213 research outputs found
Universally Convertible Directed Signatures
Many variants of Chaum and van Antwerpen's undeniable signatures have been proposed to achieve specific properties desired in real-world applications of cryptography. Among them, directed signatures were introduced by Lim and Lee in 1993. Directed signatures differ from the well-known confirmer signatures in that the signer has the simultaneous abilities to confirm, deny and individually convert a signature. The universal conversion of these signatures has remained an open problem since their introduction in 1993. This paper provides a positive answer to this quest by showing a very efficient design for universally convertible directed signatures (UCDS) both in terms of computational complexity and signature size. Our construction relies on the so-called xyz-trick applicable to bilinear map groups. We define proper security notions for UCDS schemes and show that our construction is secure, in the random oracle model, under computational assumptions close to the CDH and DDH assumptions. Finally, we introduce and realize traceable universally convertible directed signatures where a master tracing key allows to link signatures to their direction
Non-delegatable Identity-based Designated Verifier Signature
Designated verifier signature is a cryptographic primitive which allows a signer to convince a designated verifier of the validity of a statement but in the meanwhile prevents the verifier from transferring this conviction to any third party. In this work we present the \emph{first} identity-based designated verifier signature scheme that supports non-delegatability, and prove its security in the random oracle model, based on computational Diffie-Hellman assumption. Our scheme is perfectly non-transferable, and its non-delegatability follows the original definition proposed by Lipmaa et al. \cite{LipmaaWaBa05}
A Pairing Based Strong Designated Verifier Signature Scheme without Random Oracles
In this study, a novel strong designated verifier signature scheme based on bilinear pairings with provable security in the standard model is proposed, while the existing ones are secure in the random oracle model. In 2007 and 2011, two strong designated verifier signature schemes in the standard model are proposed by Huang et al.
and Zhang et al., respectively; in the former, the property of privacy of the signer’s
identity is not proved and the security of the latter is based on the security of a pseudorandom
function. Our proposal can deal with the aforementioned drawbacks of the
previous schemes. Furthermore, it satisfies non-delegatability for signature verificatio
A Novel Strong Designated Verifier Signature Scheme without Random Oracles
In this study, a novel pairing based strong designated verifier signature
scheme based on non-interactive zero knowledge proofs is proposed. The security of
the proposal is presented by sequences of games without random oracles; furthermore,
this scheme has a security proof for the property of privacy of the signer’s identity in
comparison with the scheme proposed by Zhang et al. in 2007. In addition, this proposal
compared to the scheme presented by Huang et al. in 2011 supports non-delegatability.
The non-delegatability of our proposal is achieved since we do not use the common secret
key shared between the signer and the designated verifier in our construction. Furthermore,
if a signer delegates her signing capability which is derived from her secret key on
a specific message to a third party, then, the third party cannot generate a valid designated
verifier signature due to the relaxed special soundness of the non-interactive zero
knowledge proof. To the best of our knowledge, this construction is the first attempt to
generate a designated verifier signature scheme with non-delegatability in the standard
model, while satisfying of non-delegatability property is loose
Certificateless Designated Verifier Proxy Signature
Proxy signature (PS) is a kind of digital signature, in which an entity called original signer can delegate his signing rights to another entity called proxy signer. Designated verifier signature (DVS) is a kind of digital signature where the authenticity of any signature can be verified by only one verifier who is designated by the signer when generating it. Designated verifier proxy signature (DVPS) combines the idea of DVS with the concept of proxy signature (PS) and is suitable for being applied in many scenarios from e-tender, e-voting, e-auction, e-health and e-commerce, etc. Many DVPS schemes have been proposed and Identity-based DVPS (IBDVPS) schemes have also been discussed. Certificateless public-key cryptography (CL-PKC) is acknowledged as an appealing paradigm because there exists neither the certificate management issue as in traditional PKI nor private key escrow problem as in Identity-based setting. A number of certificateless designated verifier signature (CLDVS) schemes and many certificateless proxy signature (CLPS) schemes have been proposed. However, to the best of our knowledge, the concept of Certificateless Designated Verifier Proxy Signature (CLDVPS) has not been appeared in the literature.
In this paper, we formalize the definition and the security model of CLDVPS schemes. We then construct the first CLDVPS scheme and prove its security
Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data
Proof systems for verifiable computation (VC) have the potential to make cloud outsourcing more trustworthy. Recent schemes enable a verifier with limited resources to delegate large computations and verify their outcome based on succinct arguments: verification complexity is linear in the size of the inputs and outputs (not the size of the computation). However, cloud computing also often involves large amounts of data, which may exceed the local storage and I/O capabilities of the verifier, and thus limit the use of VC.
In this paper, we investigate multi-relation hash & prove schemes for verifiable computations that operate on succinct data hashes. Hence, the verifier delegates both storage and computation to an untrusted worker. She uploads data and keeps hashes; exchanges hashes with other parties; verifies arguments that consume and produce hashes; and selectively downloads the actual data she needs to access.
Existing instantiations that fit our definition either target restricted classes of computations or employ relatively inefficient techniques. Instead, we propose efficient constructions that lift classes of existing arguments schemes for fixed relations to multi-relation hash & prove schemes. Our schemes (1) rely on hash algorithms that run linearly in the size of the input; (2) enable constant-time verification of arguments on hashed inputs; (3) incur minimal overhead for the prover. Their main benefit is to amortize the linear cost for the verifier across all relations with shared I/O. Concretely, compared to solutions that can be obtained from prior work, our new hash & prove constructions yield a 1,400x speed-up for provers. We also explain how to further reduce the linear verification costs by partially outsourcing the hash computation itself, obtaining a 480x speed-up when applied to existing VC schemes, even on single-relation executions
On Designated Verifier Signature Schemes
Designated verifier signature schemes allow a signer to convince only the designated
verifier that a signed message is authentic. We define attack models on the
unforgeability property of such schemes and analyze relationships among the models. We
show that the no-message model, where an adversary is given only public keys, is
equivalent to the model, where an adversary has also oracle access to the verification
algorithm. We also show a separation between the no-message model and the chosen-message model,
where an adversary has access to the signing algorithm. Furthermore, we present a
modification of the Yang-Liao designated verifier signature scheme and prove its
security. The security of the modified scheme is based on the computational
Diffie-Hellman problem, while the original scheme requires strong Diffie-Hellman
assumption
Decentralized Threshold Signatures with Dynamically Private Accountability
Threshold signatures are a fundamental cryptographic primitive used in many
practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a
threshold signature that is a hybrid of privacy and accountability. It enables
a combiner to combine t signature shares while revealing nothing about the
threshold t or signing quorum to the public and asks a tracer to track a
signature to the quorum that generates it. However, TAPS has three
disadvantages: it 1) structures upon a centralized model, 2) assumes that both
combiner and tracer are honest, and 3) leaves the tracing unnotarized and
static. In this work, we introduce Decentralized, Threshold, dynamically
Accountable and Private Signature (DeTAPS) that provides decentralized
combining and tracing, enhanced privacy against untrusted combiners (tracers),
and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold
Public-Key Encryption (DTPKE) to dynamically notarize the tracing process,
design non-interactive zero knowledge proofs to achieve public verifiability of
notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS
and DTPKE so as to awaken the notaries securely and efficiently. In addition,
we formalize the definitions and security requirements for DeTAPS. Then we
present a generic construction and formally prove its security and privacy. To
evaluate the performance, we build a prototype based on SGX2 and Ethereum
- …