On the Forgeability of Wang-Tang-Li\u27s ID-Based Restrictive Partially Blind Signature

Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of {\bf unforgeability} as claimed. More precisely, a user can forge a valid message-signature pair $(ID, msg, {\bf info\u27}, \sigma\u27)$ instead of the original one $(ID, msg, {\bf info}, \sigma)$, where {\bf info} is the original common agreed information and ${\bf info}\u27\neq {\bf info}$. Therefore, it will be much dangerous if Wang-Tang-Li\u27s ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of \$100 to a user, while the user can change the denomination of the coin (bill) to any value, say \$100, 000, 000, at his will

Classification of Signature-only Signature Models

We introduce a set of criterions for classifying signature-only signature models. By the criterions, we classify signature models into 5 basic types and 69 general classes. Theoretically, 21140 kinds of signature models can be deduced by appropriately combining different general classes. The result comprises almost existing signature models. We also contribute a lot of new signature models. Moreover, we find the three signature models, i.e., group-nominee signature, multi-nominee signature and threshold-nominee signature, are of great importance in light of our classification

Anonymous Tokens with Public Metadata and Applications to Private Contact Tracing

Anonymous single-use tokens have seen recent applications in private Internet browsing and anonymous statistics collection. We develop new schemes in order to include public metadata such as expiration dates for tokens. This inclusion enables planned mass revocation of tokens without distributing new keys, which for natural instantiations can give 77 % and 90 % amortized traffic savings compared to Privacy Pass (Davidson et al., 2018) and DIT: De-Identified Authenticated Telemetry at Scale (Huang et al., 2021), respectively. By transforming the public key, we are able to append public metadata to several existing protocols essentially without increasing computation or communication. Additional contributions include expanded definitions, a more complete framework for anonymous single-use tokens and a description of how anonymous tokens can improve the privacy in dp3t-like digital contact tracing applications. We also extend the protocol to create efficient and conceptually simple tokens with both public and private metadata, and tokens with public metadata and public verifiability from pairings

On the (in)security of ROS

We present an algorithm solving the ROS (Random inhomogeneities in a Overdetermined Solvable system of linear equations) problem in polynomial time for l > log p dimensions. Our algorithm can be combined with Wagner’s attack, and leads to a sub-exponential solution for any dimension l with best complexity known so far. When concurrent executions are allowed, our algorithm leads to practical attacks against unforgeability of blind signature schemes such as Schnorr and Okamoto--Schnorr blind signatures, threshold signatures such as GJKR and the original version of FROST, multisignatures such as CoSI and the two-round version of MuSig, partially blind signatures such as Abe-Okamoto, and conditional blind signatures such as ZGP17. Schemes for e-cash (such as Brands\u27 signature) and anonymous credentials (such as Anonymous Credentials Light) inspired from the above are also affected

Identity based blind signaturescheme based upon DLP

Blind Signature scheme deals with the concept where requester sends the request that the signer should sign on a blind message. Anyone can verify the signature after publishing the information without any restriction. The proposed scheme having the property of both concept, Identity based as well as Blind Signature using DLP. With the help of Identity Based system we can easily archive the public key certification without key-management setting. In several ID based scheme ID map into an Elliptic curve, but we have a novel techniques to solve this problem. We have proposed a scheme that is based on Discrete logarithm problem.We have proved that our scheme meets all essential and secondary security prematurity. In addition we have given the mathematically and pragmatically correctness of our scheme. As our best of knowledge, we give the first discussion on these two notation. Also, we proved that our scheme fulfill all criteria that should be meet in a blind signature scheme.Our proposed scheme can be used in an E-commerce, E-voting and E-cashing anywhere without any restriction.We have given an application of E-cashing using our scheme

SoK: Privacy-Preserving Signatures

Modern security systems depend fundamentally on the ability of users to authenticate their communications to other parties in a network. Unfortunately, cryptographic authentication can substantially undermine the privacy of users. One possible solution to this problem is to use privacy-preserving cryptographic authentication. These protocols allow users to authenticate their communications without revealing their identity to the verifier. In the non-interactive setting, the most common protocols include blind, ring, and group signatures, each of which has been the subject of enormous research in the security and cryptography literature. These primitives are now being deployed at scale in major applications, including Intel\u27s SGX software attestation framework. The depth of the research literature and the prospect of large-scale deployment motivate us to systematize our understanding of the research in this area. This work provides an overview of these techniques, focusing on applications and efficiency

Anonymous Credentials Light

We define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the unlinkability requirement of anonymous credentials. Our new notion in contrast is a convenient building block for anonymous credential systems. The construction we propose is efficient: it requires just a few exponentiations in a prime-order group in which the decisional Diffie-Hellman problem is hard. Thus, for the first time, we give a provably secure construction of anonymous credentials that can work in the elliptic group setting without bilinear pairings. In contrast, prior provably secure constructions were based on the RSA group or on groups with pairings, which made them prohibitively inefficient for mobile devices, RFIDs and smartcards. The only prior efficient construction that could work in such elliptic curve groups, due to Brands, does not have a proof of security

Privacy Enhancing Protocols using Pairing Based Cryptography

This thesis presents privacy enhanced cryptographic constructions, consisting of formal definitions, algorithms and motivating applications. The contributions are a step towards the development of cryptosystems which, from the design phase, incorporate privacy as a primary goal. Privacy offers a form of protection over personal and other sensitive data to individuals, and has been the subject of much study in recent years. Our constructions are based on a special type of algebraic group called bilinear groups. We present existing cryptographic constructions which use bilinear pairings, namely Identity-Based Encryption (IBE). We define a desirable property of digital signatures, blindness, and present new IBE constructions which incorporate this property. Blindness is a desirable feature from a privacy perspective as it allows an individual to obscure elements such as personal details in the data it presents to a third party. In IBE, blinding focuses on obscuring elements of the identity string which an individual presents to the key generation centre. This protects an individual's privacy in a direct manner by allowing her to blind sensitive elements of the identity string and also prevents a key generation centre from subsequently producing decryption keys using her full identity string. Using blinding techniques, the key generation centre does not learn the full identity string. In this thesis, we study selected provably-secure cryptographic constructions. Our contribution is to reconsider the design of such constructions with a view to incorporating privacy. We present the new, privacy-enhanced cryptographic protocols using these constructions as primitives. We refine useful existing security notions and present feasible security definitions and proofs for these constructions