A Postpaid Micropayment Scheme with Revocable Customers' Anonymity

[[abstract]]A new postpaid micropayment scheme is first proposed to protect customers' anonymity and provides customers' convenience. Due to customers' anonymity, customers can anonymously transact with merchants and obtain the goods/services before being charged. This scheme satisfies three properties of anonymity. First, the customer's identity is protected by a pseudonym. Second, the adversary cannot figure anonymous customers out by tracing their payments. Third, there is a trusted authority to revoke customers' anonymity when some disputes happen. On the other hand, the postpaid function provides customers with the convenience of using the credit to buy goods/services.[[notice]]補正完畢[[journaltype]]國際[[incitationindex]]EI[[booktype]]紙本[[countrycodes]]TW

A Unlinkable Delegation-based Authentication Protocol with Users’ Non-repudiation for Portable Communication Systems

[[abstract]]For portable communication systems, the delegation-based authentication protocol provides efficient subsequent login authentication, data confidentiality, user privacy protection, and non-repudiation. However, in all proposed protocols, the non-repudiation of mobile users is based on an unreasonable assumption that home location registers are always trusted. To weaken this assumption and enhance the nonrepudiation of mobile users, a new delegation-based authentication protocol is proposed. The new protocol also removes the exhaustive search problem of the subsequent login authentication to improve the subsequent login authentication performance. Moreover, the user unlinkability in the subsequent login authentication is also provided to enhance the user identity privacy protection.[[incitationindex]]EI[[incitationindex]]CEPS[[booktype]]紙

A Strong Designated Verifier Ring Signcryption Scheme Providing Strongest Signers' Anonymity

[[abstract]]The strong designated verifier ring signature scheme provides signer anonymity to protect actual signer's identity. However, the message of the strong designated verifier ring signature may disclose some identity information related to the actual signer. To remove this flaw, this study proposes a novel strong designated verifier ring signcryption scheme. Compared with the Han et al. and Huang et al. ring signcryption schemes, the proposed scheme provides strongest signer anonymity to protect the signer identity. This scheme also provides signer admission to show who the actual signer is. Unlike some proposed schemes, which still suffer the message length restriction, this scheme is free from the message length restriction to provide message confidentiality.[[incitationindex]]SCI[[booktype]]紙

Confidential deniable authentication using promised signcryption

[[abstract]]In a deniable authentication protocol, a receiver is convinced that a received message is indeed from a particular sender, but cannot prove this to any third party. Deniable authentication protocols satisfy deniability and intended receiver properties. Among the proposed deniable authentication protocols, non-interactive protocols are more efficient than interactive protocols by reducing communication cost. The Hwang and Ma, and the Hwang and Chao non-interactive protocols provide sender anonymity. Recently some interactive protocols provide confidentiality while no non-interactive protocols do. However, the transferred data may damage sender or receiver anonymity. To provide confidentiality and anonymity efficiently, the first promised signcryption scheme is proposed. Using our promised signcryption scheme, we propose the first efficient non-interactive deniable authentication protocol with confidentiality, sender anonymity, and sender protection.[[incitationindex]]SCI[[booktype]]紙

Non-interactive Fair Deniable Authentication Protocols with Indistinguishable Confidentiality and Anonymity

[[abstract]]Many proposed non-interactive deniable authentication protocols providing anonymity assume that the sender and receiver know each other in advance. To protect sensitive transmitted identity data, Hwang and Sung proposed the first non-interactive deniable authentication protocol with message confidentiality, anonymity, and fair protection. However, the underlying assumption of anonymity with Hwang and Sung's protocols is impractical because the sender and receiver are anonymous. Moreover, the message confidentiality of Hwang and Sung's protocol is only indistinguishably secure against chosen plaintext attacks. To remove this inappropriate assumption, this study proposes a non-interactive fair deniable authentication protocol with anonymity and indistinguishable message confidentiality against adaptive chosen ciphertext attacks. This novel protocol is more suitable for practical application.[[incitationindex]]EI[[booktype]]紙

A Concurrent Signature Scheme with Anonymity and Identification

[[abstract]]For the privacy protection, Nguyen first proposed an asymmetric concurrent signature scheme with signers’ anonymity in 2005. Except correctness, unforgeability, and fairness, Nguyen’s scheme satisfies two new properties: Anonymity and unlinkability. To satisfy the anonymity property, Nguyen’s scheme has identification flaw that signers cannot identify each other during the exchange protocol. So an attacker makes use of this flaw to trick signers to exhaust signers’ computation resources. However, the concurrent signature schemes with signers’ ambiguity do not have this identification flaw. So the identification property is defined for the concurrent signature scheme with signers’ anonymity. Then our asymmetric concurrent scheme is proposed to provide both anonymity and identification. Our improved scheme satisfies identification, anonymity, and unlinkability at the same time. With identification, anonymity, and unlinkability, the signers’ privacy is protected well without flaws.[[notice]]補正完畢[[journaltype]]國內[[incitationindex]]EI[[booktype]]紙本[[countrycodes]]TW

A Strong Designated-Verifier Ring Signature Scheme Providing One-Out-of-All Signer Anonymity

[[abstract]]The first strong designated-verifier ring signature scheme provides signer ambiguity to protect signers’ identity, because the actual signer is guessed to be some ring member or designated verifier. Only the designated verifier is convinced that the actual signer is some ring members. To provide signer anonymity maximally, the actual signer should be guessed to be not only the ring members but also all possible ones. Then the actual signer’s anonymity suffers the maximum protection, though only the designated verifier is still convinced that the actual signer is some ring member. So the first strong designated-verifier signature scheme providing one-out-of-all signer anonymity is proposed to protect signers’ identity maximally. Moreover, the signer admission is provided for the actual signer to prove who the actual signer is. The security proof of our scheme is also given.[[notice]]補正完畢[[incitationindex]]SCI[[booktype]]紙