Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Heng Guo,Kun Tian,Feng Liu,Zhiyong Zheng

2024-12-02

Abstract:At present, in lattice-based linearly homomorphic signature schemes, especially under the standard model, there are very few schemes with tight security. This paper constructs the first lattice-based linearly homomorphic signature scheme that achieves tight security against existential unforgeability under chosen-message attacks (EUF-CMA) in the standard model. Furthermore, among existing schemes, the scheme proposed in this paper also offers certain advantages in terms of public key size, signature length, and computational cost.

Cryptography and Security,Information Theory

Xinjian Chen,Qiong Huang,Hongbo Li,Zhijian Liao,Willy Susilo

DOI: https://doi.org/10.1016/j.tcs.2022.08.022

IF: 1.002

2022-01-01

Theoretical Computer Science

Abstract:Multi-signature is an important technology to compress multiple signatures on the common message into a compact one, thereby reducing the consumption of storage space and transmission bandwidth. Such a cryptographic primitive is widely used in financial applications such as blockchain which requires multiple keys to authorize a transaction. With the advent of quantum computers, traditional multi-signature schemes may no longer be secure as their underlying security assumptions (e.g. RSA or discrete logarithm problems) may not hold anymore. In this paper, we propose a novel identity-based multi-signature (IBMS) scheme over NTRU lattices, which is secure against the attacks of quantum computers. To the best of our knowledge, it is the first lattice-based IBMS scheme. We show that our scheme is provably secure in the random oracle model based on the ring version of the short integer solution assumption (Ring-SIS). Compared with the closely related works in the literature, our scheme enables the signer to select its system identity (such as email address, physical IP address, and etc.) as the public key, which effectively alleviates the certificate management problem in the PKI setting, and takes the advantage of discrete Gaussian distribution instead of uniform distribution to generate secret signing keys and multi-signatures. Besides, our scheme does not require all the system users to setup a trusted common string, which further simplifies the deployment of our scheme in practice.

Zhen Qin,Chen Yuan,Yilei Wang,Hu Xiong

DOI: https://doi.org/10.1016/j.ipl.2016.02.003

IF: 0.851

2016-01-01

Information Processing Letters

Abstract:ID-based signature enables users to verify signatures using only public identifier. Very recently, Rossi and Schmid (2015) [9] proposed two identity-based signature schemes along with the application to group communications. Unfortunately, by proposing concrete attack, we demonstrate that the former scheme is insecure against forgery attack, while the latter scheme has been totally broken in the sense that the signing key can be recovered from the valid signature easily.

Yan He,Baodong Qin,Wen Gao,Dong Zheng,Qianqian Zhao

DOI: https://doi.org/10.1155/2022/7494452

IF: 1.968

2022-11-17

Security and Communication Networks

Abstract:Forward-secure revocation is a powerful cryptographic technique to alleviate key exposure attacks on identity-based cryptosystems. In recent years, quantum computers have made some breakthroughs, so in the foreseeable future, existing cryptographic systems will be subject to quantum attacks. However, known forward-secure revocable identity-based signature (FS-RIBS) schemes were designed over bilinear pairing groups and may suffer from quantum computing attacks. To address this issue, this paper proposes a generic method to construct FS-RIBS schemes, taking (hierarchical) IBS schemes as a basic component. By instantiating it with some post-quantum (hierarchical) IBS schemes, e.g., lattice-based (hierarchical) IBS, we immediately obtain six FS-RIBS schemes under the hardness of the small integer solution problem, which is secure against quantum computing attacks.

computer science, information systems,telecommunications

Joo Woo,Kwangsu Lee,Jong Hwan Park

DOI: https://doi.org/10.1371/journal.pone.0310708

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In 2009, Lyubashevsky proposed a lattice-based signature scheme using the Schnorr-like identification and the Fiat-Shamir heuristic and proved its security under the collision resistance of a generalized compact knapsack function. However, their security analysis requires the witness indistinguishability property, leading to significant inefficiency and an increase of sizes of public key and signature. To overcome the efficiency issue associated with the WI property, we introduce a new lattice-based assumption, called the target-modified one-wayness problem of the GCK function and show its reduction to well-known lattice-based problems. Additionally, we present a simple and efficient GCK-based signature scheme, GCKSign, whose security is based on the Module GCK-TMO problem in the random oracle model. GCKSign is a natural extension of Lyubashevsky's scheme in a module setting, but achieves considerable efficiency gains due to eliminating the witness indistinguishability property. As a result, GCKSign achieves approximately 3.4 times shorter signature size and 2.4 times shorter public key size at the same security level.

Bai Liu,Pengda Zhu,Kuikui Guo

DOI: https://doi.org/10.1063/5.0212258

IF: 1.697

2024-06-01

AIP Advances

Abstract:In recent years, identity-based quantum signature protocols have received much attention due to their unique advantages. Based on Bell states, we propose an efficient identity-based quantum signature scheme. In our scheme, the signer’s private key is generated from their identity information. The signer uses the private key and secret parameters to generate a signature for the verifier. The verifier, who possesses the identity information of the signer, can authenticate the signature. Our proposed scheme ensures signature non-forgeability and non-repudiation. In addition, the protocol does not require the preparation of long-term quantum memory or the performance of quantum swap tests, making it more efficient than previous schemes.

materials science, multidisciplinary,physics, applied,nanoscience & nanotechnology

Ward Beullens,Samuel Dobson,Shuichi Katsumata,Yi-Fu Lai,Federico Pintore

DOI: https://doi.org/10.1007/s10623-023-01192-x

2023-03-01

Abstract:We construct an efficient dynamic group signature (or more generally an accountable ring signature) from isogeny and lattice assumptions. Our group signature is based on a simple generic construction that can be instantiated by cryptographically hard group actions such as the CSIDH group action or an MLWE-based group action. The signature is of size , where N is the number of users in the group. Our idea builds on the recent efficient OR-proof by Beullens, Katsumata, and Pintore (Asiacrypt'20), where we efficiently add a proof of valid ciphertext to their OR-proof and further show that the resulting non-interactive zero-knowledge proof system is online extractable . Our group signatures satisfy more ideal security properties compared to previously known constructions, while simultaneously having an attractive signature size. The signature size of our isogeny-based construction is an order of magnitude smaller than all previously known post-quantum group signatures (e.g., 6.6 KB for 64 members). In comparison, our lattice-based construction has a larger signature size (e.g., either 126 KB or 89 KB for 64 members depending on the satisfied security property). However, since the -notation hides a very small constant factor, it remains small even for very large group sizes, say .

mathematics, applied,computer science, theory & methods

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1007/978-3-540-72738-5_20

2007-01-01

Abstract:Constructing identification schemes is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify itself to a public verifier who knows only the claimed identity of the prover and some common information. In this paper, we propose a simple and efficient framework for constructing IBI schemes. Unlike some related framework which constructs IBI schemes from some standard identification schemes, our framework is based on some more fundamental assumptions on intractable problems. Depending on the features of the underlying intractable problems presumed in our framework, we can derive IBI schemes secure against passive, active and concurrent adversaries. We show that the framework can capture a large class of schemes currently proposed, and also has the potential to cover many newly constructed schemes. As an example, based on the Katz-Wang standard signature scheme, we propose a new IBI scheme that is secure against active adversaries in a concurrent manner. It can be seen that our framework also help simplify the security proofs for new IBI schemes. Finally, and of independent interest, we define a new notion for proof systems called Witness Dualism. This notion is weaker than that of witness indistinguishable and we show that it is enough for constructing an IBI scheme secure against the most powerful type of adversaries defined.

Jie Cai,Han Jiang,Hao Wang,Qiuliang Xu

DOI: https://doi.org/10.1155/2020/8857815

IF: 1.968

2020-10-28

Security and Communication Networks

Abstract:In this paper, we design a new lattice-based linearly homomorphic signature scheme over F 2 . The existing schemes are all constructed based on hash-and-sign lattice-based signature framework, where the implementation of preimage sampling function is Gaussian sampling, and the use of trapdoor basis needs a larger dimension m ≥ 5 n log q . Hence, they cannot resist potential side-channel attacks and have larger sizes of public key and signature. Under Fiat–Shamir with aborting signature framework and general SIS problem restricted condition m ≥ n log q , we use uniform sampling of filtering technology to design the scheme, and then, our scheme has a smaller public key size and signature size than the existing schemes and it can resist side-channel attacks.

computer science, information systems,telecommunications

Diptendu M. Kar,Indrajit Ray

DOI: https://doi.org/10.48550/arXiv.1908.05366

2019-08-15

Abstract:Identity-Based signature schemes are gaining a lot of popularity every day. Over the last decade, there has been a lot of schemes that have been proposed. Several libraries are there that implement identity-based cryptosystems that include identity-based signature schemes like the JPBC library which is written in Java and the charm-crypto library written in python. However, these libraries do not contain all of the popular schemes, rather the JPBC library contains only one identity-based signature scheme and the charm-crypto contains three. Furthermore, the implemented schemes are designed to work on one particular pairing curve. In pairing-based cryptosystems, even for a given signature scheme, the size of the signature and the performance i.e. the time to sign and verify depends on the chosen pairing curve. There are many applications in which the signature size is of more importance than the performance and similarly other applications where the performance is of more importance than signature size. In this work, we describe the popular signature schemes and their implementation using the JPBC library and describe how different pairing curves affect the signature size and performance. We also provide two methods to further shorten the signature size which is not present in the libraries by default.

Cryptography and Security

Shuichi Katsumata,Yi-Fu Lai,Jason T. LeGrow,Ling Qin

DOI: https://doi.org/10.1007/s10623-024-01441-7

IF: 1.4

2024-07-19

Designs Codes and Cryptography

Abstract:In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the linear identification protocol abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT'19), which was used to generically construct Schnorr-like blind signatures based on modules such as classical groups and lattices. Consequently, our scheme is provably secure in the random oracle model (ROM) against poly-logarithmically-many concurrent sessions assuming the subexponential hardness of the group action inverse problem. In more detail, our blind signature exploits the quadratic twist of an elliptic curve in an essential way to endow isogenies with a strictly richer structure than abstract group actions (but still more restrictive than modules). The basic scheme has public key size 128 B and signature size 8 KB under the CSIDH-512 parameter sets—these are the smallest among all provably secure post-quantum secure blind signatures. Relying on a new ring variant of the group action inverse problem ( ), we can halve the signature size to 4 KB while increasing the public key size to 512 B. We provide preliminary cryptanalysis of and show that for certain parameter settings, it is essentially as secure as the standard . Finally, we show a novel way to turn our blind signature into a partially blind signature, where we deviate from prior methods since they require hashing into the set of public keys while hiding the corresponding secret key—constructing such a hash function in the isogeny setting remains an open problem.

mathematics, applied,computer science, theory & methods

Yanqing Yao,Zhoujun Li,Hua Guo

DOI: https://doi.org/10.1016/j.ins.2019.12.076

IF: 8.1

2020-04-01

Information Sciences

Abstract:Identity-based sequential aggregate signature (IBSAS for short) schemes, introduced by Boldyreva et al. [CCS 2007], allow a large quantity of signers to generate one signature sequentially, in which these messages as well as their order can be attested by employing their identities. In such a scheme, storage space and bandwidth overhead can be reduced. To our best knowledge, though many concrete IBSAS schemes have been constructed in literature, none of them is constructed under a standard computational hardness assumption and unforgeable under the standard model. The problem of how to construct such schemes is still open. Latterly, Gentry et al. [PKC 2018] proposed a unified construction of SAS (i.e., abbreviated form of sequential aggregate signature) schemes by employing trapdoor permutation and ideal ciphers. Motivated by the above problem and hints, here we study how to construct IBSAS schemes in a new unified perspective. By employing 2-level HIBE (i.e., abbreviated form of hierarchical identity-based encryption) schemes, we present unified construction of IBSAS schemes and give a rigorous proof of their unforgeability. The unified construction is then instantiated to get a concrete IBSAS scheme, which has existential unforgeability under the standard model using a standard computational hardness assumption (i.e., the CDH assumption). An extra fruit is that it can be used to construct an existentially unforgeable IBSAS scheme using the Learning with Errors problem, which is constructed under a lattice hardness assumption for the first time. In the end, we show a detailed performance comparison among our schemes and previous ones.

computer science, information systems

Congge Xie,Jian Weng,Dehua Zhou

DOI: https://doi.org/10.1016/j.ins.2022.02.027

IF: 8.1

2022-05-01

Information Sciences

Abstract:Fully homomorphic signature schemes in identity-based settings can provide authenticity, homomorphism, and non-repudiation as do traditional digital signatures, while simplifying the public key infrastructure (PKI) requirements, in which each user in the system can use his or her identity as a public key. As identity-based systems (IBS) have a natural link between unique identity information and the user, allowing user revocation is usually more difficult in IBS than in PKI settings. Although several revocable identity-based fully homomorphic signature (RIBFHS) schemes have been proposed, these schemes are vulnerable to signing key exposure. With this study, we are the first to consider a realistic threat signing key exposure in RIBFHS systems. In addition, we introduce a new security definition of RIBFHS with signing key exposure resistance. Then, we employ Agrawal’s left–right lattices and delegation technology in fixed dimensions to construct a new RIBFHS scheme over the lattice with regularly broadcasted update keys, which not only resists signing key exposure, but also meets scalability and context hiding properties. Finally, we prove that our construction is existentially unforgeable against chosen message attacks under the standard short integer solution (SIS) assumption in the random oracle model.

computer science, information systems

OUYANG Weiping,MA Chunguang,LI Zengpeng,DU Gang

DOI: https://doi.org/10.11990/jheu.201602046

2017-01-01

Abstract:To construct a homomorphic scheme that supports the homomorphic computation of signatures in certain signature sets on arbitrary circuits, we used trapdoor sampling technology to construct a leveled fully homomorphic signature scheme based on the AND and XOR gates, which can support homomorphic computation on arbitrary cir-cuits. In addition, the size of the new signature is independent of the circuit size and initial signature sizes, but de-pends on the depth of the circuits and security parameters. We verified the security of this scheme using the random oracle model based on the difficulty of finding small integer solutions ( SIS) in lattices. Users can conduct leveled homomorphic computation on a designated signature set despite not knowing the secret key. Published research has also focused on linear and polynomial homomorphic schemes.

Faguo Wu,Bo Zhou,Xiao Zhang

DOI: https://doi.org/10.3390/e25030454

IF: 2.738

2023-03-05

Entropy

Abstract:Proxy signature is one of the important primitives of public-key cryptography and plays an essential role in delivering security services in modern communications. However, existing post quantum proxy signature schemes with larger signature sizes might not be fully practical for some resource-constrained devices (e.g., Internet of Things devices). A signature scheme with message recovery has the characteristic that part or all of the message is embedded in the signature, which can reduce the size of the signature. In this paper, we present a new identity-based proxy signature scheme over an NTRU lattice with message recovery (IB-PSSMR), which is more efficient than the other existing identity-based proxy signature schemes in terms of the size of the signature and the cost of energy. We prove that our scheme is secure under a Short Integer Solution (SIS) assumption that is as hard as approximating several worst-case lattice problems in the random oracle model. We also discussed some application scenarios of IB-PSSMR in blockchain and Internet of Things (IOT). This paper provides a new idea for the design of lattice signature schemes in low resource constrained environments.

physics, multidisciplinary

Huy Quoc Le,Dung Hoang Duong,Willy Susilo,Ha Thanh Nguyen Tran,Viet Cuong Trinh,Josef Pieprzyk,Thomas Plantard

DOI: https://doi.org/10.48550/arXiv.2007.06884

2020-07-14

Abstract:Blind signatures play an important role in both electronic cash and electronic voting systems. Blind signatures should be secure against various attacks (such as signature forgeries). The work puts a special attention to secret key exposure attacks, which totally break digital signatures. Signatures that resist secret key exposure attacks are called forward secure in the sense that disclosure of a current secret key does not compromise past secret keys. This means that forward-secure signatures must include a mechanism for secret-key evolution over time periods. This paper gives a construction of the first blind signature that is forward secure. The construction is based on the SIS assumption in the lattice setting. The core techniques applied are the binary tree data structure for the time periods and the trapdoor delegation for the key-evolution mechanism.

Cryptography and Security

Faguo Wu,Wang Yao,Xiao Zhang,Wenhua Wang,Zhiming Zheng

DOI: https://doi.org/10.1002/dac.3867

2019-01-01

International Journal of Communication Systems

Abstract:Proxy signature scheme is an important cryptographic primitive, for an entity can delegate his signing right to another entity. Although identity-based proxy signature schemes based on conventional number-theoretic problems have been proposed for a long time, the researchers have paid less attention to lattice-based proxy signature schemes that can resist quantum attack. In this paper, we first propose an identity-based proxy signature scheme over Number Theory Research Unit (NTRU)-lattice. We proved that the proposed paradigm is secure under the hardness of the gamma-shortest vector problem on the NTRU lattice in random oracle model; furthermore, the comparison with some existing schemes shows our scheme is more efficient in terms of proxy signature secret key size, proxy signature size, and computation complexity. As the elemental problem of the proposed scheme is difficult even for quantum computation model, our scheme can work well in quantum age.

Daode Zhang,Fuyang Fang,Bao Li,Xin Wang

DOI: https://doi.org/10.1007/978-3-319-64200-0_13

2017-01-01

Abstract:Xie et al. (SCN 2012) proposed the first deterministic identity-based encryption (DIBE) scheme with an adaptive security in the auxiliary-input setting, under the learning with errors (LWE) assumption. However, the master public key consists of O(lambda) number of basic matrices. In this paper, we consider to construct adaptively secure DIBE schemes from partitioning functions (IACR'17). By instantiating the DIBE construction with two partitioning functions, we get two DIBE schemes in which the master public key consists of O(log(3) lambda) (respectively, O(log(2) lambda)) number of basic matrices in the first (respectively, the second) DIBE scheme. We also change the identity-based encryption (IBE) scheme of Yamada16 (Eurocrypt'16) to construct DIBE scheme with the same security from the LWE problem. And the master public key consists of O(lambda(1/d)) number of basic matrices, where d >= 2 is a flexible integer.

Qiqi Lai,Feng-Hao Liu,Zhedong Wang

DOI: https://doi.org/10.1007/s10623-024-01358-1

IF: 1.4

2024-02-25

Designs Codes and Cryptography

Abstract:We derive the first adaptively secure identity-based encryption ( ) and attribute-based encryption ( ) for t -conjunctive normal form formula (t-CNF), and selectively secure for general circuits from lattices, with leakage rates, in the both relative leakage model and bounded retrieval model ( ). To achieve this, we first identify a new fine-grained security notion for —partially adaptive/selective security, and instantiate this notion from the learning with errors ( ) assumption. Then, by using this notion, we design a new key compressing mechanism for identity-based/attributed-based weak hash proof system ( / - ) for various policy classes, achieving (1) succinct secret keys and (2) adaptive/selective security matching the existing non-leakage resilient lattice-based designs. Using the existing connection between weak hash proof system and leakage resilient encryption, the succinct-key / -  can yield the desired leakage resilient / schemes with the optimal leakage rates in the relative leakage model. Finally, by further improving the prior analysis of the compatible locally computable extractors, we can achieve the optimal leakage rates in the .

mathematics, applied,computer science, theory & methods