Generalized First Pre-image Tractable Random Oracle Model and Signature Schemes

Any one who knows the signer’s public key can verify the validity of a given signature in partially blind signature schemes. This verifying universality may be used by cheats if the signed message is sensitive or personal. To solve this problem, a new convertible user designating confirmer partially blind signature, in which only the designated confirmer (designated by the user) and the user can verify and confirm the validity of given signatures and convert given signatures into publicly verifiable ones, is proposed. Compared with Huang et al.’s scheme, the signature size is shortened about 25% and the computation quantity is reduced about 36% in the proposed scheme. Under random oracle model and intractability of Discrete Logarithm Problem the proposed scheme is provably secure.

Download Full-text

Secure and Efficient Certificateless Signature and Blind Signature Scheme from Pairings

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.457-458.1262 ◽

2013 ◽

Vol 457-458 ◽

pp. 1262-1265

Author(s):

Min Qin Chen ◽

Qiao Yan Wen ◽

Zheng Ping Jin ◽

Hua Zhang

Keyword(s):

Random Oracle Model ◽

Public Key Cryptography ◽

Random Oracle ◽

Blind Signature ◽

Public Key ◽

Signature Scheme ◽

Signature Schemes ◽

Diffie Hellman ◽

Identity Based ◽

Certificateless Signature

Based an identity-based signature scheme, we givea certificateless signature scheme. And then we propose a certificateless blind signature (CLBS) scheme in this paper. This schemeis more efficient than those of previous schemes by pre-computing the pairing e (P, P)=g. Based on CL-PKC, it eliminates theusing of certificates in the signature scheme with respect to thetraditional public key cryptography (PKC) and solves key escrowproblems in ID-based signature schemes. Meanwhile it retains themerits of BS schemes. The proposed CLBS scheme is existentialunforgeable in the random oracle model under the intractabilityof the q-Strong Diffie-Hellman problem.

Download Full-text

Provably Secure Lattice-Based Self-Certified Signature Scheme

Security and Communication Networks ◽

10.1155/2021/2459628 ◽

2021 ◽

Vol 2021 ◽

pp. 1-9

Author(s):

Qiang Yang ◽

Daofeng Li

Keyword(s):

Computational Cost ◽

Random Oracle Model ◽

Random Oracle ◽

Public Key ◽

Communication Overhead ◽

Small Integer ◽

Signature Scheme ◽

Signature Schemes ◽

The Public ◽

Security Technologies

Digital signatures are crucial network security technologies. However, in traditional public key signature schemes, the certificate management is complicated and the schemes are vulnerable to public key replacement attacks. In order to solve the problems, in this paper, we propose a self-certified signature scheme over lattice. Using the self-certified public key, our scheme allows a user to certify the public key without an extra certificate. It can reduce the communication overhead and computational cost of the signature scheme. Moreover, the lattice helps prevent quantum computing attacks. Then, based on the small integer solution problem, our scheme is provable secure in the random oracle model. Furthermore, compared with the previous self-certified signature schemes, our scheme is more secure.

Download Full-text

On the General Construction of Tightly Secure Identity-Based Signature Schemes

The Computer Journal ◽

10.1093/comjnl/bxaa011 ◽

2020 ◽

Vol 63 (12) ◽

pp. 1835-1848

Author(s):

Ge Wu ◽

Zhen Zhao ◽

Fuchun Guo ◽

Willy Susilo ◽

Futai Zhang

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

General Construction ◽

Security Level ◽

Signature Schemes ◽

Small Constant ◽

Security Parameter ◽

Cryptographic Primitive ◽

Identity Based ◽

Tight Security

Abstract A tightly secure scheme has a reduction, where the reduction loss is a small constant. Identity-based signature (IBS) is an important cryptographic primitive, and tightly secure IBS schemes enjoy the advantage that the security parameter can be optimal to achieve a certain security level. General constructions of IBS schemes (Bellare, M., Namprempre, C., and Neven, G. (2004) Security Proofs for Identity-Based Identification and Signature Schemes. In Proc. EUROCRYPT 2004, May 2–6, pp. 268–286. Springer, Berlin, Interlaken, Switzerland; Galindo, D., Herranz, J., and Kiltz, E. (2006) On the Generic Construction of Identity-Based Signatures With Additional Properties. In Proceedings of ASIACRYPT 2006, December 3–7, pp. 178–193. Springer, Berlin, Shanghai, China) and their security have been extensively studied. However, the security is not tight and how to generally construct a tightly secure IBS scheme remains unknown. In this paper, we concentrate on the general constructions of IBS schemes. We first take an insight into previous constructions and analyze the reason why it cannot achieve tight security. To further study possible tightly secure constructions, we propose another general construction, which could be seen as a different framework of IBS schemes. Our construction requires two traditional signature schemes, whereas the construction by Bellare et al. uses one scheme in a two-round iteration. There are no additional operations in our general construction. Its main advantage is providing the possibility of achieving tight security for IBS schemes in the random oracle model. Combining two known signature schemes, we present an efficient IBS scheme with tight security as an example.

Download Full-text

Security of signature schemes in the presence of key-dependent messages

Tatra Mountains Mathematical Publications ◽

10.2478/v10127-010-0029-2 ◽

2010 ◽

Vol 47 (1) ◽

pp. 15-29

Author(s):

Madeline González Muñiz ◽

Rainer Steinwndt

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Signature Scheme ◽

Forward Security ◽

Signature Schemes ◽

Encryption Schemes ◽

Time Signature ◽

Made In

Abstract In recent years, quite some progress has been made in understand- ing the security of encryption schemes in the presence of key-dependent plaintexts. Here, we motivate and explore the security of a setting, where an adversary against a signature scheme can access signatures on key-dependent messages. We propose a way to formalize the security of signature schemes in the pres- ence of key-dependent signatures (KDS). It turns out that the situation is quite different from key-dependent encryption: already to achieve KDS-security under non-adaptive chosen message attacks, the use of a stateful signing algorithm is inevitable-even in the random oracle model. After discussing the connection be- tween key-dependent signing and forward security, we present a compiler to lift any EUF-CMA secure one-time signature scheme to a forward secure signature scheme offering KDS-CMA security.

Download Full-text

On Pseudo-Random Oracles

Tatra Mountains Mathematical Publications ◽

10.2478/v10127-012-0045-5 ◽

2012 ◽

Vol 53 (1) ◽

pp. 155-187

Author(s):

Michal Rjaško

Keyword(s):

Hash Function ◽

Random Function ◽

Hash Functions ◽

Random Oracle Model ◽

Random Oracle ◽

Public Image ◽

Signature Schemes ◽

Random Oracles ◽

Random Behavior ◽

Domain Extension

ABSTRACT Many cryptographic systems which involve hash functions have proof of their security in a so called random oracle model. Behavior of hash functions used in such cryptographic systems should be as close as possible to the behavior of a random function. There are several properties of hash functions dealing with a random behavior. A hash function is pseudo-random oracle if it is indifferentiable from a random oracle. However, it is well known that hash functions based on the popular Merkle-Damg˚ard domain extension transform do not satisfy the pseudo-random oracle property. On the other hand no attack is known for many concrete applications utilizing Merkle-Damg˚ard hash functions. Hence, a weakened notion called public-use pseudo random oracle was introduced. The property can be met by the Merkle-Damg˚ard construction and is sufficient for several important applications. A hash function is public use pseudo-random oracle if it is indifferentiable from a random oracle with public messages (i.e., all messages hashed so far are available to all parties). This is the case of most hash based signature schemes. In this paper we analyze relationship between the property pseudo-random oracle and its variant public image pseudo-random oracle. Roughly, a hash function is public image pseudo-random oracle if it is indifferentiable from a random oracle with public images (i.e., all images of messages hashed so far are available to all parties, messages are kept secret). We prove that the properties are equivalent.

Download Full-text

New Signature and Multi-Signature Schemes with Tight Security Reduction Based on D-DDH Problem

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.3052 ◽

2012 ◽

Vol 263-266 ◽

pp. 3052-3059

Author(s):

Ze Cheng Wang

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Signature Scheme ◽

Signature Schemes ◽

Main Method ◽

Discrete Logarithms ◽

Diffie Hellman ◽

Intractable Problem ◽

Tight Security

Based on the newly introduced d-decisional Diffie-Hellman (d-DDH) intractable problem, a signature scheme and a multi-signature scheme are proposed. The main method in the constructions is a transformation of a knowledge proof on the equality of two discrete logarithms. The two schemes are proved secure in the random oracle model and the security reductions to the d-DDH problem are tight. Moreover, one can select different d for different security demand of applications. Thus the schemes are secure, efficient and practical.

Download Full-text

HORSIC+: An Efficient Post-Quantum Few-Time Signature Scheme

Applied Sciences ◽

10.3390/app11167350 ◽

2021 ◽

Vol 11 (16) ◽

pp. 7350

Author(s):

Jaeheung Lee ◽

Yongsu Park

Keyword(s):

Security Analysis ◽

Random Oracle Model ◽

Random Oracle ◽

Security Level ◽

Signature Scheme ◽

Signature Schemes ◽

Security Proof ◽

Time Signature ◽

Resistant Family ◽

Cryptographic Hash Functions

It is well known that conventional digital signature algorithms such as RSA and ECDSA are vulnerable to quantum computing attacks. Hash-based signature schemes are attractive as post-quantum signature schemes in that it is possible to calculate the quantitative security level and the security is proven. SPHINCS is a stateless hash-based signature scheme and introduces HORST few-time signature scheme which is an improvement of HORS. However, HORST as well as HORS suffers from pretty large signature sizes. HORSIC is proposed to reduce the signature size, yet does not provide in-depth security analysis. In this paper, we propose HORSIC+, which is an improvement of HORSIC. HORSIC+ differs from HORSIC in that HORSIC+ does not apply f as a plain function to the signature key, but uses a member of a function family. In addition, HORSIC+ uses the chaining function similar to W-OTS+. These enable the strict security proof without the need for the used function family to be a permutation or collision resistant. HORSIC+ is existentially unforgeable under chosen message attacks, assuming a second-preimage resistant family of undetectable one-way functions and cryptographic hash functions in the random oracle model. HORSIC+ reduces the signature size by as much as 37.5% or 18.75% compared to HORS and by as much as 61.5% or 45.8% compared to HORST for the same security level.

Download Full-text

A Provably Secure ID-Based Designated Verifier Proxy Signature Scheme Based on DLP

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.411-414.721 ◽

2013 ◽

Vol 411-414 ◽

pp. 721-724 ◽

Cited By ~ 1

Author(s):

Bao Dian Wei

Keyword(s):

Discrete Logarithm ◽

Random Oracle Model ◽

Random Oracle ◽

Proxy Signature ◽

Signature Scheme ◽

Signature Schemes ◽

The Common ◽

Designated Verifier ◽

Provably Secure

Most of the existing ID-based designated verifier proxy signature schemes are implemented with pairings. The computation of parings is still much more expensive than the common modular multiplications and exponentiations. To obtain better efficiency, we construct an efficient ID-based DVPS scheme without pairings. The scheme is designed based on the hardness of the discrete logarithm problems. It is proven secure against adaptively chosen message attacks, in the random oracle model.

Download Full-text

Identity-Based Linkable Ring Signature on NTRU Lattice

Security and Communication Networks ◽

10.1155/2021/9992414 ◽

2021 ◽

Vol 2021 ◽

pp. 1-17

Author(s):

Yongli Tang ◽

Feifei Xia ◽

Qing Ye ◽

Mengyao Wang ◽

Ruijie Mu ◽

...

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Small Integer ◽

Rejection Sampling ◽

Signature Schemes ◽

Ring Signature ◽

Storage Overhead ◽

Signature Generation ◽

Identity Based ◽

And Storage

Although most existing linkable ring signature schemes on lattice can effectively resist quantum attacks, they still have the disadvantages of excessive time and storage overhead. This paper constructs an identity-based linkable ring signature (LRS) scheme over NTRU lattice by employing the technologies of trapdoor generation and rejection sampling. The security of this scheme relies on the small integer solution (SIS) problem on NTRU lattice. We prove that this scheme has unconditional anonymity, unforgeability, and linkability under the random oracle model (ROM). Through the performance analysis, this scheme has a shorter size of public/private keys, and when the number of ring members is small (such as N ≤ 8 ), this scheme has a shorter signature size compared with other existing latest lattice-based LRS schemes. The computational efficiency of signature has also been further improved since it only involves multiplication in the polynomial ring and modular operations of small integers. Finally, we implemented our scheme and other similar schemes, and it is shown that the time for the signature generation and verification of this scheme decreases roughly by 44.951% and 33.503%, respectively.

Download Full-text