete construction of HIBCH and show that it is t-threshold collusion-resistant.

Shenghui Su,Tao Xie,Shuwang Lu

DOI: https://doi.org/10.48550/arXiv.1408.5999

2017-04-30

Abstract:To examine the integrity and authenticity of an IP address efficiently and economically, this paper proposes a new non-Merkle-Damgard structural (non-MDS) hash function called JUNA that is based on a multivariate permutation problem and an anomalous subset product problem to which no subexponential time solutions are found so far. JUNA includes an initialization algorithm and a compression algorithm, and converts a short message of n bits which is regarded as only one block into a digest of m bits, where 80 <= m <= 232 and 80 <= m <= n <= 4096. The analysis and proof show that the new hash is one-way, weakly collision-free, and strongly collision-free, and its security against existent attacks such as birthday attack and meet-in-the- middle attack is to O(2 ^ m). Moreover, a detailed proof that the new hash function is resistant to the birthday attack is given. Compared with the Chaum-Heijst-Pfitzmann hash based on a discrete logarithm problem, the new hash is lightweight, and thus it opens a door to convenience for utilization of lightweight digital signing schemes.

Cryptography and Security

bozhong liu,zheng gong,xiaohong chen,weidong qiu,dong zheng

DOI: https://doi.org/10.1109/ITAPP.2010.5566639

2010-01-01

Abstract:Hash functions are widely used in authentication. In this paper, the security of Lin et al.'s efficient block-cipher-based hash function is reviewed. By using Joux's multicollisions and Kelsey et al.'s expandable message techniques, we find the scheme is vulnerable to collision, preimage and second preimage attacks. Some modifications are recommended to avoid those security flaws in Lin et al.'s hash construction.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.1007/978-3-031-57725-3_10

2024-01-01

Abstract:Chameleon hash (CH) is a trapdoor hash function. Generally it is hard to find collisions, but with the help of a trapdoor, finding collisions becomes easy. CH plays an important role in converting a conventional blockchain to a redactable one. However, most of existing CH schemes are too weak to support redactable blockchains. The currently known CH schemes serving for redactable blockchains have the best security of so-called “full collision resistance ( f-CR )”, but they are built either in the random oracle model or rely on heavy tools like the simulation-sound extractable non-interactive zero-knowledge (SSE-NIZK) proof system. Moreover, up to now there is no CH scheme with post-quantum f-CR security in the standard model. Therefore, no CH can support redactable blockchains in a post-quantum way without relying on random oracles. In this paper, we introduce a variant of CH, namely tagged chameleon hash (tCH). Tagged chameleon hash takes a tag into hash evaluations and collision finding algorithms. We define two security notions for tCH, restricted collision resistance ( r-CR ) and full collision resistance ( f-CR ), and prove the equivalence between r-CR and f-CR when tCH works in the one-time tag mode. We propose a tCH scheme from lattices without using any NIZK proof, and prove that its restricted collision resistance is reduced to the Short Integer Solution (SIS) assumption in the standard model. We also show how to apply tCH to a blockchain in one-time tag mode so that the blockchain can be compiled to a redactable one. Our tCH scheme provides the first post-quantum solution for redactable blockchains, without resorting to random oracles or NIZK proofs. Besides, we also construct a more efficient tCH scheme with r-CR tightly reduced to SIS in the random oracle model, which may be of independent interest.

Xiao Zhang,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-319-60055-0_24

2017-01-01

Abstract:In this paper, we construct the first tightly secure signature scheme against adaptive chosen message attacks (CMA) from the Decisional Composite Residuosity (DCR) Assumption. Moreover, the verification key in our scheme is of constant size. Based on the DCR assumption, we design a one-time secure signature scheme first, then we employ a flat tree structure to obtain a signature scheme that is secure against non-adaptive chosen message attacks (NCMA). By combining the one-time scheme and NCMA-secure scheme, we obtain the final CMA-secure signature scheme with a tight security reduction to the DCR assumption.

Xiao Zhang,Shengli Liu,Jiaxin Pan,Dawu Gu

DOI: https://doi.org/10.1016/j.tcs.2019.07.015

IF: 1.002

2019-01-01

Theoretical Computer Science

Abstract:In this paper, we study how to construct tightly secure signature scheme against adaptive chosen message attacks in the multi-user setting (i.e., tightly euf-m-cma secure signature) from the learning with errors (LWE) assumptions. More precisely, we propose a modular framework of euf-m-cma secure signature from a weak partial one-time signature (POS) scheme that is secure only against random message attacks in the multi-user setting (i.e., euf-m-rma secure) and possesses imperfect correctness. By instantiating the weak POS with the LWE assumption, we obtain the first LWE-based tightly euf-m-cma secure signature scheme in the multi-user setting. Moreover, we also present an instantiation of the weak POS based on the Subset Sum (SS) assumption, and again we obtain the first almost tightly euf-cma secure signature scheme from the SS assumption in the single-user setting. All our security reductions are tight and without random oracles.

JQ Liu,J Sun,TH Li

DOI: https://doi.org/10.1109/sips.2005.1579870

2005-01-01

Abstract:Based on one-way hash function, Sun proposed an efficient remote login authentication protocol with smart card in 2000. However, in 2002, Chien at al. pointed out a deficiency of Sun's scheme which only realized unilateral authentication and put forward an efficient and practical solution for remote mutual authentication scheme. But recently, Hsu discussed that this scheme was not secure enough since it was vulnerable to the parallel session attack again. In this paper, we give an enhanced remote login authentication with smart card, which inherits all the merits of the previous schemes as well as realizes secure mutual authentication without significantly increasing the computational cost.

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.3772/j.issn.1006-6748.2011.02.013

2011-01-01

Abstract:As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al.'s scheme, Gorantla, et al.'s scheme and Ming, et al.'s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting. © by HIGH TECHNOLOGY LETTERS PRESS.

Xianping Mao,Kefei Chen,Liangliang Wang,Yu Long

DOI: https://doi.org/10.1109/incos.2014.41

2014-01-01

Abstract:Fair exchange is essential in E-commerce, and concurrent signature realizes the fair exchange of digital signatures with removing the requirement of a trusted third party. Multi-party concurrent signature is an extension to the multi-user scenario. The security of existing multi-party concurrent signatures is mostly based on traditional hard problems that could be solved efficiently with quantum algorithms in a post-quantum world. Meanwhile, the lattice-based cryptography is considered to be resistant to quantum attack. Wang et al. proposed a lattice-based multi-party concurrent signature. We give the analysis of their proposed signature scheme and find that it is not secure since an inside adversary can forge the signature. Moreover, the initial signer can produce any signatures, instead of a signature on the original messages, if he is malicious.