On the Selection of Random Numbers in the EIGamal Algorithm

The EIGamal algorithm, which can be used for both signature and encryption, is of importance in public-key cryptosystems. However, there has arisen an issue that different criteria of selecting a random number are used for the same algorithm. In the aspects of the sufficiency, necessity, security and computational overhead of parameter selection, this paper analyzes these criteria in a comparative manner and points out the insecurities in some textbook cryptographic schemes. Meanwhile, in order to enhance security a novel generalization of the EIGamal signature scheme is made by expanding the range of selecting random numbers at an acceptable cost of additional computation, and its feasibility is demonstrated.     

ElGamal类型数字签名方案的安全性研究

给出了攻击ElGamal类型数字签名方案的一种方法,揭示了签名所需时间与随机参数k取值之间的关系,指出当k值较小时,此类签名方案是不安全的。     

Design of generalised ElGamal type digital signature schemes basedon discrete logarithm

The ElGamal type digital signature schemes have received wide attention recently. ElGamal type signature schemes can provide `subliminal' channel, message recovery, multisignature, etc. The authors investigate the design criteria of ElGamal type signature scheme and develop a complete list of all variations     

加强广义El Gamal型签名方案的安全性

本文提出了一种称作隐式ＥｌＧａｍａｌ型签名方案的新方案。在这种签名方案中，真实签名被隐蔽起来，签名者仅将隐式签名送签名收方。我们在广义ＥｌＧａｍａｌ型签名方案上构造了许多隐式签名方案。分析表明，隐式ＥｌＧａｍａｌ型签名方案不但较源ＥｌＧａｍａｌ型签名方案更安全，而且可以被用来封闭阈下信道以及同时签发两个不同的消息。     

一个高效的门限共享验证签名方案及其应用

基于离散对数问题提出一个新的门限共享验证签名方案，该方案是EIGamal签名方案和Shamir门限方案的结合。在该方案中，n个验证者中任意t个可以验证签名的有效性，而t-1个或更少的验证者不能验证签名的有效性。伪造该方案的签名等价于伪造EIGamal签名。与已有方案相比，该方案的签名效率更高。最后基于该门限共享验证签名方案提出一个新的口令共享认证方案。     

无可信中心的可变门限签名方案

分析了Lee的多策略门限签名方案,发现其不能抗合谋攻击.基于Agnew等人改进的E1Gamal签名方案,提出了一个无可信中心的可变门限签名方案.该方案允许在群体中共享具有不同门限值的多个组密钥,每个签名者仅需保护一个签名密钥和一个秘密值;可以根据文件的重要性灵活地选取不同的门限值进行门限签名.分析表明,提出的方案防止了现有方案中存在的合谋攻击,而且无需可信中心来管理签名者的密钥,密钥管理简单,更具安全性和实用性.     

基于ElGamal的证实数字签名方案

验证者要知道一个证实数字签名的有效性，必须得到一个称为证实者的第三方的帮助与合作。签名者的安全性和证实签名的“不可见性”是一个证实数字签名方案必须具备的两个重要特性。现存的证实签名实现方案，或者是低效的，或者是不安全的。本文首次基于ElGamal签名机制提出一种新的证实数字签名方案，分析表明，该方案是一种安全而高效的证实数字签名实现方案。     

关于“两类ElGamal型数字签名方案的安全性和性能分析”的讨论

为了加强ElGamal型数字签名方案的安全性,最近祁明等人对两类ElGamal型数字签名方案的安全性和基于两类签名方案的通行字认证方案进行了分析和讨论,并且提出了两类改进型的方案.本文首先指出了他们提出的第一个p型方案是不安全的,攻击者可以伪造任意消息的数字签名.本文证明了广义ElGamal型数字签名方案都不能抵御代换攻击.本文最后还证明了他们提出的两类改进型方案也不能抵御同态攻击,因而并不具有所说的安全性.     

两类ElGama1型数字签名方案的安全性和性能分析

本文对两类ElGamal型签名方案的安全性和基于两类签名方案的通行字认证方案进行了分析和讨论。通过对这些问题的研究,可以对两类ElGamal型签名方案的安全性、性能和相互关系有新的认识。     

有限域上多项式形式的ElGamal体制及数字签名方案

提出了有限域上多项式形式的ElGamal公钥体制,并基于新体制,提出了一个多项式形式的ElGamal数字签名方案。新的公钥体制一次可以加密多个明文,新的签名方案一次可对多个文件进行签名。两个体制的安全性都主要基于离散对数问题的难解性。     

Secure Distributed Key Generation for Discrete-Log Based Cryptosystems

A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = g^k). In this paper we show that a widely used dlog-based DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated keys: we describe an efficient active attacker controlling a small number of parties which successfully biases the values of the generated keys away from uniform. We then present a new DKG protocol for the setting of dlog-based cryptosystems which we prove to satisfy the security requirements from DKG protocols and, in particular, it ensures a uniform distribution of the generated keys. The new protocol can be used as a secure replacement for the many applications of Pedersen's protocol. Motivated by the fact that the new DKG protocol incurs additional communication cost relative to Pedersen's original protocol, we investigate whether the latter can be used in specific applications which require relaxed security properties from the DKG protocol. We answer this question affirmatively by showing that Pedersen's protocol suffices for the secure implementation of certain threshold cryptosystems whose security can be reduced to the hardness of the discrete logarithm problem. In particular, we show Pedersen's DKG to be sufficient for the construction of a threshold Schnorr signature scheme. Finally, we observe an interesting trade-off between security (reductions), computation, and communication that arises when comparing Pedersen's DKG protocol with ours.     

椭圆曲线公钥制密码系统的软件控制设计

本文采用兼容PIC16C72的8位嵌入式微处理器做控制芯片，完成了一种仿ElGamal的数字签名算法。并且与设计的点乘硬件芯片一起构成了一种椭圆曲线公钥制密码系统。该系统工作时钟为20MHz，一秒钟内可以完成10次签名，签名速度与国外见于报道的同类产品相当。     

数字移动通信网中的用户认证方案

本文根据Harn L提出的修正ELGamal签名方案和Rabin的公钥加密体制,提出了一种适用于数字移动通信网的公钥用户认证方案。该方案克服了GSM和CT—2等系统中所采用的秘密密钥方案不够安全的缺点,并具有较低的计算复杂度和较高的安全性。     

ID-based signatures from pairings on elliptic curves

An efficient identity-based signature scheme is presented which makes use of bilinear pairings on elliptic curves. This scheme is similar to the generalised ElGamal signature scheme. The security of the scheme is considered     

基于ElGamal变体的前向安全盲签名方案

Due to forward-secure-digital-signature’s capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders’privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature,based on the variants of ElGamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.     

ElGamal数字签名方案的发展与应用

ElGamal数字签名方案作为目前最为重要的数字签名方案之一,极大地促进了现代密码学的发展。分析了几个主要的ElGamal型数字签名方案的优缺点,并阐述了ElGamal型数字签名方案的一些应用状况。     

ElGamal型签名方案与相应MR(P)型方案的安全性关系研究

本文首先指出了文献 [1]强等价在分析两个方案的安全性关系中的局限性 ,并对它进行了推广———安全强等价 ,利用相互转换的方法证明了ElGamal型签名方案与相应的MR(P)型方案是安全强等价的 ,从而解决了文献 [2 ]中遗留的问题。     

New signature scheme with message recovery

A modification is presented of the digital signature scheme of ElGamal (1985) that allows message recovery.<>     

基于因数分解和离散对数的数字签名协议

本文设计了两个数字签名协议,它们的安全性基于因数分解和离散对数的困难性,它们的性能类似于基本的ElGamal数字签名协议和Harn数字签名协议。本文还讨论了几种可能的攻击,证明了它们的安全性高于后两种数字签名协议。     

基于二元仿射变换构造强盲签名方案

在广义ElGarnal签名方案的基础上，基于二元仿射变换构造一些新的强盲签名方案，并对这些方案进行了检验和分析。