A provable secure fuzzy identity based signature scheme

To use biometrics identities in an identity based encryption system,Sahai and Waters first introduced the notion of fuzzy identity based encryption(FIBE) in 2005.Yang et al.extended it to digital signature and introduced the concept of fuzzy identity based signature(FIBS) in 2008,and constructed an FIBS scheme based on Sahai and Waters’s FIBE scheme.In this paper,we further formalize the notion and security model of FIBS scheme and propose a new construction of FIBS scheme based on bilinear pairing.The proposed scheme not only provides shorter public parameters,private key and signature,but also have useful structures which result in more efficient verification than that of Yang et al.’s FIBS scheme.The proposed FIBS scheme is proved to be existentially unforgeable under a chosen message attack and selective fuzzy identity attack in the random oracle model under the discrete logarithm assumption.     

A Provably Secure Proxy Signature Scheme Based on Factoring

In a proxy signature scheme, a potential signer delegates his signature authority to a proxy, who signs a message on behalf of the original signer. There has not been yet a RSA-based proxy signature scheme which is provable secure in modem cryptology. This paper constructs a proxy signature scheme based on RSA signature scheme. The proposed proxy signature scheme is existentially unforgeable against adaptive chosen message attack in random oracle model. This paper adopts a straight method of security reduction in which the scheme＇s security is reduced to inverting RSA. The proof keeps tighter reduction rate and the scheme is efficient. The proposed signature scheme is the first secure proxy signature based on factoring in the formal security model.     

Identity-based signature scheme based on quadratic residues

Identity-based(ID-based)cryptography has drawn great concerns in recent years,and most of ID-based schemes are constructed from bilinear parings.Therefore,ID-based scheme without pairing is of great interest in the field of cryptography.Up to now, there still remains a challenge to construct ID-based signature scheme from quadratic residues.Thus,we aim to meet this challenge by proposing a concrete scheme.In this paper,we first introduce the technique of how to calculate a 2lth root of a quadratic residue,and then give a concrete ID-based signature scheme using such technique. We also prove that our scheme is chosen message and ID secure in the random oracle model,assuming the hardness of factoring.     

Forgeability of Wang-Zhu-Feng-Yau’s Attribute-Based Signature with Policy-and-Endorsement Mechanism

Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffe-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et al.’s scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.’s proof.     

Breaking and Repairing Trapdoor-Free Group Signature Schemes from Asiacrypt 2004

Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. in case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-sized public key and signature length, and more importantly, their group signature scheme does not require trapdoor, Their scheme is very efficient and the sizes of signatures are smaller than those of the other existing schemes. In this paper, we point out that Nguyen and Safavi-Naini＇s scheme is insecure. In particular, it is shown in our cryptanalysis of the scheme that it allows a non-member of the group to sign on behalf of the group. And the resulting signature convinces any third party that a member of the group has indeed generated such a signature, although none of the members has done so. Therefore is in case of dispute, even the group manager cannot identify who has signed the message. In the paper a new scheme that does not suffer from this problem is provided.     

Chameleon Hashes Without Key Exposure Based on Factoring

Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem： non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure-free chameleon hashes have been constructed based on RSA assumption and SDH （strong Diffie-Hellman） assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.     

Lattice-based linearly homomorphic signature scheme over binary field

To design an efficient post-quantum linearly homomorphic signature scheme, using the pre-image sampling function, a lattice-based linearly homomorphic signature scheme over a binary field is proposed in this paper. Linear homomorphism is achieved through the homomorphism of the lattice-based hash function used in the proposed signature scheme. It is shown that the proposed scheme satisfies the privacy property. Based on the hardness of the short integer solution problem, the proposed scheme is unforgeahle against the type 1 and type 2 adversaries in the random oracle model. Moreover, compared with a presented linearly homomorphic signature scheme in 2011, the proposed scheme has some advantages with respect to the public key size, signature length and computational cost.     

Breaking and Repairing Trapdoor-Free Group Signature Schemes from Asiacrypt'2004

Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-sized public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are smaller than those of the other existing schemes. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, it is shown in our cryptanalysis of the scheme that it allows a non-member of the group to sign on behalf of the group. And the resulting signature convinces any third party that a member of the group has indeed generated such a signature, although none of the members has done so. Therefore is in case of dispute, even the group manager cannot identify who has signed the message. In the paper a new scheme that does not suffer from this problem is provided.     

Selectively unforgeable but existentially forgeable signature schemes and applications

This paper gives definitions,constructions and applications of signature schemes,which are selectively unforgeable but existentially forgeable(SUEF).We formalize the special notion under conditions of chosen message attack(CMA) and known message attack(KMA).Then two general constructions are presented with two concrete examples.We apply the SUEF secure signature schemes to an elementary authentication mechanism,the challenge-response mechanism,to obtain a basic deniable authentication method.The method is presented as a deniable message transmission(MT) authenticator in the extension framework of Raimondo.     

A new approach of fuzzy comprehensive evaluation on rough set

This paper is devoted to some studies on approaches of fuzzy comprehensive estimation of an information system. The redundant or insignificant attributes in fuzzy comprehensive evaluation data sets are removed to reduce knowledge expression of the system based on rough set. The significance of condition attributes is used for setting up a weight distribution of fuzzy evaluation so that some undesirable influences of the weights subjectively defined are eliminated. The precision of the comprehensive evaluation of a system reduced is realized by an approach of fuzzy comprehensive estimation on rough set. The feasibility of fuzzy comprehensive estimation proposed is shown by some of examples of planting rubber here.     

基于身份的可验证加密签名协议的安全性分析

利用Hess的基于身份的数字签名方案，Gu和Zhu提出了一个基于身份的可验证加密签名协议，并认为该协议在随机预言模型下是可证明安全的，从而可以作为基本模块用于构建安全的基于身份的公平交换协议．文章对该协议的安全性进行了深入分析，结果表明该协议存在如下的安全缺陷：恶意的签名者可以很容易地构造出有效的可验证加密签名，但是指定的仲裁者却不能把它转化成签名者的普通签名，因此不能满足可验证加密签名协议的安全需求；而且该协议容易遭受合谋攻击．     

Fuzzy identity based signature with applications to biometric authentication

We introduce a new cryptographic primitive which is the signature analog of fuzzy identity based encryption (FIBE). We call it fuzzy identity based signature (FIBS). It possesses similar error-tolerance property as FIBE that allows a user with the private key for identity ω to decrypt a ciphertext encrypted for identity ω′ if and only if ω and ω′ are within a certain distance judged by some metric. We give the definition and security model of FIBS and present the first practical FIBS scheme. We prove that our scheme is existentially unforgeable against adaptively chosen message attack in the standard model. To our best knowledge, this primitive was never considered in the identity based signature before. FIBS is of particular value for biometric authentication, where biometric identifiers such as fingerprints, iris, voice and gait are used in human identification. We demonstrate the applicability of our construction to secure biometric authentication.     

Signature schemes with a fuzzy private key

In this paper, we introduce a new concept of digital signature that we call fuzzy signature, which is a signature scheme that uses a noisy string such as biometric data as a private key, but does not require user-specific auxiliary data (which is also called a helper string in the context of fuzzy extractors), for generating a signature. Our technical contributions are threefold: (1) we first give the formal definition of fuzzy signature, together with a formal definition of a “setting” that specifies some necessary information for fuzzy data. (2) We give a generic construction of a fuzzy signature scheme based on a signature scheme that has certain homomorphic properties regarding keys and satisfies a kind of related key attack security with respect to addition, and a new tool that we call linear sketch. (3) We specify two concrete settings for fuzzy data, and for each of the settings give a concrete instantiation of these building blocks for our generic construction, leading to two concrete fuzzy signature schemes. We also discuss how fuzzy signature schemes can be used to realize a biometric-based PKI that uses biometric data itself as a cryptographic key, which we call the public biometric infrastructure.

     

基于身份的可认证会议密钥协商

在参加会议的各方共同协商会议密钥时，为了确保用于构造密钥的协商信息的真实性，通常需要对协商信息进行认证。数字签名和共享秘密是两种常用的认证方法。介绍了利用椭圆曲线上Weil配对构造的基于身份的公钥密码体制。分别利用基于身份的数字签名方案和基于身份的长期共享密钥设计了两个可认证会议密钥协商协议。协议具有较强的安全性和较高的效率，可应用于各种需要多方共同协商会话密钥的环境。     

改进的门限数字签名方案

费如纯、王丽娜等提出了一个安全性基于有限域上求解离散对数的困难性和特定条件下求解二次剩余的困难性的门限数字签名方案。该方案能防止恶意参与者欺诈以阻止签名和伪造攻击。基于数论知识分析指出他们给出的这种实现方案存在不足和安全隐患:t个成员合谋无法假冒其他成员生成有效的数字签名;然后利用Williams体制对上述方案改进,从而解决了以上问题。新方案还具有成员的子密钥可以无限制的使用、验证的简单性等许多良好性质。     

Efficient attribute-based signature and signcryption realizing expressive access structures

This paper addresses the open problem of designing attribute-based signature (ABS) schemes with constant number of bilinear pairing operations for signature verification or short signatures for more general policies posed by Gagné et al. in Pairing 2012. Designing constant-size ABS for expressive access structures is a challenging task. We design two key-policy ABS schemes with constant-size signature for expressive linear secret-sharing scheme (LSSS)-realizable monotone access structures. Both the schemes utilize only 3 pairing operations in signature verification process. The first scheme is small universe construction, while the second scheme supports large universes of attributes. The signing key is computed according to LSSS-realizable access structure over signer’s attributes, and the message is signed with an attribute set satisfying the access structure. Our ABS schemes provide the existential unforgeability in selective attribute set security model and preserve signer privacy. We also propose a new attribute-based signcryption (ABSC) scheme for LSSS-realizable access structures utilizing only 6 pairings and making the ciphertext size constant. Our scheme is significantly more efficient than existing ABSC schemes. While the secret key (signing key or decryption key) size increases by a factor of number of attributes used in the system, the number of pairing evaluations is reduced to constant. Our protocol achieves (a) ciphertext indistinguishability under adaptive chosen ciphertext attacks assuming the hardness of decisional Bilinear Diffie–Hellman Exponent problem and (b) existential unforgeability under adaptive chosen message attack assuming the hardness of computational Diffie–Hellman Exponent problem. The security proofs are in selective attribute set security model without using any random oracle heuristic. In addition, our ABSC achieves public verifiability of the ciphertext, enabling any party to verify the integrity and validity of the ciphertext.     

An improved efficient identity-based proxy signature in the standard model

Many identity-based proxy signature (IBPS) schemes have been proposed, but most were proved to be secure using a random oracle model, which has attracted considerable criticism. Cao and Cao proposed an IBPS scheme using the standard model, but their scheme was shown to be insecure because it could not resist a delegator attack. In order to overcome this weakness, Gu et al. proposed a new IBPS scheme in 2013 that uses the standard model and they also provided a detailed security model for IBPS. However, in this study, we demonstrate that Gu et al.'s scheme is still vulnerable to delegator attack. In order to correct this problem, we propose an improvement of the IBPS scheme described by Gu et al. We also present an efficiency analysis for our scheme and a detailed security proof based on the computational Diffie–Hellman assumption.     

对一个无可信中心的（t，n）门限签名方案的改进

一个（t,n）门限签名方案中,任何t个成员的集合能够对任意的消息产生签名而任何少于t个成员的集合都不能发行签名。其中密钥通过可信中心或没有可信中心,通过所有的成员运行交互式协议在n个成员中分配。2006年,郭丽峰对王斌等的方案进行了安全性分析,指出王等的方案是不安全的,该文对王的方案进行了改进,使其抗广泛性攻击及内部攻击。     

对一个无可信中心的(t,n)门限签名方案的改进

一个(t,n)门限签名方案中,任何t个成员的集合能够对任意的消息产生签名而任何少于t个成员的集合都不能发行签名。其中密钥通过可信中心或没有可信中心,通过所有的成员运行交互式协议在n个成员中分配。2006年,郭丽峰对王斌等的方案进行了安全性分析,指出王等的方案是不安全的,该文对王的方案进行了改进,使其抗广泛性攻击及内部攻击。