Xianping Mao,Kefei Chen,Liangliang Wang,Yu Long

DOI: https://doi.org/10.1109/incos.2014.41

2014-01-01

Abstract:Fair exchange is essential in E-commerce, and concurrent signature realizes the fair exchange of digital signatures with removing the requirement of a trusted third party. Multi-party concurrent signature is an extension to the multi-user scenario. The security of existing multi-party concurrent signatures is mostly based on traditional hard problems that could be solved efficiently with quantum algorithms in a post-quantum world. Meanwhile, the lattice-based cryptography is considered to be resistant to quantum attack. Wang et al. proposed a lattice-based multi-party concurrent signature. We give the analysis of their proposed signature scheme and find that it is not secure since an inside adversary can forge the signature. Moreover, the initial signer can produce any signatures, instead of a signature on the original messages, if he is malicious.

Duo Liu,Ping Luo,Yi-Qi Dai

DOI: https://doi.org/10.1007/s11390-007-9005-y

2007-01-01

Abstract:The concept of multisignature, in which multiple signers can cooperate to sign the same message and any verifier can verify the validity of the multi-signature, was first introduced by Itakura and Nakamura. Several multisignature schemes have been proposed since. Chen et al. proposed a new digital multi-signature scheme based on the elliptic curve cryptosystem recently. In this paper, we show that their scheme is insecure, for it is vulnerable to the so-called active attacks, such as the substitution of a “false” public key to a “true” one in a key directory or during transmission. And then the attacker can sign a legal signature which other users have signed and forge a signature himself which can be accepted by the verifier.

Heng Guo,Kun Tian,Feng Liu,Zhiyong Zheng

2024-12-02

Abstract:At present, in lattice-based linearly homomorphic signature schemes, especially under the standard model, there are very few schemes with tight security. This paper constructs the first lattice-based linearly homomorphic signature scheme that achieves tight security against existential unforgeability under chosen-message attacks (EUF-CMA) in the standard model. Furthermore, among existing schemes, the scheme proposed in this paper also offers certain advantages in terms of public key size, signature length, and computational cost.

Cryptography and Security,Information Theory

Hongfei Zhu,Yu-an Tan,Xiaosong Zhang,Liehuang Zhu,Changyou Zhang,Jun Zheng

DOI: https://doi.org/10.1016/j.future.2017.01.031

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:To process rapidly growing Big Data, many organizations migrate their data and services such as e-voting and e-payment systems to the cloud. In these two systems, blind signature has become an essential cryptographic primitive since it allows the signer to sign a message without learning what he signs. Thus, it can guarantee trustworthy of Big Data. However, most blind signature schemes based on factoring and discrete logarithm problems cannot resist quantum computer attacks. The alternative blind signature schemes are based on lattice. Here, we present a round-optimal lattice-based blind signature scheme constructed on the closest vector problem using infinity norm. Firstly, our scheme is proven blind and one-more unforgeable, and is resistant to brute-force attacks, theoretical-timing attacks, and Nguyen–Regev attacks. Secondly, our scheme outperforms the RSA, the Schnorr, and the ECC blind signature schemes in terms of efficiency and security. Also, it outperforms the Rückert’s blind signature in terms of signature length, moves, and security. Finally, our scheme outperforms the Rückert’s blind signature in terms of communication and computation energy costs. Additionally, it outperforms the RSA blind signature in terms of communication energy cost.

Chi Zhang

2024-09-13

Abstract:Lattices have many significant applications in cryptography. In 2021, the $p$-adic signature scheme and public-key encryption cryptosystem were introduced. They are based on the Longest Vector Problem (LVP) and the Closest Vector Problem (CVP) in $p$-adic lattices. These problems are considered to be challenging and there are no known deterministic polynomial time algorithms to solve them. In this paper, we improve the LVP algorithm in local fields. The modified LVP algorithm is a deterministic polynomial time algorithm when the field is totally ramified and $p$ is a polynomial in the rank of the input lattice. We utilize this algorithm to attack the above schemes so that we are able to forge a valid signature of any message and decrypt any ciphertext. Although these schemes are broken, this work does not mean that $p$-adic lattices are not suitable in constructing cryptographic primitives. We propose some possible modifications to avoid our attack at the end of this paper.

Cryptography and Security,Number Theory

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.48550/arXiv.1110.4196

2011-10-19

Cryptography and Security

Abstract:A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer. Proxy signature schemes have found numerous practical applications such as grid computing, mobile agent systems and cloud applications. Recently, Jiang et al. proposed the first lattice-based proxy signature scheme and claimed that their scheme provides all the security properties of a secure proxy signature scheme. However, in this paper, we disprove their claim and show that an original signer is able to forge a proxy signature on any message.

Yan Xu,Miaomiao Tian,Liusheng Huang,Wei Yang

2014-01-01

Abstract:Recently, Boyen at PKC 2010 proposed a lattice-based signature scheme in the standard model. In this paper, we show that his signature scheme does not satisfy strong unforgeability. In other words, an adversary can produce a new signature for a message M after seeing a signature of the message M. Then we present an improved scheme and prove that the improved scheme satisfies strong unforgeability. Furthermore, the improved signature scheme is as efficient as Boyen’s signature scheme.

Tian Qiu,Lin Hou,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-030-41579-2_21

2019-01-01

Abstract:Group signature allows group members to sign on behalf of the group anonymously, and incorporate some tracing mechanism to identify the actual signer. Multi-group signature (MGS), introduced by Ateniese and Tsudik (FC'99), is a proper generalization of group signature. It allows signers to sign messages anonymously on behalf of multiple groups and has extensive applications in electronic commerce. However, all existing MGS schemes are from classical assumptions and will be insecure once quantum computers come true.In this paper, we propose the first MGS scheme in the lattice setting which is also the first quantum-resistant proposal. The keystone of our work is a zero-knowledge argument of knowledge (ZKAoK) system of different syndromes of the same vector based on the work by Libert et al. (Asiacrypt'16) and Ling et al. (PKC'18). With additional signing and encryption layers, our ZKAoK allows the signer to prove memberships in multiple groups simultaneously, which is the key issue on the MGS construction, and it can be of independent interest. For security proofs, we formalize the MGS model in the framework of Bellare et al. (CT-RSA'05).

Joo Woo,Kwangsu Lee,Jong Hwan Park

DOI: https://doi.org/10.1371/journal.pone.0310708

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In 2009, Lyubashevsky proposed a lattice-based signature scheme using the Schnorr-like identification and the Fiat-Shamir heuristic and proved its security under the collision resistance of a generalized compact knapsack function. However, their security analysis requires the witness indistinguishability property, leading to significant inefficiency and an increase of sizes of public key and signature. To overcome the efficiency issue associated with the WI property, we introduce a new lattice-based assumption, called the target-modified one-wayness problem of the GCK function and show its reduction to well-known lattice-based problems. Additionally, we present a simple and efficient GCK-based signature scheme, GCKSign, whose security is based on the Module GCK-TMO problem in the random oracle model. GCKSign is a natural extension of Lyubashevsky's scheme in a module setting, but achieves considerable efficiency gains due to eliminating the witness indistinguishability property. As a result, GCKSign achieves approximately 3.4 times shorter signature size and 2.4 times shorter public key size at the same security level.

Jíntai Ding,Zheng Zhang,Joshua D. Deaton,Lih-Chung Wang

DOI: https://doi.org/10.1007/978-3-030-61078-4_24

2020-01-01

Abstract:In 2017 Kyung-Ah Shim et al. proposed a multivariate signature scheme called Himq-3 which is a submission to National Institute of Standards and Technology (NIST) standardization process of post-quantum cryptosystems. The Himq-3 signature scheme can be classified into the oil vinegar signature scheme family. Similar to the rainbow signature scheme, the Himq-3 signature scheme uses a multilayer structure to shorten the signature size. Moreover the signing process is very fast due to a special system called L-inveritble cycle system that is used to invert the central map. In this paper, we provide a complete cryptanalysis to the Himq-3 signature scheme. We describe a new attack method called the singularity attack. This attack is based on the observation that the variables in the L-invertible cycle system are not allowed to be zero in a valid signature. For the completeness, we show step by step how variables and layers can be separated so that signature forgery can be performed. We claim that the complexity of our attack is much lower than the proposed security level.

Jie Liu,Jianhua Li

DOI: https://doi.org/10.1109/isa.2008.37

2008-01-01

Abstract:Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al.’s scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al.’s scheme and makes it more efficient in computation and communication.

Xiaojun Zhang,Chunxiang Xu,Jingting Xue

DOI: https://doi.org/10.1504/ijesdf.2018.10009828

2018-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Signcryption is a public-key cryptographic primitive which combines the functions of public-key encryption and digital signature into a single logical step at low computational and communication costs. While multi-receiver signcryption is suited for a situation where a sender wants to send a signcrypted message to multiple receivers in a confidential and authenticated way. Due to this attractive property, recently, multi-receiver signcryption plays an important role in some practical applications such as virtual conference as well as authenticated mail transferring. In this paper, we present an efficient multi-receiver identity-based signcryption (MIBSC) scheme from lattice assumption which is believed to resist quantum computer attacks. The proposed scheme is provably secure in the random oracle model, which has the indistinguishability against chosen ciphertext attacks under the hardness of learning with errors (LWE), and existentially unforgeability against chosen message attacks under the small integer solution assumption (SIS). Moreover, we also compare our MIBSC scheme with existing schemes from performance efficiency and security, the result shows that our proposed scheme is more efficient and more secure. In particular, our scheme can be properly applied in the post-quantum communication environments.

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Kunal Dey,Mansi Goyal,Bupendra Singh,Aditi Kar Gangopadhyay

2024-10-25

Abstract:An undeniable signature scheme is type of digital signature where the signer retains control over the signature's verifiability. Therefore with the approval of the signer, only an authenticated verifier can verify the signature. In this work, we develop a module lattice-based post-quantum undeniable signature system. Our method is based on the GPV framework utilizing module lattices, with the security assured by the hardness of the SIS and LWE problems. We have thoroughly proved all the desired securities for the proposed scheme. Finally, we have implemented our protocol for different sets of parameters. The purpose of opting a module variant rather than a ring variant is to provide greater flexibility in selecting parameters.

Cryptography and Security

Hamidreza Rahmati,Farhad Rahmati

2024-04-27

Abstract:Blockchain is a decentralized network to increase trust, integrity, and transparency of transactions. With the exponential growth of transactions in the realm of Blockchain, especially in Bitcoin, Blockchain size increases as all transactions must be stored and verified. In Bitcoin, validating M of N transactions involves the necessity of M authentic signatures out of the total N transactions. This procedure is so time-consuming and needs a significant storage capacity. To address these issues, several multi signature schemes have been proposed, enabling users to interactively generate a common signature on a single message. Recently, some lattice based multi signature schemes have been presented to deal with the threats of quantum computers. However, none of them have met all desirable features of multi signature schemes like aggregate public key, low numbers of communication rounds, or resistant to quantum computers. Within this paper, we present a new multi signature scheme based on lattices, known as Razhims, that has aggregate public key, necessitates solely a single round of communication, and is resistant to quantum computers. In Razhims, the aggregate public key size and the final signature size are equal to the public key size and the final signature size of a standard signature respectively, and are independent of the number of signers.

Cryptography and Security,Information Theory

Hong Zhao,Yan-yan Han,Shuhan Yu,Kaili Dou

DOI: https://doi.org/10.1117/12.2685750

2023-08-15

Abstract:The certificateless cryptography solves the certificate management and key escrow problems in the Internet of Things. However, these schemes are no longer safe in the quantum environment. Lattice cryptography has become the main method to solve quantum security. At present, only a few lattice-based certificateless signature schemes have been proposed and the use of the trapdoor function limits the efficiency of the lattice cryptography, and the security of these schemes can only reach existential unforgeability. We construct a lattice-based certificateless signature scheme based on Lyubashevsky's signature scheme. The security of our scheme can reach strong unforgeability and the computational efficiency of our scheme is lower than the previous schemes.

Computer Science,Engineering

TIAN Miao-Miao,HUANG Liu-Sheng,YANG Wei

DOI: https://doi.org/10.3724/sp.j.1016.2012.00712

2012-01-01

Chinese Journal of Computers

Abstract:An efficient and secure ring signature scheme has a number of important applications.In this paper,we present a new lattice-based ring signature scheme and prove its security in the standard model.The proposed scheme is strongly unforgeable against adaptive chosen message attacks under the standard small integer solution(SIS) assumption.Compared with the existing lattice-based ring signature schemes without random oracles,our new scheme enjoys shorter signature length,high efficiency and stronger security.

Zhenhua Liu,Yupu Hu,Xiangsong Zhang,Fagen Li

DOI: https://doi.org/10.1002/sec.531

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:ABSTRACTAn identity‐based signature scheme from lattices is constructed. The scheme is obtained from a modification of Agrawal, Boneh, and Boyen's lattice identity‐based encryption scheme. In this construction, we use two distinct trapdoors for finding short bases. One trapdoor enables the real implementation to generate short bases for all lattices. The other trapdoor enables the simulator to generate short bases for all lattices. Furthermore, the generating short bases are used to sample short vectors as signatures. Our scheme is computationally efficient. The scheme's strong unforgeability is proven in the standard model and rests on the hardness of the small integer solution problem. Finally, we extend the basic construction to obtain a hierarchical identity‐based signature scheme. Copyright © 2012 John Wiley & Sons, Ltd.

Xiao Zhang,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-319-60055-0_24

2017-01-01

Abstract:In this paper, we construct the first tightly secure signature scheme against adaptive chosen message attacks (CMA) from the Decisional Composite Residuosity (DCR) Assumption. Moreover, the verification key in our scheme is of constant size. Based on the DCR assumption, we design a one-time secure signature scheme first, then we employ a flat tree structure to obtain a signature scheme that is secure against non-adaptive chosen message attacks (NCMA). By combining the one-time scheme and NCMA-secure scheme, we obtain the final CMA-secure signature scheme with a tight security reduction to the DCR assumption.

Xinjian Chen,Qiong Huang,Hongbo Li,Zhijian Liao,Willy Susilo

DOI: https://doi.org/10.1016/j.tcs.2022.08.022

IF: 1.002

2022-01-01

Theoretical Computer Science

Abstract:Multi-signature is an important technology to compress multiple signatures on the common message into a compact one, thereby reducing the consumption of storage space and transmission bandwidth. Such a cryptographic primitive is widely used in financial applications such as blockchain which requires multiple keys to authorize a transaction. With the advent of quantum computers, traditional multi-signature schemes may no longer be secure as their underlying security assumptions (e.g. RSA or discrete logarithm problems) may not hold anymore. In this paper, we propose a novel identity-based multi-signature (IBMS) scheme over NTRU lattices, which is secure against the attacks of quantum computers. To the best of our knowledge, it is the first lattice-based IBMS scheme. We show that our scheme is provably secure in the random oracle model based on the ring version of the short integer solution assumption (Ring-SIS). Compared with the closely related works in the literature, our scheme enables the signer to select its system identity (such as email address, physical IP address, and etc.) as the public key, which effectively alleviates the certificate management problem in the PKI setting, and takes the advantage of discrete Gaussian distribution instead of uniform distribution to generate secret signing keys and multi-signatures. Besides, our scheme does not require all the system users to setup a trusted common string, which further simplifies the deployment of our scheme in practice.