Further discussions on the security of a nominative signature scheme

A nominative signature scheme allows a nominator (or signer) and a nominee (or veri¯er) to jointly generate and publish a signature in such a way that only the nominee can verify the signature and if nec- essary, only the nominee can prove to a third party that the signature is valid. In a recent work, Huang and Wang proposed a new nominative signature scheme which, in addition to the above properties, only allows the nominee to convert a nominative signature to a publicly veri¯able one. In ACISP 2005, Susilo and Mu presented several algorithms and claimed that these algorithms can be used by the nominator to verify the validity of a published nominative signature, show to a third party that the signature is valid, and also convert the signature to a publicly veri¯able one, all without any help from the nominee. In this paper, we point out that Susilo and Mu\u27s attacks are actually incomplete and in- accurate. In particular, we show that there exists no e±cient algorithm for a nominator to check the validity of a signature if this signature is generated by the nominator and the nominee honestly and the Decisional Di±e-Hellman Problem is hard. On the other hand, we point out that the Huang-Wang scheme is indeed insecure, since there is an attack that allows the nominator to generate valid nominative signatures alone and prove the validity of such signatures to a third party

Efficient Construction of Nominative Signature Secure under Symmetric Key Primitives and Standard Assumptions on Lattice

Nominative signature is a cryptographic primitive where two parties collude to produce a signature. It is a user certification system and has applications in variety of sectors where nominee cannot trust heavily on the nominator to validate nominee’s certificate and only targeted entities are allowed to verify signature on sensitive data. We provide a new construction for nominative signature from standard assumptions on lattice. Our construction relies on collision resistant preimage sampleable function and symmetric key primitives like collision resistant pseudorandom function and zero knowledge proof system ZKB++ for Boolean circuits. We provide a detailed security analysis and show that our construction achieves security under unforgeability, invisibility, impersonation and non-repudiation in existing model. Furthermore, our construction exhibits non-transferability. The security under non-repudiation is achieved in the quantum random oracle model using Unruh transform to ZKB++

Will Fair Use Survive? Free Expression in the Age of Copyright Control

"Fair use" is a crucial exception to "intellectual property" controls - it allows users to publish, distribute, or reproduce copyrighted or trademarked material without permission, for certain purposes. But extensive research, including statistical analysis and scores of firsthand stories from artists, writers, bloggers, and others, shows that many producers of creative works are wary of claiming fair use for fear of getting sued. The result is a serious chilling effect on creative expression and democratic discussion.Several factors must be considered in deciding whether a use of copyrighted material is "fair." Four factors identified in the copyright law are: 1) the purpose and character of the new work; 2) the nature of the original work; 3) the amount and substantiality of the original work that was used; and 4) the effect of the new work on the market for the original. Examples of fair use are criticism, commentary, news reporting, scholarship, and "multiple copies for classroom use." "Will Fair Use Survive?" suggests the need for strengthening fair use so that it can be an effective tool for anyone who contributes to culture and democratic discourse. The report finds: Artists, writers, historians, and filmmakers are burdened by a "clearance culture" that ignores fair use and forces them to seek permission (which may be denied) and pay high license fees in order to use even small amounts of copyrighted or trademarked material.The 1998 Digital Millennium Copyright Act (the DMCA) is being used by copyright owners to pressure Internet service providers to take down material from their servers on the mere assertion that it is infringing, with no legal judgment and no consideration of fair use.An analysis of 320 letters on the Chilling Effects website, an online repository of threatening cease and desist and "take down" letters, showed that nearly 50% of the letters had the potential to stifle protected speech. Report Highlights:The giant Bank of America sent a threatening letter to a small ceramic piggy bank company called Piggy Bank of America, claiming its use of the name was a trademark violation.A "planetary enlightenment" group called Avatar consistently suppressed online discussion group postings critical of its program by using DMCA "take down" letters.MassMutual sent a cease and desist letter to the gripe site "MassMutualSuks.com," claiming trademark infringement.Mattel sued artist Tom Forsythe for his series of "Food Chain Barbies," acerbic commentaries on Mattel's role in perpetuating gender inequality. Only after a long, bruising court fight did Forsythe win the right to parody Barbie.The report recommends: creating a clearinghouse for information, including sample replies to cease and desist and "take down" letters; outreach to Internet service providers who are instructed by companies to take down sites with material they claim as copyright-protected; changes in the law to reduce the penalty for guessing wrong about fair use; and the creation of a national pro bono legal support network.On December 15, 2005, Representatives Rick Boucher, Zoe Lofgren, and John Doolittle circulated a "Dear Colleague" letter praising the report for explaining why fair use "is a crucial part of our copyright law," and why legislation is needed to secure fair use rights in the digital environment

Делопроизводство : курс лекций для студентов неэкономических специальностей

В курсе лекций излагаются требования и рекомендации для работы с документами с момента их возникновения до момента передачи в архив или уничтожения. Конспект лекций основывается на действующей нормативной базе в области делопроизводства и призван помочь в подготовке квалифицированного персонала, а также в решении практических вопросов, которые возникают в деятельности организации при работе с документами

暗号要素技術の一般的構成を介した高い安全性・高度な機能を備えた暗号要素技術の構成

Recent years have witnessed an active research on cryptographic primitives with complex functionality beyond simple encryption or authentication. A cryptographic primitive is required to be proposed together with a formal model of its usage and a rigorous proof of security under that model.This approach has suffered from the two drawbacks: (1) security models are defined in a very specific manner for each primitive, which situation causes the relationship between these security models not to be very clear, and (2) no comprehensive ways to confirm that a formal model of security really captures every possible scenarios in practice.This research relaxes these two drawbacks by the following approach: (1) By observing the fact that a cryptographic primitive A should be crucial for constructing another primitive B, we identify an easy-to-understand approach for constructing various cryptographic primitives.(2) Consider a situation in which there are closely related cryptographic primitives A and B, and the primitive A has no known security requirement that corresponds to some wellknown security requirement (b) for the latter primitive B.We argue that this situation suggests that this unknown security requirement for A can capture some practical attack. This enables us to detect unknown threats for various cryptographic primitives that have been missed bythe current security models.Following this approach, we identify an overlooked security threat for a cryptographic primitive called group signature. Furthermore, we apply the methodology (2) to the “revocable”group signature and obtain a new extension of public-key encryption which allows to restrict a plaintext that can be securely encrypted.通常の暗号化や認証にとどまらず, 複雑な機能を備えた暗号要素技術の提案が活発になっている. 暗号要素技術の安全性は利用形態に応じて, セキュリティ上の脅威をモデル化して安全性要件を定め, 新方式はそれぞれ安全性定義を満たすことの証明と共に提案される.既存研究では, 次の問題があった: (1) 要素技術ごとに個別に安全性の定義を与えているため, 理論的な体系化が不十分であった. (2) 安全性定義が実用上の脅威を完全に捉えきれているかの検証が難しかった.本研究は上記の問題を次の考え方で解決する. (1) ある要素技術(A) を構成するには別の要素技術(B) を部品として用いることが不可欠であることに注目し, 各要素技術の安全性要件の関連を整理・体系化して, 新方式を見通し良く構成可能とする. (2) 要素技術(B)で考慮されていた安全性要件(b) に対応する要素技術(A) の安全性要件が未定義なら, それを(A) の新たな安全性要件(a) として定式化する. これにより未知の脅威の検出が容易になる.グループ署名と非対話開示機能付き公開鍵暗号という2 つの要素技術について上記の考え方を適用して, グループ署名について未知の脅威を指摘する.また, 証明書失効機能と呼ばれる拡張機能を持つグループ署名に上記の考え方を適用して, 公開鍵暗号についての新たな拡張機能である, 暗号化できる平文を制限できる公開鍵暗号の効率的な構成法を明らかにする.電気通信大学201

Post quantum proxy signature scheme based on the multivariate public key cryptographic signature

Proxy signature is a very useful technique which allows the original signer to delegate the signing capability to a proxy signer to perform the signing operation. It finds wide applications especially in the distributed environment where the entities such as the wireless sensors are short of computational power and needed to be convinced to the authenticity of the server. Due to less proxy signature schemes in the post-quantum cryptography aspect, in this article, we investigate the proxy signature in the post-quantum setting so that it can resist against the potential attacks from the quantum adversaries. A general multivariate public key cryptographic proxy scheme based on a multivariate public key cryptographic signature scheme is proposed, and a heuristic security proof is given for our general construction. We show that the construction can reach Existential Unforgeability under an Adaptive Chosen Message Attack with Proxy Key Exposure assuming that the underlying signature is Existential Unforgeability under an Adaptive Chosen Message Attack. We then use our general scheme to construct practical proxy signature schemes for three well-known and promising multivariate public key cryptographic signature schemes. We implement our schemes and compare with several previous constructions to show our efficiency advantage, which further indicates the potential application prospect in the distributed network environment