Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces

We define a novel notion of quasi-adaptive non-interactive zero-knowledge (NIZK) proofs for probability distributions on parameterized languages. It is quasi-adaptive in the sense that the common reference string (CRS) generator can generate the CRS depending on the language parameters. However, the simulation is required to be uniform, i.e., a single efficient simulator should work for the whole class of parameterized languages. For distributions on languages that are linear subspaces of vector spaces over bilinear groups, we give computationally sound quasi-adaptive NIZKs that are shorter and more efficient than Groth–Sahai NIZKs. For many cryptographic applications quasi-adaptive NIZKs suffice and our constructions can lead to significant efficiency improvements in the standard model. Our construction can be based on any k-linear assumption, and in particular under the eXternal Diffie Hellman (XDH) assumption our proofs are even competitive with Random Oracle-based \(\Sigma \)-protocol NIZK proofs. We also show that our system can be extended to include integer tags in the defining linear equations, where the tags are provided adaptively by the adversary. This leads to applicability of our system to many applications that use tags, e.g., applications using Cramer–Shoup projective hash proofs. Our techniques also lead to the shortest known (ciphertext) fully secure identity-based encryption scheme under standard static assumptions. Further, we also get a short publicly verifiable CCA2-secure IBE scheme.     

Improved certificateless multi-proxy signature

Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group.In the scheme,only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer.Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature(CLMPS) and proposed a concrete CLMPS scheme.However,their construction has three problems:the definition of the strengthened security model is inaccurate,the concrete signature scheme has a security flaw,and the proof of the security is imperfect.With further consideration,a remedial strengthened security model is redefined,and an improved scheme is also proposed,which is existentially unforgeable against adaptively chosen-warrant,chosen-message and chosen-identity attacks in the random oracles.In this condition,the computational Diffie-Hellman(CDH) assumption is used to prove full security for our CLMPS scheme.     

一种新型的群签名方案

该文在BB短签名方案的基础上演化出一个新的签名方案,并由此构建了一个新的群签名方案。新的群签名方案的安全性建立在随机预言机模型下,q-SDH假设和判定Diffie-Hellman假设之上的。该文提出的群签名方案的签名长度比BBS的短群签名方案的签名长度略长,但在为群成员发放资格证书以及成员私钥时,不需要可信任第三方的参与。     

Provable secure proxy signature scheme without bilinear pairings

Proxy signature is an active research area in cryptography. A proxy signature scheme allows an entity to delegate his or her signing capability to another entity in such a way that the latter can sign messages on behalf of the former. Many proxy signature schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is more than 10 times of the scalar multiplication over elliptic curve group. In order to save the running time and the size of the signature, we propose a proxy signature scheme without bilinear pairings and prove its security against adaptive chosen‐message attack in random oracle model. The security of our scheme is based on the hardness of the elliptic curve discrete logarithm problem. With the running time being saved greatly, our scheme is more practical than the previous related scheme for practical applications. Copyright © 2011 John Wiley & Sons, Ltd.     

格上本地验证者撤销属性基群签名的零知识证明

属性基群签名(ABGS)是一类特殊形式的群签名,其允许拥有某些特定属性的群成员匿名地代表整个群对消息进行签名;当有争议发生时,签名打开实体可以有效地追踪出真实签名者。针对格上第1个支持本地验证者撤销的属性基群签名群公钥尺寸过长,空间效率不高的问题,该文采用仅需固定矩阵个数的紧凑的身份编码技术对群成员身份信息进行编码,使得群公钥尺寸与群成员个数无关;进一步地,给出新的Stern类统计零知识证明协议,该协议可以有效地证明群成员的签名特权,而其撤销标签则通过单向和单射的带误差学习函数来进行承诺。     

Short Signatures from Diffie–Hellman: Realizing Almost Compact Public Key

In this paper, we present a new digital signature scheme based on the computational Diffie–Hellman (CDH) assumption in the standard model. The proposed signature scheme is not only asymptotically almost compact but also practical for concrete parameters in the sense that the public key has 29 group elements, and the signature consists of two group elements and two exponents for 80-bit security. Note that the Waters signature scheme, which is the previous best digital signature scheme in the same category (CDH assumption, standard model), requires linear-sized public keys in the security parameter, particularly those with 164 group elements for 80-bit security. To achieve our goal, we revisited the CDH-based signature scheme proposed by Hohenberger and Waters (EUROCRYPT 2009), which is a stateful signature scheme but achieves asymptotically compact parameters in the sense that its public key and signature consist of constant group elements. We modify the Hohenberger–Waters signature scheme to remove the state information from the signatures. More precisely, we use programmable hashes and random tags, instead of counters which is the state information maintained by a signer. To prove the security of the proposed signature scheme, we developed prefix-guessing technique for random tags. Note that the prefix-guessing technique was first introduced by Hohenberger and Waters (CRYPTO 2009) and was originally used for message queries.     

基于无证书群签名方案的电子现金系统

在经典方案ACJT群签名方案的基础上,提出了一种基于椭圆曲线的前向安全的成员可撤销无证书群签名方案,改进了ACJT计算复杂、参数较多、签名较长的不足,减小了计算量及参数个数,缩短了签名长度,提高了方案效率,并基于此群签名方案构建了一个离线公平高效的多银行电子现金系统,该电子现金系统不仅继承了群签名方案的安全性、高效性,还实现了不可伪造性、防止多重支付、防止金额篡改等多种性质,较同类方案具有明显优势。     

一种高效的群签名

基于强RSA假设,本文提出了一种高效的群签名方案.由于该方案没有采用知识签名作为基本构件使得该方案的签名算法和验证算法都非常简单,以至于该方案一个突出优点是签名与验证所需的总计算量仅仅为9次模指数运算远远少于目前最好的ACJT签名方案;最后,我们分析该方案的效率,与ACJT等几种方案相比在计算效率上有明显的提高.     

Short Signatures from the Weil Pairing

We introduce a short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves. For standard security parameters, the signature length is about half that of a DSA signature with a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or are sent over a low-bandwidth channel. We survey a number of properties of our signature scheme such as signature aggregation and batch verification.     

Provably secure RSA‐type signature based on conic curve

In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd.