Adaptable Group-Oriented Signature

A new type of signature is presented in this paper, named adaptable group-oriented signature. In contrast with traditional group-oriented signature, the new one laid a strong emphasis on how to improve the signer¡¯s efficiency. In fact, this new type of group-oriented signature can be seen as a type of designated verifier signature. In contrast with the ordinary designated verifier signature, it does not designate one member but several members to independently verify the signature. The designated members, who can independently verify the signature, come into a group. This scheme can ensure the anonymity of the verifiers. This type of signature can be used in such system that the compute resource is limited, such as the broadcast protocols of the mobile telephone in the mobile networks

Breaking and Building of Group Inside Signature

Group Inside Signature (GIS) is a signature scheme that allows the signer to designate his signature to be verified by a group of people, so that members other than the designated group cannot verify the signature generated by him. In Broadcast Group Oriented Signature (BGOS), an user from one group can designate his signature to be verified by members of other group. The GIS and BGOS schemes \cite{MaAoHe05}, \cite{CJ09} and \cite{MaHeAo05} which we consider are certificateless schemes. An Adaptable Designated Group Signature (ADGS), is one in which an user can designate his signature to be verified by a selected set of members who are from different groups. The ADGS scheme \cite{MaL06} which we consider here is an identity based scheme. In this paper, we present the cryptanalysis of four schemes that appeared in \cite{MaAoHe05}, \cite{CJ09}, \cite{MaHeAo05} and \cite{MaL06}. We show that, both GIS schemes \cite{MaAoHe05}, \cite{CJ09} and BGOS scheme \cite{MaHeAo05} suffers from Type-I and Type-II vulnerabilities and ADGS \cite{MaL06} is universally forgeable. We also present a new scheme for ADGS (N-ADGS) and proved its security in the random oracle model. The existing model for ADGS did not consider unlinkability which is one of the key properties required for ADGS. We provide security model for unlinkability and also prove our scheme is unlinkable

A kk-out-of-nn Ring Signature with Flexible Participation for Signers

A $k$-out-of-$n$ ring signature is a kind of anonymous signature that can be performed by any member in a group. This signature allows the creation of valid signatures if and only if actual signers more than or equal to $k$ sign the message among $n$ possible signers. In this paper, we present a new $k$-out-of-$n$ ring signature. Our signature has a remarkable property: When the signature is updated from $k$-out-of-$n$ to $(k+\alpha)$-out-of-$n$, the previous signers do not need to sign a message again. Our scheme can ``reuse\u27\u27 the old signature, whereas the previous schemes revoke it and create a signature from scratch. We call this property ``{{flexibility}}\u27\u27 and formalize it rigorously. Our signature scheme has a multiple ring structure, each ring of which is based on $1$-out-of-$n$ ring signature. The structure of our scheme is completely different from that of conventional schemes, such as a secret-sharing type. The signers\u27 keys are mostly independent of each user, thanks to a part of keys which use a special hash function. We give the results of provable security for our scheme

Structure-preserving signatures from type II pairings

We investigate structure-preserving signatures in asymmetric bilinear groups with an efficiently computable homomorphism from one source group to the other, i.e., the Type II setting. It has been shown that in the Type I and Type III settings, structure-preserving signatures need at least 2 verification equations and 3 group elements. It is therefore natural to conjecture that this would also be required in the intermediate Type II setting, but surprisingly this turns out not to be the case. We construct structure-preserving signatures in the Type II setting that only require a single verification equation and consist of only 2 group elements. This shows that the Type II setting with partial asymmetry is different from the other two settings in a way that permits the construction of cryptographic schemes with unique properties. We also investigate lower bounds on the size of the public verification key in the Type II setting. Previous work on structure-preserving signatures has explored lower bounds on the number of verification equations and the number of group elements in a signature but the size of the verification key has not been investigated before.We show that in the Type II setting it is necessary to have at least 2 group elements in the public verification key in a signature scheme with a single verification equation. Our constructions match the lower bounds so they are optimal with respect to verification complexity, signature sizes and verification key sizes. In fact, in terms of verification complexity, they are the most efficient structure preserving signature schemes to date. We give two structure-preserving signature schemes with a single verification equation where both the signatures and the public verification keys consist of two group elements each. One signature scheme is strongly existentially unforgeable, the other is fully randomizable. Having such simple and elegant structure-preserving signatures may make the Type II setting the easiest to use when designing new structure-preserving cryptographic schemes, and lead to schemes with the greatest conceptual simplicity

Efficient Round-Optimal Blind Signatures in the Standard Model

Blind signatures are at the core of e-cash systems and have numerous other applications. In this work we construct efficient blind and partially blind signature schemes over bilinear groups in the standard model. Our schemes yield short signatures consisting of only a couple of elements from the shorter source group and have very short communication overhead consisting of $1$ group element on the user side and $3$ group elements on the signer side. At $80$-bit security, our schemes yield signatures consisting of only $40$ bytes which is $67\%$ shorter than the most efficient existing scheme with the same security in the standard model. Verification in our schemes requires only a couple of pairings. Our schemes compare favorably in every efficiency measure to all existing counterparts offering the same security in the standard model. In fact, the efficiency of our signing protocol as well as the signature size compare favorably even to many existing schemes in the random oracle model. For instance, our signatures are shorter than those of Brands\u27 scheme which is at the heart of the U-Prove anonymous credential system used in practice. The unforgeability of our schemes is based on new intractability assumptions of a ``one-more\u27\u27 type which we show are intractable in the generic group model, whereas their blindness holds w.r.t.~malicious signing keys in the information-theoretic sense. We also give variants of our schemes for a vector of messages

Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials

Electronic tickets (e-tickets) are electronic versions of paper tickets, which enable users to access intended services and improve services' efficiency. However, privacy may be a concern of e-ticket users. In this paper, a privacy-preserving electronic ticket scheme with attribute-based credentials is proposed to protect users' privacy and facilitate ticketing based on a user's attributes. Our proposed scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent; (5) the security of the proposed scheme is formally proven and reduced to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme has been implemented and its performance empirically evaluated. To the best of our knowledge, our privacy-preserving attribute-based e-ticket scheme is the first one providing these five features. Application areas of our scheme include event or transport tickets where users must convince ticket sellers that their attributes (e.g. age, profession, location) satisfy the ticket price policies to buy discounted tickets. More generally, our scheme can be used in any system where access to services is only dependent on a user's attributes (or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table