Jianhong Zhang,Yuehai Wang

2019-01-01

Abstract:.As a significant cryptographical primitive, proxy re-signature(PRS) technique is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits that a proxy translates an entity’s signature into the other entity’s signature on the identical data. Recently, to discard time-consuming pairing operator and intricate certificate-maintenance, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analysing their security, i.e., anyone can fabricate a signature on arbitrary file. After the relevant attacks are shown, the reasons which result in such attacks is analyzed. Finally, we discuss the corresponding improved method. Key–Words: ID-based PRS, integer factorization problem, universal forgeability, security attack

鲍洋,卢正鼎,黄保华,李瑞轩,胡和平,路松峰

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.09.008

2010-01-01

Computer Science

Abstract:Lack of a trusted third party,relatively low node availability and constantly changing membership and network size,make existing multi-secret schemes unsuitable for P2P environment.A dynamic multi-secret sharing scheme was proposed for P2P networks.Neither trusted dealers nor secure communication channels are necessary for the proposed scheme,which allows dynamic changes of participants and the system threshold in keeping ciphertext untouched.In the meantime,the participants' identity and public commitments together with system parameters are managed by Byzantine Quorums,which makes it possible to reconstruct a shared secret,add a participant or change the system threshold with only threshold participants online.Additionally,ID-based public key cryptosystem and bivariate polynomials are used to reduce message traffic and deal with participant cheating.Altogether,the proposed scheme overcomes the drawbacks of the previous schemes in P2P environment.

Liu Xiaochuan,Chen Enhong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2010.08.092

2010-01-01

Abstract:Based on elliptic curve digital signature function,a structured multi-signature scheme with the combination of sequential and broadcasting algorithms is proposed in this paper.At the same time,we also analyze the security of the scheme.The scheme is more flexible than others and can be adapted to various complex multi-signature structures.It can also satisfy with the safety properties required by the digital signature including non-forgeability,non-repudiation,forward-secure,anti-collusion attacks,replay attack prevention and forward security,etc.

Chen Yang,Hu Shuang,Chen Gongliang,Li Jianhua

DOI: https://doi.org/10.1109/iccsn.2017.8230277

2017-01-01

Abstract:P2P (Peer to Peer) technology by its virtue of its inherent decentralization, autonomy, fault tolerance and scalability, it is widely applied in file sharing system. P2P file sharing system overcomes the weaknesses of traditional C/S network system like sluggish response, while also embodying security risks such as fraud and unreliable service owing to poor trust mechanism. Establishing an effective trust mechanism in P2P network is significant for improving its feasibility. First, we design a multi-dimensioned trust model, which covers time cost and risk factors and enhances the reliability of existing trust measurement. Then we purpose an improved trust and authorization mechanism, which combines our trust model with SPKI (Simple Public Key Infrastructure) to resolve the trust problem. In general, the proposed trust and authorization mechanism can effectively optimize the trust strategies of P2P file sharing system by experiment, thus ameliorate its reliability and availability, and promotes its extensive application.

Miaomiao Tian,Wei Yang,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2013-976

2014-01-01

Fundamenta Informaticae

Abstract:Certificateless cryptography is a new type of public key cryptography, which removes the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Multi-proxy signature is an extension of proxy signature, which allows an original signer authorizing a group of proxy signers and only the cooperation of all proxy signers in the group can create valid proxy signatures on behalf of the original signer. Recently, Jin and Wen combined certificateless cryptography with multi-proxy signature, and proposed a model as well as a concrete scheme of certificateless multi-proxy signature. They claimed that their scheme is provably secure in their security model. Unfortunately, in this paper by giving two attacks, we will show that their certificateless multi-proxy signature scheme can be broken. The first attack indicates their security model is flawed and the second attack indicates their certificateless multi-proxy signature scheme is insecure. Possible improvements are also suggested to prevent these attacks.

Duo Liu,Ping Luo,Yi-Qi Dai

DOI: https://doi.org/10.1007/s11390-007-9005-y

2007-01-01

Abstract:The concept of multisignature, in which multiple signers can cooperate to sign the same message and any verifier can verify the validity of the multi-signature, was first introduced by Itakura and Nakamura. Several multisignature schemes have been proposed since. Chen et al. proposed a new digital multi-signature scheme based on the elliptic curve cryptosystem recently. In this paper, we show that their scheme is insecure, for it is vulnerable to the so-called active attacks, such as the substitution of a “false” public key to a “true” one in a key directory or during transmission. And then the attacker can sign a legal signature which other users have signed and forge a signature himself which can be accepted by the verifier.

Fagen Li,Shijie Zhou,Rong Sun

DOI: https://doi.org/10.1093/ietfec/e91-a.7.1820

2008-01-01

Abstract:In a proxy multi-signature scheme, a designated proxy signer can generate the signature on behalf of a group of original signers. Recently, Wang and Cao proposed an identity based proxy multi-signature scheme along with a security model. Although they proved that their scheme is secure under this model, we disprove their claim and show that their scheme is not secure.

Ying Sun,Chunxiang Xu,Yong Yu,Bo Yang

DOI: https://doi.org/10.1016/j.comcom.2010.02.002

IF: 5.047

2010-01-01

Computer Communications

Abstract:A proxy multi-signature scheme permits two or more original singers to delegate their signing powers to the same proxy signer. Recently, Liu et al. proposed the first proxy multi-signature that be proven secure in the standard model [Liu et al. (2008) [20]], which can be viewed as a two-level hierarchical signature due to Waters. However, because of the direct employment of Waters’ signature, their scheme needs a relatively large number of public parameters and is not tightly reduced to the security assumption. In this paper, inspired by Boneh, Boyen’s technique and Waters’ technique, we propose a new proxy multi-signature scheme without random oracles, whose unforgeability can be tightly reduced to the CDH assumption in bilinear groups. The new scheme can be regarded as an improvement to overcome the weaknesses of Liu et al.’s scheme. Compared with Liu et al.’s scheme, the improvement has three merits, tighter security reduction, shorter system parameters and higher efficiency.

Xiong Li,Saru Kumari,Muhammad Khurram Khan,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1109/isbast.2014.7013106

2014-01-01

Abstract:User authentication is an important security issue for network based services. Multi-server authentication scheme resolves the repeated registration problem of single-server authentication scenario where the user has to register at different servers to access different types of network services. Recently, Pippal et al. proposed a smart card authentication scheme for multi-server architecture. They claimed that their scheme has some advantages and can resist kinds of attacks. In this paper, we analyze the weaknesses of Pippal et al.'s scheme, and point out that their scheme cannot provide correct authentication, cannot resist impersonation attack, stolen smart card attack, and insider attack. Besides, their scheme is non-extensible when a new server added into the system.

Chuanqi Feng

2010-01-01

Abstract:This paper analyzes a proxy multi-signature scheme and points out some problems in this scheme.The proxy signer can modify the proxy warrant if the delegation is not careful.The original signers can forge proxy signer’s signature.The original signers can forge a valid proxy multi-signature.Anyone can be framed.

Yang Zhao,Feng Yue,Songyang Wu,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201511.17(6).15

2015-01-01

Abstract:In 2014, a patient self-controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) was proposed for attempting to address the issue of data confidentiality and patients' identity privacy simultaneously when the personal healthcare record (PHR) is shared in the distributed m-healthcare cloud computing system. In this paper, we show the PSMPA scheme fails to achieve the two goals under the collusion attack. Furthermore, the scheme also suffers from forgery attack because of a awed design in the transcript simulation phase. In order to avoid the attacks, we propose an improved PHR sharing scheme by incorporating ciphertext policy attribute-based encryption (CP-ABE) and attribute-based signature (ABS) as a possible solution.

Tianjie Cao,Qian Zhao

2008-01-01

Journal of Computational Information Systems

Abstract:An ordinary digital signature scheme allows a signer to create signatures of documents and the generated signatures can be verified by any one. A proxy signature scheme, a variation of ordinary digital signature scheme, enables a proxy signer to sign messages on behalf of the original signer. To be used in different applications, such as ubiquitous computing systems, mobile communication, many proxy signature schemes were proposed. Any proxy signature scheme should satisfy the unforgeability property. In this paper, we show that Wang et al.'s ECDLP-based proxy blind signature scheme is insecure against the universal forgery and Wu and Shen's ECDLP-based proxy multi-signature scheme is insecure against the original signer's forgery. © 2008 Binary Information Press.

Dong Jiao,Mingchu Li,Jinping Ou,Cheng Guo,Yizhi Ren,Yongrui Cui

DOI: https://doi.org/10.1049/iet-ifs.2012.0350

2013-01-01

IET Information Security

Abstract:In a group-based trust management scheme, peers are partitioned into groups based on chosen characteristics, such as location and interest. The super peer (SP), who is responsible for the storage and distribution of reputation value, has an important role in group-based trust management. Thus, if the SP is a disguised or malicious peer, serious security problems could occur. To solve these security problems, the authors propose a traceable, group-oriented, signature scheme with multiple signing policies for trust management. The SP's signature is generated by a designated group called the signature group. In the authors scheme, peers in the signature group will decide whether to generate the signature for the SP based on the SP's reputation, meaning that attackers cannot forge a valid signature. In addition, an outsider also can trace the signers who were involved in generating the signature for reputation valuation.

Yuchen Xiao,Lei Zhang,Yafang Yang,Wei Wu,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1016/j.csi.2023.103819

IF: 3.721

2023-12-07

Computer Standards & Interfaces

Abstract:The multi-signature scheme plays a crucial role in addressing trust and authentication challenges in digital transactions and other scenarios by allowing multiple users to sign the same message. Among various signature schemes, the SM2 signature scheme stands out for its exceptional security and efficiency, making it widely adopted in numerous fields. In this paper, we propose the first provably secure multi-signature scheme based on the standard SM2 signature scheme, i.e., the scheme can be reduced to the standard SM2 signature scheme when there is only one signer. We prove that our scheme is existential unforgeability under chosen message attacks in the bijective random oracle model, based on the assumption that the elliptic curve discrete logarithm problem is hard. Compared with the existing multi-signature schemes based on the SM2 signature scheme in the same category, our scheme exhibits improved efficiency in terms of communication delay and computational cost.

computer science, software engineering, hardware & architecture

Peng Zhang,Fa Ge,Yuhong Liu

DOI: https://doi.org/10.48550/arXiv.2305.13699

2023-05-23

Abstract:Multi-signature aggregates signatures from multiple users on the same message into a joint signature, which is widely applied in blockchain to reduce the percentage of signatures in blocks and improve the throughput of transactions. The $k$-sum attacks are one of the major challenges to design secure multi-signature schemes. In this work, we address $k$-sum attacks from a novel angle by defining a Public Third Party (PTP), which is an automatic process that can be verifiable by the public and restricts the signing phase from continuing until receiving commitments from all signers. Further, a two-round multi-signature scheme MEMS with PTP is proposed, which is secure based on discrete logarithm assumption in the random oracle model. As each signer communicates directly with the PTP instead of other co-signers, the total amount of communications is significantly reduced. In addition, as PTP participates in the computation of the aggregation and signing algorithms, the computation cost left for each signer and verifier remains the same as the basis Schnorr signature. To the best of our knowledge, this is the maximum efficiency that a Schnorr-based multi-signature scheme can achieve. Further, MEMS is applied in blockchain platform, e.g., Fabric, to improve the transaction efficiency.

Cryptography and Security

Chengqi Wang,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1371/journal.pone.0149173

IF: 3.7

2016-01-01

PLoS ONE

Abstract:With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

Jianghua Liu,Jingyu Hou,Wenjie Yang,Yang Xiang,Wanlei Zhou,Wei Wu,Xinyi Huang

DOI: https://doi.org/10.1109/tc.2020.3006835

IF: 3.183

2021-07-01

IEEE Transactions on Computers

Abstract:With the increasing development of cloud computing, a number of users choose to outsource their data to a remote database service provider and enjoy flexible data sharing with multiple parties. However, the integrity and confidentiality of outsourced data in a remote cloud server are the main threats users are concerned about. The tree structure is one of the most widely used data organization structures. It is crucial to guarantee the integrity and privacy not only for the content but also for the structure if sensitive information is organized in this structure. At present, despite some solutions have been put forward, none of these considers the additional redaction attack on tree-structured data from attackers while sharing data with others. In this article, we provide a construction of secure redactable signature scheme for tree-structured data which features a multi-party control on the redaction of vertexes in a tree while the authenticity and privacy are assured. Then, we prove that our scheme is unforgeable, private, and transparent. Furthermore, extensive theoretical and experimental analyses are conducted to assess the efficiency of our scheme. The results demonstrate our scheme achieves multi-party redaction control without sacrificing sensible resources especially when a tree has a larger number of vertexes and siblings per vertex.

engineering, electrical & electronic,computer science, hardware & architecture

Li Yang,Zhiming Zheng

DOI: https://doi.org/10.1371/journal.pone.0194093

IF: 3.7

2018-01-01

PLoS ONE

Abstract:According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.

Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

LIU Wu,DUAN Hai-Xin,ZHANG Hong,WU Jian-Ping

2008-01-01

Periodical of Ocean University of China

Abstract:In traditional network security management systems,system administrators could not prevent malicious users from illegal actions in time.This paper introduces the trust mechanism to dynamically evaluate user's reputation which is correlated with the user's privilege in the network and based on which we proposed and implemented the key algorithm of trust based access control in P2P Network.