52 research outputs found

    Review on multisignature schemes based upon DLP

    Get PDF
    In digital signature schemes a user is allowed to sign a document by using a public key infrastructure (PKI). For signing a document, the sender encrypts the hash of the document by using his private key. Then, the verifier uses the signer’s public key to decrypt the received signature and to check if it matches the document hash. Generally a digital signature scheme demands only one signer to sign a message so that the validity of the signature can be checked later. But under some situations a group of signers is required to sign a message cooperatively, so that a single verifier or a group of verifiers can check the validity of the given signature. This scheme is known as a multisignature. A multisignature scheme is one of the tools in which plural entities can sign a document more efficiently than they realize it by trivially constructing single signatures. In general, in a multisignature scheme, the total signature size and the verification cost are smaller than those in the trivially constructed scheme. Thus, plural signers can collectively and efficiently sign an identical message. There are different base primitives describing the type of numerical problems upon which the underlying security scheme is based on. In this thesis, some of the most important DLP based multisignature schemes are presented. A categorization between these different existing schemes has been shown, along with their pros and cons

    多人数署名の証明可能安全性に関する研究

    Get PDF
    筑波大学 (University of Tsukuba)201

    XML security in XML data integrity, authentication, and confidentiality

    Get PDF
    The widely application of XML has increasingly required high security. XML security confronts some challenges that are strong relating to its features. XML data integrity needs to protect element location information and contextreferential meaning as well as data content integrity under fine-grained security situations. XML data authentication must satisfy a signing process under a dependent and independent multi-signature generation scenario. When several different sections are encrypted within the XML data, it cannot query the encrypted contents without decrypting the encrypted portions. The technologies relating to XML security demand further development. This thesis aims to improve XML security relative technologies, and make them more practicable and secure. A novel revocation information validation approach for X.509 certificate is proposed based on the XML digital signature technology. This approach reduces the complexity of XKMS or PKI systems because it eliminates the requirement for additional revocation checking from XKMS or CA. The communication burden between server and client could be alleviated. The thesis presents the context-referential integrity for XML data. An integrity solution for XML data is also proposed based on the concatenated hash function. The integrity model proposed not only ensures XML data content integrity, but also protects the structure integrity and elements’ context relationship within an XML data. If this model is integrated into XML signature technology, the signature cannot be copied to another document still keeping valid. A new series-parallel XML multi-signature scheme is proposed. The presented scheme is a mixed order specified XML multi-signature scheme according to a dependent and independent signing process. Using presented XML data integrity-checking pool to provide integrity-checking for decomposed XML data, it makes signing XPath expression practicable, rather than signing XML data itself. A new labeling scheme for encrypted XML data is presented to improve the efficiency of index information maintenance which is applied to support encrypted XML data query processing. The proposed labelling scheme makes maintenance index information more efficient, and it is easy to update XML data with decreasing the number of affected nodes to the lowest. In order to protect structural information for encrypted XML data, the encrypted nodes are removed from original XML data, and structural information is hidden. A case study is carried out to demonstrate how the proposed XML security relative approaches and schemes can be applied to satisfy fine-grained XML security in calibration certificate management.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

    Security in Wireless Medical Networks

    Get PDF

    TSKY: a dependable middleware solution for data privacy using public storage clouds

    Get PDF
    Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaThis dissertation aims to take advantage of the virtues offered by data storage cloud based systems on the Internet, proposing a solution that avoids security issues by combining different providers’ solutions in a vision of a cloud-of-clouds storage and computing. The solution, TSKY System (or Trusted Sky), is implemented as a middleware system, featuring a set of components designed to establish and to enhance conditions for security, privacy, reliability and availability of data, with these conditions being secured and verifiable by the end-user, independently of each provider. These components, implement cryptographic tools, including threshold and homomorphic cryptographic schemes, combined with encryption, replication, and dynamic indexing mecha-nisms. The solution allows data management and distribution functions over data kept in different storage clouds, not necessarily trusted, improving and ensuring resilience and security guarantees against Byzantine faults and at-tacks. The generic approach of the TSKY system model and its implemented services are evaluated in the context of a Trusted Email Repository System (TSKY-TMS System). The TSKY-TMS system is a prototype that uses the base TSKY middleware services to store mailboxes and email Messages in a cloud-of-clouds

    Two results on spontaneous anonymous group signatures.

    Get PDF
    Chan Kwok Leong.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 72-78).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 2 --- Preliminaries --- p.4Chapter 2.1 --- Notation --- p.4Chapter 2.2 --- Cryptographic Primitives --- p.5Chapter 2.2.1 --- Symmetric Key Cryptography --- p.5Chapter 2.2.2 --- Asymmetric Key Cryptosystem --- p.6Chapter 2.2.3 --- Secure Hash Function --- p.7Chapter 2.2.4 --- Digital Signature --- p.8Chapter 2.2.5 --- Digital Certificate and Public Key Infrastructure --- p.8Chapter 2.3 --- Provable Security and Security Model --- p.9Chapter 2.3.1 --- Mathematics Background --- p.9Chapter 2.3.2 --- One-Way Function --- p.10Chapter 2.3.3 --- Candidate One-way Functions --- p.12Chapter 2.4 --- Proof Systems --- p.15Chapter 2.4.1 --- Zero-knowledge Protocol --- p.15Chapter 2.4.2 --- Proof-of-Knowledge Protocol --- p.17Chapter 2.4.3 --- Honest-Verifier Zero-Knowledge (HVZK) Proof of Knowl- edge Protocols (PoKs) --- p.18Chapter 2.5 --- Security Model --- p.19Chapter 2.5.1 --- Random Oracle Model --- p.19Chapter 2.5.2 --- Generic group model (GGM) --- p.20Chapter 3 --- Signature Scheme --- p.21Chapter 3.1 --- Introduction --- p.21Chapter 3.2 --- Security Notation for Digital Signature --- p.23Chapter 3.3 --- Security Proof for Digital Signature --- p.24Chapter 3.3.1 --- Random Oracle Model for Signature Scheme --- p.24Chapter 3.3.2 --- Adaptive Chosen Message Attack --- p.24Chapter 3.4 --- Schnorr Identification and Schnorr Signature --- p.25Chapter 3.4.1 --- Schnorr's ROS assumption --- p.26Chapter 3.5 --- Blind Signature --- p.27Chapter 4 --- Spontaneous Anonymous Group (SAG) Signature --- p.30Chapter 4.1 --- Introduction --- p.30Chapter 4.2 --- Background --- p.30Chapter 4.2.1 --- Group Signature --- p.30Chapter 4.2.2 --- Threshold Signature --- p.31Chapter 4.3 --- SAG signatures --- p.33Chapter 4.4 --- Formal Definitions and Constructions --- p.35Chapter 4.4.1 --- Ring-type construction --- p.36Chapter 4.4.2 --- CDS-type construction --- p.36Chapter 4.5 --- Discussion --- p.37Chapter 5 --- Blind Spontaneous Anonymous Signature --- p.39Chapter 5.1 --- Introduction --- p.39Chapter 5.2 --- Definition --- p.40Chapter 5.2.1 --- Security Model --- p.41Chapter 5.2.2 --- Definitions of security notions --- p.41Chapter 5.3 --- Constructing blind SAG signatures --- p.43Chapter 5.3.1 --- Blind SAG signature: CDS-type [1] --- p.43Chapter 5.3.2 --- "Blind SAG signature: ring-type [2, 3]" --- p.44Chapter 5.4 --- Security Analysis --- p.44Chapter 5.4.1 --- Multi-key parallel one-more unforgeability of blind signature --- p.45Chapter 5.4.2 --- Security of our blind SAG signatures --- p.47Chapter 5.5 --- Discussion --- p.49Chapter 6 --- Linkable Spontaneous Anonymous Group Signature --- p.51Chapter 6.1 --- introduction --- p.51Chapter 6.2 --- Related work --- p.51Chapter 6.3 --- Basic Building Blocks --- p.52Chapter 6.3.1 --- Proving the Knowledge of Several Discrete Logarithms --- p.53Chapter 6.3.2 --- Proving the Knowledge of d Out of n Equalities of Discrete Logarithms --- p.55Chapter 6.4 --- Security Model --- p.57Chapter 6.4.1 --- Syntax --- p.57Chapter 6.4.2 --- Notions of Security --- p.59Chapter 6.5 --- Our Construction --- p.63Chapter 6.5.1 --- An Linkable Threshold SAG Signature Scheme --- p.63Chapter 6.5.2 --- Security --- p.65Chapter 6.5.3 --- Discussions --- p.67Chapter 7 --- Conclusion --- p.70Bibliography --- p.7

    Digital certificates and threshold cryptography

    Get PDF
    This dissertation discusses the use of secret sharing cryptographic protocols for distributing and sharing of secret documents, in our case PDF documents. We discuss the advantages and uses of such a system in the context of collaborative environments. Description of the cryptographic protocol involved and the necessary Public Key Infrastructure (PKI) shall be presented. We also provide an implementation of this framework as a “proof of concept” and fundament the use of a certificate extension as the basis for threshold cryptography. Details of the shared secret distribution protocol and shared secret recovery protocol shall be given as well as the associated technical implementation details. The actual secret sharing algorithm implemented at this stage is based on an existing well known secret sharing scheme that uses polynomial interpolation over a finite field. Finally we conclude with a practical assessment of our prototype

    Decentralizing Trust with Resilient Group Signatures in Blockchains

    Get PDF
    Blockchains have the goal of promoting the decentralization of transactions in a P2Pbased internetworking model that does not depend on centralized trust parties. Along with research on better scalability, performance, consistency control, and security guarantees in their service planes, other challenges aimed at better trust decentralization and fairness models on the research community’s agenda today. Asymmetric cryptography and digital signatures are key components of blockchain systems. As a common flaw in different blockchains, public keys and verification of single-signed transactions are handled under the principle of trust centralization. In this dissertation, we propose a better fairness and trust decentralization model by proposing a service plane for blockchains that provides support for collective digital signatures and allowing transactions to be collaboratively authenticated and verified with groupbased witnessed guarantees. The proposed solution is achieved by using resilient group signatures from randomly and dynamically assigned groups. In our approach we use Threshold-Byzantine Fault Tolerant Digital Signatures to improve the resilience and robustness of blockchain systems while preserving their decentralization nature. We have designed and implemented a modular and portable cryptographic provider that supports operations expressed by smart contracts. Our system is designed to be a service plane agnostic and adaptable to the base service planes of different blockchains. Therefore, we envision our solution as a portable, adaptable and reusable plugin service plane for blockchains, as a way to provide authenticated group-signed transactions with decentralized auditing, fairness, and long-term security guarantees and to leverage a better decentralized trust model. We conducted our experimental evaluations in a cloudbased testbench with at least sixteen blockchain nodes distributed across four different data centers, using two different blockchains and observing the proposed benefits.As blockchains tem principal objetivo de promover a descentralização das transações numa rede P2P, baseada num modelo não dependente de uma autoridade centralizada. Em conjunto com maior escalabilidade, performance, controlos de consistência e garantias de segurança nos planos de serviço, outros desafios como a melhoria do modelo de descentralização e na equidade estão na agenda da comunidade científica. Criptografia assimétrica e as assinaturas digitais são a componente chave dos sistemas de blockchains. Porém, as blockchains, chaves públicas e verificações de transações assinadas estão sobre o princípio de confiança centralizada. Nesta dissertação, vamos propor uma solução que inclui melhores condições de equidade e descentralização de confiança, modelado por um plano de serviços para a blockchain que fornece suporte para assinaturas coletivas e permite que as transações sejam autenticadas colaborativamente e verificadas com garantias das testemunhadas. Isto será conseguido usando assinaturas resilientes para grupos formados de forma aleatória e dinamicamente. A nossa solução para melhorar a resiliência das blockchains e preservar a sua natureza descentralizada, irá ser baseada em assinaturas threshold à prova de falhas Bizantinas. Com esta finalidade, iremos desenhar e implementar um provedor criptográfico modelar e portável para suportar operações criptográficas que podem ser expressas por smart-contracts. O nosso sistema será desenhado de uma forma agnóstica e adaptável a diferentes planos de serviços. Assim, imaginamos a nossa solução como um plugin portável e adaptável para as blockchains, que oferece suporte para auditoria descentralizada, justiça, e garantias de longo termo para criar modelo melhor da descentralização da base de confiança. Iremos efetuar as avaliações experimentais na cloud, correndo o nosso plano de serviço com duas implementações de blockchain e pelo menos dezasseis nós distribuídos em quatro data centres, observando os benefícios da solução proposta
    corecore