A Pairing Based Strong Designated Verifier Signature Scheme without Random Oracles

In this study, a novel strong designated verifier signature scheme based on bilinear pairings with provable security in the standard model is proposed, while the existing ones are secure in the random oracle model. In 2007 and 2011, two strong designated verifier signature schemes in the standard model are proposed by Huang et al. and Zhang et al., respectively; in the former, the property of privacy of the signer’s identity is not proved and the security of the latter is based on the security of a pseudorandom function. Our proposal can deal with the aforementioned drawbacks of the previous schemes. Furthermore, it satisfies non-delegatability for signature verificatio

A Novel Strong Designated Verifier Signature Scheme without Random Oracles

In this study, a novel pairing based strong designated verifier signature scheme based on non-interactive zero knowledge proofs is proposed. The security of the proposal is presented by sequences of games without random oracles; furthermore, this scheme has a security proof for the property of privacy of the signer’s identity in comparison with the scheme proposed by Zhang et al. in 2007. In addition, this proposal compared to the scheme presented by Huang et al. in 2011 supports non-delegatability. The non-delegatability of our proposal is achieved since we do not use the common secret key shared between the signer and the designated verifier in our construction. Furthermore, if a signer delegates her signing capability which is derived from her secret key on a specific message to a third party, then, the third party cannot generate a valid designated verifier signature due to the relaxed special soundness of the non-interactive zero knowledge proof. To the best of our knowledge, this construction is the first attempt to generate a designated verifier signature scheme with non-delegatability in the standard model, while satisfying of non-delegatability property is loose

Provably Secure Convertible Undeniable Signatures with Unambiguity

This paper shows some efficient and provably-secure convertible undeniable signature schemes (with both selective conversion and all conversion), in the standard model and discrete logarithm setting. They further satisfy unambiguity, which is traditionally required for anonymous signatures. Briefly, unambiguity means that it is hard to generate a (message, signature) pair which is valid for two {\em different} public-keys. In other words, our schemes can be viewed as anonymous signature schemes as well as convertible undeniable signature schemes. Besides other applications, we show that such schemes are very suitable for anonymous auction

New Constructions and Applications of Trapdoor DDH Groups

Trapdoor Decisional Diffie-Hellman (TDDH) groups, introduced by Dent and Galbraith (ANTS 2006), are groups where the DDH problem is hard, unless one is in possession of a secret trapdoor which enables solving it efficiently. Despite their intuitively appealing properties, they have found up to now very few cryptographic applications. Moreover, among the two constructions of such groups proposed by Dent and Galbraith, only a single one based on hidden pairings remains unbroken. In this paper, we extend the set of trapdoor DDH groups by giving a construction based on composite residuosity. We also introduce a more restrictive variant of these groups that we name \emph{static} trapdoor DDH groups, where the trapdoor only enables to solve the DDH problem with respect to a fixed pair $(G,G^x)$ of group elements. We give two constructions for such groups whose security relies respectively on the RSA and the factoring assumptions. Then, we show that static trapdoor DDH groups yield elementary constructions of convertible undeniable signature schemes allowing delegatable verification. Using our constructions of static trapdoor DDH groups from the RSA or the factoring assumption, we obtain slightly simpler variants of the undeniable signature schemes of respectively Gennaro, Rabin, and Krawczyk (J. Cryptology, 2000) and Galbraith and Mao (CT-RSA 2003). These new schemes are conceptually more satisfying since they can strictly be viewed as instantiations, in an adequate group, of the original undeniable signature scheme of Chaum and van Antwerpen (CRYPTO~\u2789)

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

Group Signature with Deniability: How to Disavow a Signature

Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, in some situations it is only required to know whether a specific user is the signer of a given signature. In this case, the use of a standard group signature may be problematic since the specified user might not be the signer of the given signature, and hence, the identity of the actual signer will be exposed. Inspired by this problem, we propose the notion of a deniable group signature, where, with respect to a signature and a user, the authority can issue a proof showing that the specified user is NOT the signer of the signature, without revealing the actual signer. We also describe a fairly practical construction by extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme

Non-Binding (Designated Verifier) Signature

We argue that there are some scenarios in which plausible deniability might be desired for a digital signature scheme. For instance, the non-repudiation property of conventional signature schemes is problematic in designing an Instant Messaging system (WPES 2004). In this paper, we formally define a non-binding signature scheme in which the Signer is able to disavow her own signature if she wants, but, the Verifier is not able to dispute a signature generated by the Signer. That is, the Signer is able to convince a third party Judge that she is the owner of a signature without disclosing her secret information. We propose a signature scheme that is non-binding and unforgeable. Our signature scheme is post-quantum secure if the underlying cryptographic primitives are post-quantum secure. In addition, a modification to our nonbinding signature scheme leads to an Instant Messaging system that is of independent interest

Dynamic hashing technique for bandwidth reduction in image transmission

Hash functions are widely used in secure communication systems by generating the message digests for detection of unauthorized changes in the files. Encrypted hashed message or digital signature is used in many applications like authentication to ensure data integrity. It is almost impossible to ensure authentic messages when sending over large bandwidth in highly accessible network especially on insecure channels. Two issues that required to be addressed are the large size of hashed message and high bandwidth. A collaborative approach between encoded hash message and steganography provides a highly secure hidden data. The aim of the research is to propose a new method for producing a dynamic and smaller encoded hash message with reduced bandwidth. The encoded hash message is embedded into an image as a stego-image to avoid additional file and consequently the bandwidth is reduced. The receiver extracts the encoded hash and dynamic hashed message from the received file at the same time. If decoding encrypted hash by public key and hashed message from the original file matches the received file, it is considered as authentic. In enhancing the robustness of the hashed message, we compressed or encoded it or performed both operations before embedding the hashed data into the image. The proposed algorithm had achieved the lowest dynamic size (1 KB) with no fix length of the original file compared to MD5, SHA-1 and SHA-2 hash algorithms. The robustness of hashed message was tested against the substitution, replacement and collision attacks to check whether or not there is any detection of the same message in the output. The results show that the probability of the existence of the same hashed message in the output is closed to 0% compared to the MD5 and SHA algorithms. Amongst the benefits of this proposed algorithm is computational efficiency, and for messages with the sizes less than 1600 bytes, the hashed file reduced the original file up to 8.51%

Special Signature Schemes and Key Agreement Protocols

This thesis is divided into two distinct parts. The first part of the thesis explores various deniable signature schemes and their applications. Such schemes do not bind a unique public key to a message, but rather specify a set of entities that could have created the signature, so each entity involved in the signature can deny having generated it. The main deniable signature schemes we examine are ring signature schemes. Ring signatures can be used to construct designated verifier signature schemes, which are closely related to designated verifier proof systems. We provide previously lacking formal definitions and security models for designated verifier proofs and signatures and examine their relationship to undeniable signature schemes. Ring signature schemes also have applications in the context of fair exchange of signatures. We introduce the notion of concurrent signatures, which can be constructed using ring signatures, and which provide a "near solution" to the problem of fair exchange. Concurrent signatures are more efficient than traditional solutions for fair exchange at the cost of some of the security guaranteed by traditional solutions. The second part of the thesis is concerned with the security of two-party key agreement protocols. It has traditionally been difficult to prove that a key agreement protocol satisfies a formal definition of security. A modular approach to constructing provably secure key agreement protocols was proposed, but the approach generally results in less efficient protocols. We examine the relationships between various well-known models of security and introduce a modular approach to the construction of proofs of security for key agreement protocols in such security models. Our approach simplifies the proof process, enabling us to provide proofs of security for several efficient key agreement protocols in the literature that were previously unproven