Li-Hong Guo,Hai-Tao Wu,Qing Yang

DOI: https://doi.org/10.2991/icwcsn-16.2017.32

2016-01-01

Abstract:Proxy signature schemes have been suggested for use in a number of applications, so the security of proxy signature scheme is more and more important. However, at present, almost all the proxy signature schemas were proven secure in the random oracle model, which has received a lot of criticism. Recently, Yu et al. proposed a designated verifier proxy signature scheme without random oracles by using Waters hashing technique. The formal models and a strictly logical process were provided in this schema. But Kang et al. show some attacks on Yu et al.s scheme and offer its insecurity proof. In this paper, in order to overcome the weaknesses in Yu et al.s scheme we make supplements on it and make it secure resist Kang et al.s attacks.

Shifeng Sun,Qiaoyan Wen,Zhengping Jin,Hua Zhang

DOI: https://doi.org/10.1109/isise.2010.47

2010-01-01

Abstract:Recently, several ID-based strong designated verifier signature schemes have been proposed in the literature. However, most of them can not satisfy the strong ness property that any third party without the designated verifier's private key is unable to check the validity of a designated verifier signature, and they are not given the rigorous security proofs. To solve those problems above, we put forward a new efficient ID-based strong designated verifier signature scheme in this paper which is strong, and rigorously proved secure in the random oracle model based on the Bilinear Diffie-Hellmanassumptions.

Mingwu Zhang,Tsuyoshi Takagi,Bo Yang,Fagen Li

DOI: https://doi.org/10.1587/transfun.e95.a.259

2012-01-01

Abstract:Strong designated verifier signature scheme (SDVS) allows a verifier to privately check the validity of a signature. Recently, Huang et al. first constructed an identity-based SDVS scheme (HYWS) in a stronger security model with non-interactive proof of knowledge, which holds the security properties of unforgeability, non-transferability, non-delegatability, and privacy of signer's identity. In this paper, we show that their scheme does not provide the claimed properties. Our analysis indicates that HYWS scheme neither resist on the designated verifier signature forgery nor provide simulation indistinguishability, which violates the security properties of unforgeability, non-delegatability and non-transferability.

秦志光,廖永建

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.05.033

2009-01-01

Abstract:Compared with ordinary digital signature,the designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party.In designated verifier signature scheme,no third party can even verify the validity of a designated verifier signature since it must use the designated verifier's secret key in verification.Recently,an ID-based strong designated verifier scheme,ID-based designated verifier proxy signature scheme,and partial cryptanalysis ware proposed.In this paper,we show that the designated verifier signature scheme is delegatable,and the designated verifier proxy signature is forgeable since construction of the proxy scheme is unreasonable.

Xin Lv,Feng Xu,Ping Ping,Xuan Liu,Huaizhi Su

DOI: https://doi.org/10.1109/DCABES.2015.48

2015-01-01

Abstract:Ring signatures enable a user to sign a message so that a ring of possible signers is identified, without revealing exactly which member of that ring actually generated the signature. In some situations, however, an actual signer may possibly want to expose himself, for instance, if doing so, he will acquire an enormous benefit. In this paper, a signature scheme with designated verifiability based on Schnorr ring signature is proposed. The scheme provides a confirmation procedure, in which the real signer is able to convince a designated party that he is the one who generates the signature. The confirming procedure involves an interactive Zero-Knowledge proof protocol, which is non-transferable, and it only can be triggered by the signer. Based on the intractability of Discrete Logarithm Problem (DLP), the scheme is existentially unforgeable under adaptive-chosen message attack in the random oracle model.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Yang Chen,Yang Zhao,Hu Xiong,Feng Yue

DOI: https://doi.org/10.6633/ijns.201707.19(4).10

2017-01-01

Abstract:The designated verifier signature only enables the designated verifier to check the correctness of the signature, while any third party can not verify whether this signature is valid or not. Most of the previous designated verifier signature schemes depend on certificate-based cryptography or identity-based cryptography, while little attention has been paid to the certificateless designated verifier signature scheme which has much more advantages than the previous constructions. In this paper, we propose the first certificateless strong designated verifier signature scheme with non-delegatability. We show that our scheme satisfies the basic properties of a designated verifier signature scheme and resists the two types of adversaries in certificateless cryptography. In addition, the comparison with other existing certificateless SDVS schemes demonstrates the proposed scheme is provided with a good level of security and performance.

Zhang Changlun,Liu Yun,He Dequan

DOI: https://doi.org/10.1109/icosp.2006.346099

2006-01-01

Abstract:Ring signature is proved very useful in various applications for its perfect properties. However, the existing schemes based on the discrete logarithm are not perfect in signature and signer verification. In this paper, we introduce a new verifiable ring signature scheme based on Nyberg-Rueppel signature. The scheme realizes the ring signature using the hash functioning merely, which can verify the actual signer besides satisfying the basic properties of ring signature: unconditional anonymity and non-forgeability. The comparison shows that our signature scheme is of less size of signature and computation, and the signer verification is more simple and easy to understand

Fa-gen Li,Shirase Masaaki,Takagi Tsuyoshi

DOI: https://doi.org/10.1007/s12204-008-0679-2

2008-01-01

Abstract:We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks. Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme. The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme. We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.

WU Huai,SUN Ying,XU Chun-xiang,WU Wei

DOI: https://doi.org/10.3969/j.issn.1001-0548.2013.06.022

2013-01-01

Abstract:The security of the identity-based ring signature scheme of [18] is analyzed in this paper. It is found that this scheme did not possess the unforgeability property. It is also shown that the proposed scheme is insecure against a new kind of forgery attack, i.e. the identity assembly forgery attack. With such an attack, an adversary is able to forge valid ring signatures on any message based on the features of its identity, and the identity of the adversary can be even not included in the ring of the forged signature.

Bo Yang,Ying Sun,Yong Yu,Qi Xia

DOI: https://doi.org/10.1109/incos.2012.24

2012-01-01

Abstract:Designated verifier signature (DVS) is a cryptographic primitive, which allows a signer to convince a designated verifier of the validity of a signed statement and prevents the verifier from convincing any third party about the signature. As a variant of DVS, strong DVS (SDVS), which exhibits perfect non-transferability, does not accommodate secure disavow ability (or non-repudiation). It makes a SDVS more like a message authentication code rather than a digital signature. In this situation, the signer has to bear the responsibility of some "forged" signatures produced by the designated verifier. Therefore, it's interesting to construct a strong DVS scheme with secure disavow ability. In this paper, we address this problem with a novel construction of a SDVS scheme with secure disavow ability. The new scheme utilizes a chameleon hash function and supports the signer to have a complete control of his signature. Our scheme achieves unforgeability, non-transferability and secure disavow ability. Comparisons show that the new scheme outperforms the existing one in terms of computational efficiency and signature length.

QI Ya-ping,LIU Wen-hua,YU Yong

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.24.034

2007-01-01

Abstract:Recently,Willy、Zhang and Yi proposed an identity-based strong designated verifier signature scheme(noted as WZY scheme) and gave the security proof of the scheme.Unfortunately,We find that their security proof is improper:in the proof of the unforgeability of the scheme,they supposed that the adversary has the secret key of the designated verifier.Under a simple assumption that the hash function is considered as an oracle that on each valid input known to the adversary beforehand produces a random value,a new proof that the unforgeability of WZY scheme relies on the Bilinear Diffie-Hellman Problem is given.

Hong-Sheng Huang,Yu-Lei Fu,Han-Yu Lin

2024-03-28

Abstract:In this work, we introduce a strong Designated Verifier Signature (DVS) scheme that incorporates a message recovery mechanism inspired by the concept of the Universal Designated Verifier Signature (UDVS) scheme. It is worth noting that Saeednia's strong designated verifier signature scheme fails to guarantee the privacy of the signature, making it unsuitable for certain applications such as medical record certificates or voting systems. To overcome this limitation, we extend Lee's strong designated verifier signature with a message recovery scheme to develop a universal designated verifier signature scheme. This universal designated verifier scheme is crafted to safeguard the privacy of signature holders, ensuring that only designated verifiers can authenticate the true signer and recover the messages.

Computer Science

Hu Xiong,YaNan Chen,GuoBin Zhu,ZhiGuang Qin

DOI: https://doi.org/10.1007/s11432-014-5152-2

2014-01-01

Science China Information Sciences

Abstract:To enjoy the property of error tolerance in the biometric identities extraction, the fuzzy identitybased signature has been initialized to issue a signature on behalf of a descriptive attributes set ω instead of a single string. Any attributes set ω′ can be used to verify the validity of the signature in case the distance between ω and ω′ is less than a pre-defined threshold. Recently, Wang re-formalized the notion of fuzzy identitybased signature and proposed a concrete pairing-based construction along with the efficiency analysis and formal security proof. Unfortunately, by giving concrete attack, we indicate that Wang’s scheme is not secure against forgery attack. We also present an improved scheme to prevent this attack.

Jiqiang Lv,Kui Ren,Xiaofeng Chen,Kwangjo Kim

2004-01-01

Abstract:By combining the two notations of ring signature and authenticated encryption to- gether, we introduce a new type of authenticated encryption signature, called ring authenticated encryp- tion, which has the following properties: signer-ambiguity, signer-verifiability, recipient-designation, semantic-security, verification-convertibility, verification-dependence and recipient-ambiguity. We also give a variant that does not hold the property of recipient-ambiguity but can make a verifier know to whom a signature is sent when he checks its validity. Horster et al. (7) first proposed an authenticated en- cryption scheme modified from Nyberg-Ruepple's mes- sage signature (12), which aimed to achieve the purpose that the signature can only be verified by some specified recipients while keeping the message secret from the public. Compared with the straightforward approach employing the encryption and the signature schemes for a message, respectively, authenticated schemes require smaller bandwidth of communications to achieve pri- vacy, integrity and anthentication of information. How- ever, Horster et al.'s authenticated encryption scheme has a weakness that no one except the specified recip- ient can be convinced of the signer's signature, so it cannot make the recipient prove the dishonesty of the signer to any verifier without releasing his secret if the signer wants to repudiate his signature. To protect the recipient in case that the signer would repudiate his signature, Araki et al. (2) proposed a convertible lim- ited verifier scheme to enable the recipient to convert the signature to an ordinary one so that any verifier can verify its validity. But it needs the cooperation of the signer when the recipient converts the signature, which is obviously a weakness under the situation that the signer is unwilling to cooperate. To overcome this weakness, Wu et al. (15) proposed another convert- ible authenticated encryption scheme. During which, the recipient can easily produce the ordinary signature without the cooperation of the signer, and he can re- veal the converted signature and then any verifier can prove the dishonesty of the signer, if the signer wants to repudiate his signature. Recently, Huang et al. (8) showed that the scheme of Wu et al. does not consider that once an intruder knows the message then he can also easily convert a signature into an ordinary one,

Xiangjun Xin,Zhuo Wang,Qinglan Yang,Fagen Li

DOI: https://doi.org/10.1007/s10773-019-04377-0

2020-01-01

International Journal of Theoretical Physics

Abstract:Designated verifier signatures are very useful in the applications such as e-voting and auction. In this paper, an identity-based quantum designated verifier signature (IDQDVS) scheme is proposed. It has the security properties such as designated verification, non-transferability and hiding source. And it is secure against forgery attack, inter-resending attack and impersonation attack. What is more, our scheme has the advantages of the classical designated verifier signature schemes. In our scheme, the signer signs a message with his/her private key, while the designated verifier verifies the corresponding IDQDVS with the signer’s classical identity information (such as his/her name or email address), which is used as the signer’s public key. Hence, our scheme can simplify the key management of the quantum signature system. On the other hand, our scheme does not need any entangled state. The verifier need not perform any quantum state comparison during the signature verification phase. Therefore, our scheme is more practicable and efficient than the similar schemes.

Jun-fang Xiao,Gui-hua Zeng

DOI: https://doi.org/10.1007/s12204-009-0189-x

2009-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:Security of wireless sensor network (WSN) is a considerable challenge, because of limitation in energy, communication bandwidth and storage. ID-based cryptosystem without checking and storing certificate is a suitable way used in WSN. But key escrow is an inherent disadvantage for traditional ID-based cryptosystem, i.e., the dishonest key generation center (KGC) can forge the signature of any node and on the other hand the node can deny the signature actually signed by him/herself. To solving this problem, we propose an ID-based ring signature scheme without trusted KGC. We also present the accurate secure proof to prove that our scheme is secure against existential forgery on adaptively chosen message and ID attacks assuming the complexity of computational Diffie-Hellman (CDH) problem. Compared with other ring signature schemes, we think proposed scheme is more efficient.

王行甫,苗付友

DOI: https://doi.org/10.3969/j.issn.1006-9348.2009.02.040

2009-01-01

Abstract:Some digital signature applications in Network Environment,e.g. an anonymous e-impeachment,has the requirement of guaranteeing both the signer-ambiguity and non-transferability,but most of the current signature schemes can not fully meet such requirements. The paper proposes a new scheme called Identity-based Non-transferability Ring Signature Scheme,in which a special hash function from bilinear pairing is constructed. Thus the scheme satisfies the above applications requirements. Formal analysis shows that the scheme is signer-ambiguous,non-transferable and non-forgeable in Random Oracle Model.

Chung Li,Guomin Yang,Duncan Wong,Xiaotie Deng,Sherman Chow

DOI: https://doi.org/10.3233/jcs-2009-0374

2010-01-01

Journal of Computer Security

Abstract:In Information Processing Letters (2006), Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentiality nor anonymity. However, no discussion has been made on how a secure scheme can be made and there is no secure scheme available to date. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. We also give a variation of our scheme and extend it to a ring signcryption scheme by using the technique due to Boneh, Gentry, Lynn and Shacham.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.