On the Security of a Proxy Blind Signature Scheme over Braid Groups

A proxy blind signature scheme is the combination of proxy signature and blind signature scheme. In 2009,Verma proposed a proxy blind signature scheme over braid groups. Verma claimed that the proposed scheme is secure against all possible security lapses and also satisfy all essential security attributes.This paper analyzes Verma’s proposed scheme and found that this scheme suffers with the serious security vulnerabilities. This paper show that the proposed scheme does not satisfy unforgeability and unlinkability, which are two essential security requirement of a secure proxy blind signature scheme

A Strong Blind Signature Scheme over Braid Groups

The rapid development of quantum computing makes public key cryptosystems not based on commutative algebraic systems hot topic. Because of the non-commutativity property, the braid group with braid index more than two becomes a new candidate for constructing cryptographic protocols. A strong blind signature scheme is proposed based on the difficulty of the one-more matching conjugacy problem in the braid groups, in which the signer can not relate the signature of the blinded message to that of the original message. The usage of random factor ensures that the blind signatures of the same message are different and avoids the weakness of simultaneous conjugating. The scheme can resist the adaptively chosen-message attack under the random oracle model

Linkability of Blind Signature Schemes over Braid Groups

Blindness and unforgeability are two essential security requirements of a secure blind signature scheme. Blindness means that after interacting with various users, the signer can never be able to link a valid message pair. Blindness is meaningless if after interacting with various users, the signer is able to link a valid message signature pair. This security vulnerability is known as linkability attack. Recently, Verma proposed two blind signature schemes over braid groups. Verma claimed that the proposed schemes are secure against all possible security vulnerabilities and also satisfy all essential securities properties.This paper reviews Verma’s proposed blind signature schemes and found that these scheme do not withstand against the linkability vulnerability

Security Analysis and Design of Proxy Signature Schemes over Braid Groups

The braid groups have attracted much attention as a new platform of constructing cryptosystems. This paper firstly analyzes the security vulnerabilities of existing proxy signature schemes over braid groups and presents feasible attacks. Then a new proxy signature scheme is proposed based on the difficulty of the conjugacy search problem and the multiple conjugacy search problem. Security analysis shows that the proposed scheme satisfies the security requirements of proxy signature

A KEY EXCHANGE PROTOCOL USING CONJUGACY PROBLEM IN THE DIVISION SEMIRINGS

In this article, we present a new key exchange protocol which works in the division semiring. We prove that the protocol meets the security of key establishment based on the conjugacy search problem and security attribute also discussed

Analysis and improvement of a certificateless proxy blind signature

通过对葛荣亮等人提出的无证书代理盲签名方案进行分析,从中发现该方案会引起公钥替换攻击和恶意但是被动的kgC攻击。为了解决此方案的安全性缺陷,提出了一种改进方案。分析表明,改进的新方案满足无证书代理盲签名方案的所有安全性要求,并且拥有与原方案相同的计算效率。Through the cryptanalysis of a certificateless proxy blind signature scheme proposed by Ge Rong-liang,it find that this scheme can cause the public replacement attack and malicious-but-passive KGC attack.To avoid these attacks,this paper proposed a new improved scheme.Analysis result shows that the new improved shceme satisfies the requirements of proxy blind signature scheme and has the same computational efficiency compared with the original scheme.国家自然科学基金资助项目(11261060); 福建省自然科学基金资助项目(2012J01022); 新疆研究生科研创新资助项目(XJGRI2013130

Способы и алгоритмы псевдовероятностного шифрования с разделяемым ключом

As a method for providing security of the messages sent via a public channel in the case of potential coercive attacks there had been proposed algorithms and protocols of deniable encryption. The lasts are divided on the following types: 1) schemes with public key, 2) schemes with shares secret key, and 3) no-key schemes. There are introduced pseudo-probabilistic symmetric ciphers that represent a particular variant of implementing deniable encryption algorithms. It is discussed application of the pseudo-probabilistic encryption for constructing special mechanisms of the information protection including steganographic channels hidden in ciphertexts. There are considered methods for designing stream and block pseudo-probabilistic encryption algorithms that implement simultaneous ciphering fake and secret messages so that the generated ciphertext is computationally indistinguishable from the ciphertext obtained as output of the probabilistic encryption of the fake message. The requirement of the ciphertext indistinguishability from the probabilistic encryption has been used as one of the design criteria. To implement this criterion in the construction scheme of the pseudo-probabilistic ciphers it is included step of bijective mapping pairs of intermediate ciphertext blocks of the fake and secret messages into a single expanded block of the output ciphertext. Implementations of the pseudo-probabilistic block ciphers in which algorithms for recovering the fake and secret messages coincide completely are also considered. There are proposed general approaches to constructing no-key encryption protocols and randomized pseudo-probabilistic block ciphers. Concrete implementations of the cryptoschemes of such types are presented.В качестве способа обеспечения секретности сообщений, переданных в зашифрованном виде по открытым каналам связи, при потенциальных атаках с принуждением к раскрытию ключей шифрования предложены алгоритмы и протоколы отрицаемого шифрования, которые разделяются на следующие типы: 1) с открытым ключом; 2) с разделяемым секретным ключом; 3) бесключевые. В статье представлены псевдовероятностные симметричные шифры, представляющие собой специальный вариант реализации алгоритмов отрицаемого шифрования. Обсуждается применение псевдовероятностного шифрования для построения специальных механизмов защиты информации, в том числе стеганографических каналов, носителями которых являются шифртексты. Рассмотрены способы построения поточных и блочных алгоритмов псевдовероятностного шифрования, реализующих совместное шифрование фиктивного и секретного сообщения таким образом, что формируемый шифртекст является вычислительно неразличимым от шифртекста, получаемого в результате вероятностного шифрования фиктивного сообщения. В качестве одного из критериев построения использовано требование неотличимости по шифртексту псевдовероятностного шифрования от вероятностного. Для реализации этого требования в схеме построения псевдоверояностных шифров используется шаг взаимно-однозначного отображения пар блоков промежуточных шифртекстов фиктивного и секретного сообщений в единый расширенный блок выходного шифртекста. Описаны реализации псевдовероятностных блочных шифров, в которых алгоритмы расшифровывания фиктивного и секретного сообщений полностью совпадают. Предложены общие подходы к построению псевдовероятностных протоколов бесключевого шифрования и рандомизированных псевдовероятностных блочных шифров, а также приведены конкретные реализации криптосхем данных типов

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents