An efficient identity-based group signature scheme over elliptic curves

Group signatures allow every authorized member of a group to sign on behalf of the underlying group. Anyone except the group manager is not able to validate who generates a signature for a document. A new identity-based group signature scheme is proposed in this paper. This scheme makes use of a bilinear function derived from Weil pairings over elliptic curves. Also, in the underlying composition of group signatures there is no exponentiation computation modulo a large composite number. Due to these ingredients of the novel group signatures, the proposed scheme is efficient with respect to the computation cost in signing process. In addition, this paper comes up with a security proof against adaptive forgeability

A novel group signature scheme without one way hash

The group signatures scheme was introduced by Chaum and van Heijst which allow members of a group to sign messages anonymously on behalf of the whole group. Only a designated Group Manager is able to trace the identify of the group member who issued a valid signature. The group members sign a message with their secret key gsk and produce a signature that cannot be linked to the identities of the signers without the secret key of the manager. The group manager can open the signature to recover the identities of the signers in case of any legal dispute. Group signatures have been widely used in Electronic markets where the sellers are the group members, the buyers are the veriers and the market administrator is the group manager. We aim to propose a group signature scheme that is devoid of any one-way hash function and is based upon the Integer Factorization Problem (IFP). The scheme uses the concept of safe primes to further enhance the security of the scheme. The scheme supports message recovery and hence the overload of sending the message is avoided. The scheme satisfies security properties such as Anonymity (The verier cannot link a signature to the identity of the signer), Traceability (The Group Manager can trace the identity of the signer of any valid signature), Unforgeability (A valid signature cannot be produced without the group secret keys), Exculpability (Neither the GM nor any member can produce a signature on behalf of a group member)

Group Signature where Group Manager, Members and Open Authority are Identity-Based

We present the first group signature scheme with provable security and signature size $O(\lambda)$ bits where the group manager, the group members, and the Open Authority (OA) are all identity-based. We use the security model of Bellare, Shi, and Zhang, except to add three identity managers for manager, members, and OA respectively, and we discard the Open Oracle. Our construction uses identity-based signatures summarized in Bellare, Namprempre, and Neven for manager, Boneh and Franklin\u27s IBE for OA, and we extend Bellare et al.\u27s group signature construction by verifiably encrypt an image of the member public key, instead of the public key itself. The last innovation is crucial in our efficiency; otherwise, Camenisch and Damgard\u27s verifiable encryption would have to be used resulting in lower efficiency

An Interesting Member ID-based Group Signature

We propose an interesting efficient member ID-based group signatures, i.e., verification of output from algorithm OPEN run by the group manager does not have to refer to a registration table (acting as certification list). The proposal is free of GM-frameability, i.e., secret key of member is not escrowed to GM, which is unique among all known member ID-based group signatures as far as we know. The proposal also has two distinguished extra features, one is that the group manager does not have to maintain a registration table to obtain the real identity of the signer in contrast to other schemes, another is that it provides an alternative countermeasure against tampered registration table to applying integrity techniques to the table in case registration table is maintained

Identity based cryptography from pairings.

Yuen Tsz Hon.Thesis (M.Phil.)--Chinese University of Hong Kong, 2006.Includes bibliographical references (leaves 109-122).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiList of Notations --- p.viiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Identity Based Cryptography --- p.3Chapter 1.2 --- Hierarchical Identity Based Cryptosystem --- p.4Chapter 1.3 --- Our contributions --- p.5Chapter 1.4 --- Publications --- p.5Chapter 1.4.1 --- Publications Produced from This Thesis --- p.5Chapter 1.4.2 --- Publications During Author's Study in the Degree --- p.6Chapter 1.5 --- Thesis Organization --- p.6Chapter 2 --- Background --- p.8Chapter 2.1 --- Complexity Theory --- p.8Chapter 2.1.1 --- Order Notation --- p.8Chapter 2.1.2 --- Algorithms and Protocols --- p.9Chapter 2.1.3 --- Relations and Languages --- p.11Chapter 2.2 --- Algebra and Number Theory --- p.12Chapter 2.2.1 --- Groups --- p.12Chapter 2.2.2 --- Elliptic Curve --- p.13Chapter 2.2.3 --- Pairings --- p.14Chapter 2.3 --- Intractability Assumptions --- p.15Chapter 2.4 --- Cryptographic Primitives --- p.18Chapter 2.4.1 --- Public Key Encryption --- p.18Chapter 2.4.2 --- Digital Signature --- p.19Chapter 2.4.3 --- Zero Knowledge --- p.21Chapter 2.5 --- Hash Functions --- p.23Chapter 2.6 --- Random Oracle Model --- p.24Chapter 3 --- Literature Review --- p.26Chapter 3.1 --- Identity Based Signatures --- p.26Chapter 3.2 --- Identity Based Encryption --- p.27Chapter 3.3 --- Identity Based Signcryption --- p.27Chapter 3.4 --- Identity Based Blind Signatures --- p.28Chapter 3.5 --- Identity Based Group Signatures --- p.28Chapter 3.6 --- Hierarchical Identity Based Cryptography --- p.29Chapter 4 --- Blind Identity Based Signcryption --- p.30Chapter 4.1 --- Schnorr's ROS problem --- p.31Chapter 4.2 --- BIBSC and Enhanced IBSC Security Model --- p.32Chapter 4.2.1 --- Enhanced IBSC Security Model --- p.33Chapter 4.2.2 --- BIBSC Security Model --- p.36Chapter 4.3 --- Efficient and Secure BIBSC and IBSC Schemes --- p.38Chapter 4.3.1 --- Efficient and Secure IBSC Scheme --- p.38Chapter 4.3.2 --- The First BIBSC Scheme --- p.43Chapter 4.4 --- Generic Group and Pairing Model --- p.47Chapter 4.5 --- Comparisons --- p.52Chapter 4.5.1 --- Comment for IND-B --- p.52Chapter 4.5.2 --- Comment for IND-C --- p.54Chapter 4.5.3 --- Comment for EU --- p.55Chapter 4.6 --- Additional Functionality of Our Scheme --- p.56Chapter 4.6.1 --- TA Compatibility --- p.56Chapter 4.6.2 --- Forward Secrecy --- p.57Chapter 4.7 --- Chapter Conclusion --- p.57Chapter 5 --- Identity Based Group Signatures --- p.59Chapter 5.1 --- New Intractability Assumption --- p.61Chapter 5.2 --- Security Model --- p.62Chapter 5.2.1 --- Syntax --- p.63Chapter 5.2.2 --- Security Notions --- p.64Chapter 5.3 --- Constructions --- p.68Chapter 5.3.1 --- Generic Construction --- p.68Chapter 5.3.2 --- An Instantiation: IBGS-SDH --- p.69Chapter 5.4 --- Security Theorems --- p.73Chapter 5.5 --- Discussions --- p.81Chapter 5.5.1 --- Other Instantiations --- p.81Chapter 5.5.2 --- Short Ring Signatures --- p.82Chapter 5.6 --- Chapter Conclusion --- p.82Chapter 6 --- Hierarchical IBS without Random Oracles --- p.83Chapter 6.1 --- New Intractability Assumption --- p.87Chapter 6.2 --- Security Model: HIBS and HIBSC --- p.89Chapter 6.2.1 --- HIBS Security Model --- p.89Chapter 6.2.2 --- Hierarchical Identity Based Signcryption (HIBSC) --- p.92Chapter 6.3 --- Efficient Instantiation of HIBS --- p.95Chapter 6.3.1 --- Security Analysis --- p.96Chapter 6.3.2 --- Ordinary Signature from HIBS --- p.101Chapter 6.4 --- Plausibility Arguments for the Intractability of the OrcYW Assumption --- p.102Chapter 6.5 --- Efficient HIBSC without Random Oracles --- p.103Chapter 6.5.1 --- Generic Composition from HIBE and HIBS --- p.104Chapter 6.5.2 --- Concrete Instantiation --- p.105Chapter 6.6 --- Chapter Conclusion --- p.107Chapter 7 --- Conclusion --- p.108Bibliography --- p.10

A novel ID-based group signature

Group signatures, first introduced by Chaum and Heyst at Eurocrypt'91, allow individual members of a group to make signatures on behalf of the group while providing the signer's anonymity. Most of the previously proposed group signature schemes are based on the discrete logarithm problem, the public keys of users are not identity information, except for the ID-based scheme proposed by Park et al. in 1997. However, Park et al.'s scheme has a serious problem, which is that all of the previous group signatures signed by other members will be no longer valid if the group is changed. Moreover, the length of the group signature grows linearly with the number of group members, which makes their proposed scheme inefficient. In this paper, the authors propose a novel ID-based group signature scheme which can solve the problem raised by the inclusion of a new group member or the exclusion of an old group member. Meanwhile, compared to Park et al.'s scheme, our scheme requires less computing time for generating the group signature and verifying the group signature. The security of the proposed ID-based group signature scheme is based on the difficulty of computing the discrete logarithm module for a composite number. (C) 1999 Elsevier Science Inc. All rights reserved

A Novel ID-based Group Signature

[[abstract]]Group signatures, first introduced by Chaum and Heyst at Eurocrypt'91, allow individual members of a group to make signatures on behalf of the group while providing the signer's anonymity. Most of the previously proposed group signature schemes are based on the discrete logarithm problem, the public keys of users are not identity information, except for the ID-based scheme proposed by Park et al. in 1997. However, Park et al.'s scheme has a serious problem, which is that all of the previous group signatures signed by other members will be no longer valid if the group is changed. Moreover, the length of the group signature grows linearly with the number of group members, which makes their proposed scheme inefficient. In this paper, the authors propose a novel ID-based group signature scheme which can solve the problem raised by the inclusion of a new group member or the exclusion of an old group member. Meanwhile, compared to Park et al.'s scheme, our scheme requires less computing time for generating the group signature and verifying the group signature. The security of the proposed ID-based group signature scheme is based on the difficulty of computing the discrete logarithm modulo for a composite number

The Study of Digital Signatures and Control Mechanisms in Computer and Communication Systems

由於電腦與通訊技術的發展，已使得資訊的儲存數位化並易於分散處理，然而此種趨勢也使得敏感或重要資訊在儲存及網路傳送時，易於遭受非法的存取與修改。因此，解決此種不法行為，發展一個安全的保護系統，對現今及未來之資訊應用皆是當務之急。一套安全的保護系統必須具有三個特性：機密性(privacy)、完整性(integrity)及有效性(availability)，而此三項特性可利用密碼學的相關技術來完成。本論文主要著眼於密碼學技術中數位簽章與控制機制之研究。在數位簽章方面，我們將探討數位簽章的特殊應用，包括群體簽章(group signature)與具有秘密通道(subliminal channel)的數位簽章。在控制機制方面，我們將探討金匙分配系統(key distribution system)、授權模式(authorization model)、存取控制(access control)與使用者確認(user authentication)的整合技術、及在使用者階層之存取控制。 在本論文中，我們首先探討群體簽章之設計。依據使用者之公開金匙的確認方式，公開金匙系統可分為三種類型：一般公開金匙系統、以身份為基(ID-based)公開金匙系統與自我認證(self-certified)公開金匙系統。依據此三類公開金匙系統，分別提出其群體簽章的方法，並研究比較其優缺點及適用範圍。此外，對於具有秘密通道的數位簽章之研究，我們將提出兩個具有秘密通道之數位簽章方法，此兩種方法皆可容許一個簽署者將多個密文隱含在一個數位簽章中。 隨著電腦網路的發展，如何使通訊雙方能在開放式網路上秘密通訊愈來愈重要。我們將依據不同的應用需求，探討三類會議金匙分配系統(conference key distribution system)。第一類是以身份為基之非交互式會議金匙系統；第二類是參與會議者是互相匿名(user anonymity)的方式；第三類是參與會議者可確認所有參與者之身份(user attendance)。依據此三類會議金匙分配系統，我們分別提出滿足不同應用需求之系統，並與前人所提之會議金匙分配系統分別做比較，我們的方法在運算效能及傳輸量上，皆優於前人所提之系統。 在授權模式及存取控制方面，我們首先提出一個適用於大型分散式超文件系統之以角色為基(role-based)的授權模式，利用此種以角色為基的授權模式，我們提出兩個結合存取控制與使用者確認功能之方法，其中一個對於使用者權限的修改非常容易；另一個則是對於使用者多權限需求，可以簡化伺服器的驗證程序。除此之外，考慮使用者與伺服器之互相確認及金匙分配，我們亦提出另一個整合方法。 由於使用者階層(user hierarchy)結構可以反應很多組織與公司之人員的權責，而使用者階層有助於存取控制管理。早期階層控制方法有如下之特性：一個層級高的使用者，可以存取層級較低之使用者的所有檔案。然而，此種方式並不適用在所有情況下，如對於一些個人私密資料，使用者並不容許其他人存取或希望限制其存取權限。因此，我們將介紹一個具有限制性存取之使用者階層結構，同時提出一個管理此種使用者階層結構的階層控制機制。Computer and communication technologies have encouraged the digital storage and the distribution of information. Such an information teleprocessing runs the risk of making sensitive or valuable information vulnerable to unauthorized access while in storage and transmission. Therefore, the problems of information security are extremely important nowadays and in the future. For information security, three characteristics have to be preserved that include privacy, integrity and availability of information. A secure protection system applying cryptographic technologies was used for achieving these characteristics of information security. In this dissertation, we investigate two major issues about cryptographic technologies. One is to design some digital signature schemes for specific applications that include group signatures and digital signatures with a subliminal channel. The other is to present some control mechanisms that include conference key distribution systems, authorization model, the integrated schemes for access control and user authentication, and access control in a user hierarchy. In this dissertation, we shall first discuss group signature. According to the authentication approach of a user's public key, the public-key cryptographic systems may be classified into three types that include the ordinary public-key system (i.e. certificate-based), the ID-based public-key system and the self-certified public-key system. Three group signature schemes based on these distinct public-key systems will be presented and the comparisons among these schemes will also be discussed. For digital signature with a subliminal channel, two digital signature schemes will be presented. Both schemes allow a signer to generate a digital signature, in which may contain two or more subliminal messages for various subliminal receivers. One scheme with a broadband channel allows multiple subliminal receivers to simultaneously extract various subliminal messages from a signature. Another is a signature scheme with a narrowband channel. With the progress in computer networks, the need to establish secure communications among users over an insecure channel has become important. We shall investigate conference key distribution systems for distinct practical applications. Three different types for conference key distribution systems are discussed and four schemes will be proposed. First type is a non-interactive approach based on ID-based public-key system. Second type is the scheme with user anonymity and two schemes are proposed. User anonymity is that the identities of participants in a conference are anonymous to each other, except for the chairperson. Third type discusses the scheme with user attendance and a new ID-based conference key distribution system for the star configuration will be presented. Compared to the previously proposed schemes respectively, our four conference key distribution systems have better performance in computational complexity and transmission efficiency. For the study of authorization and access control mechanisms, we first consider an approach for role-based access control and propose a role-based authorization model for a large distributed hypertext system. Role-based access control (RBAC) is policy neutral and particularly for commercial applications, which is an alternative to traditional access control policies. Based on the RBAC model, two integrated schemes for user authentication and access control are proposed, which are access control schemes with the integration of user authentication to prevent possible security threats between these two protection mechanisms individually. One is a dynamic scheme with an easy procedure for granting new access rights (roles) to users or revoke users old access rights. The other integrated scheme is to simplify the verification processes of servers for the multiple access requests of a user at the same time. Besides, we extend the integrated above schemes to construct a secure enterprise network within a distributed network over a public channel. Mutual authentication and key distribution between the user and the server are considered in the proposed scheme. For user hierarchy in the access control policy for information protection systems, user hierarchy is a natural way of organizing users to reflect authority and responsibility in many organizations and companies. Within this user hierarchy structure, a user is permitted to access all of the files of other users who are below him in the user hierarchy. However, this relationship is not suitable for the following situation, users desire to keep some permissions of files private to themselves and free from access from superior users. Therefore, we shall introduce a user privilege hierarchy to represent the policy that a user only inherits partial privileges from other users who are below him in a user hierarchy. Also, we shall propose a dynamic hierarchical control mechanism to maintain the relationships and the inheritable privileges among users in a user privilege hierarchy.Cover Abstract(in Chinese) Abstract(in English) Contents Chapter 1. Introduction 1.1 Research Motivation 1.2 Backgrounds 1.3 Research Results and Dissertation Organization Chapter 2. The Design of Group Signature Schemes 2.1 Related Works 2.2 A Group Sinature Scheme Using a Self-Certified Public-Key System 2.3 A Group Signature Scheme Based on the Discrete Logarithm Problem 2.4 A Novel ID-Based Group Signature Scheme 2.5 Summaries Chapter 3. Digital Signature with Subliminal Channels 3.1 Previous Works 3.2 Digital Signature Schemes with Subliminal Channels Based on the Discrete Logarithm Problem 3.3 Discussions Chapter 4. Conference Key Distribution Systems 4.1 Non-Interactive ID-Based Key Sharing Systems 4.2 Anonymous Conference Key Distribution Systems 4.3 An ID-Based Conference Key Distribution System with User Attendance 4.4 Summaries Chapter 5 .Access Control and User Authentication in Network System 5.1 A Role-Based Authorization Model for Large Distributed Hypertext System 5.2 Two Integrated Scheme of Used Authentication and Access Control 5.3 A Crytographic-Based Scheme for Secture Distributed Enterprise Networks 5.4 Summaries Chapter 6. Limited Inheritance of Privileges in a User Hierarchy 6.1 Concept of Limited Inheritance of Privileges in a User Hierarchy 6.2 A Scheme fot Limited Inheritance of Privileges in a User Hierarchy 6.3 Discussions Chapter 7. Conclusions and Future Research Problems 7.1 Overall Conclusions 7.2 Future Research Problem Refernces Vita Publications List