Figure 1 - uploaded by David Pointcheval
Content may be subject to copyright.
The (`, ` + 1)-forgery
Source publication
In this paper, we present new blind signature schemes based on the factorization problem. They are the first blind signature schemes proved secure relatively to factorization. By security, we mean that no "one-more forgery" is possible even under a parallel attack. In other terms, a user that receives k electronic coins cannot manufacture k + 1. Th...
Citations
... With this property, blind signatures have found many applications such that electronic voting, electronic cash [Cha82]. There has been many blind signature protocols most of which use the RSA approach [Oka93,PS97] and thus are not considered to be post-quantum secure. The task of constructing post-quantum secure blind signature schemes was first successfully handled by Hauck et al. [HKLN20]. ...
Digital signatures were first introduced in the work of DIFFIE and HELLMAN, dated back in 1976. It is a scientific art replacing the traditional way of written signatures. Each signer has a \personal knowledge," or a signing key, to produce signatures. And as the same as handwritten signatures, anyone seeing this signature would be convinced that it belong to a certain person (and no one else). In order to produce such a signature, the signing key is indispensable, and the secret of this entity is usually protected by the hardness assumption of some computational problems. In the earliest stage, these are number theoretic problems such as factoring large integer numbers or computing the discrete logarithm of an element with respect to some prime modulus. However, with the rapid development of technology, these problems will be solved efficiently when the era of quantum computer arrives. Then comes the next stage in the progressing course of digital signatures when most of the attention is given to the decoding problem (and many of its variants), of which the hardness resists even the quantum computer. This problem, however, takes part in two important branches of cryptography, namely, lattice-based cryptography and code-based cryptography due to the main object it is related to. This thesis mainly concerns with signatures in the latter branch, i.e., the code-based cryptography. It proposes two main contributions. The first of which is a signature scheme in the HAMMING metric context. The scheme is achieved as an application of a chameleon hash function, which is constructed entirely from classical code-based hardness assumptions. The most notable feature of this scheme is that it is proved to be secure in the standard model. While security of code-based schemes in the random oracle model is still unclear, such property is highly desirable. The second contribution is a group signature scheme in the rank metric context. In general, the construction of the scheme follow the frame devised for the HAMMING metric. At the core, this frame uses two permutations which are designed from a random vector. Though quite efficient for the binary case, that is, the base field is F2; this method shows its disadvantages when the base field is changed. A natural question arises out of this situation: How can we construct schemes in another fields ? We answer this question by proposing a different method of permuting. Our method has the advantage that it can be applied regardless the metric being in consideration.
... Here the ultimate priority is to preserve the privacy of the user seeing information by deploying well secure cryptography algorithm. More precisely, the primary security concerns of networking devices and the shared cloud is data integrity and authentication [5,15,27,29,36,43,47,51]. Security structures like key generation, encryption, and decryption of CHAN-PKC have discussed in Section 3, and its proof has sketched in Section 4. ...
Currently, a multimedia revolution of medical data in health information becomes part of our computing environment. However, the interchange of medical information is typically outsourced by third parties, which may affect the disclosure of confidentiality. To address this issue, we address high security and confidentiality through our proposed CHAN-PKC cryptomata. The proposed scheme uses a Diophantine equation to have the three stage of decryption for high security, but ESRKGS and RSA has one level of decryption. The results show that the proposed cryptomata has efficient encryption and decryption time when compared to the existing systems. At 10 K-bit moduli of key generation, CHAN-PKC consumes only 0.65 times of RSA, but ESRKGS takes 1.83 times of RSA. The timing similarity shows that both CHAN-PKC and RSA has a 100% correlation, but ESRKGS has only 90%. Hence our CHAN scheme is robust against side channel and also has a large key space than RSA. The security analysis confirms that our CHAN-PKC is very fast, secure against brute force and side channel attacks; therefore, it is feasible for real-time applications.
... Numerous blind signature schemes have been constructed based on the integer factoring problem (IFP), discrete logarithm problem (DLP), and other variant assumptions related to the IFP or DLP [4]- [7], [10], [11]. However, these schemes are vulnerable to the quantum algorithmic attacks invented by Shor [12], Kitaev [13] and Proos and Zalka [14]. ...
A new construction of a blind signature scheme based on braid groups is proposed. In the random oracle model, the proposed scheme is provably unforgeable against chosen message attacks, assuming that the one-more matching conjugate problem in braid groups is intractable. Furthermore, in the infinite group model, the scheme is proved to be perfectly blind. Our construction represents a technique to lift a braid group to its conjugate subgroups for particular applications. The proposed scheme is very fast in signing but relatively slow in verifying and is thus suitable for scenarios that require signing as soon as possible but permit a slight delay in verifying. In addition, our proposal is invulnerable to known quantum attacks and therefore would be a good alternative to RSA-based and DLP-based blind signatures in the post-quantum era.
... This property is very important for implementing e-voting, e-commerce, and e-payment systems, etc. Many blind signature schemes, using traditional PKI, have been proposed in the literature [14,16,17,20]. ...
Blind signature, introduced by Chaum, allows a user to obtain a signature on a message without revealing anything about the message to the signer. Blind signatures play an important role in plenty of applications such as e-voting, e-cash system where anonymity is of great concern. Identity based (ID-based) public key cryptography can be a good alternative for certified based public key setting, especially when efficient key management and moderate security are required. In this paper, we propose an ID-based directed blind signature scheme (ID-DBS) from bilinear pairings, which combines the concepts of blind signatures and directed signatures. The proposed ID-DBS scheme allows a user to obtain a signature on a message without revealing anything about the message to the signer; and sends it to the designated verifier. The designated verifier can only verify the validity of the signature and in case of trouble or if necessary he can prove the validity of the signature to any other party. The proposed scheme is based on the Hess ID- based digital signature scheme. Finally, we discuss the correctness and security of the proposed ID-DBS scheme.
... The concept of a blind signature scheme was introduced by Chaum [2,3,4,5].Blind signature scheme allows a user to acquire a signature from the signer without revealing message content for personal privacy. The basic idea is as follows. ...
... The concept of a blind signature scheme was introduced by Chaum [1], since then many blind signature schemes have been presented in the literature [2,3,4,5].Blind signature scheme allows a user to acquire a signature from the signer without revealing message content for personal privacy. The basic idea is as follows. ...
Blind signatures, introduced by Chaum, allow a user to obtain a signature on a message without revealing any thing about the message to the signer. Blind signatures play an important role in plenty of applications such as e-voting, e-cash system where anonymity is of great concern. Identity based(ID-based) public key cryptography can be a good alternative for certificate based public key setting, especially when efficient key management and moderate security are required. In this paper, we propose an ID-based blind signature scheme from bilinear pairings. The proposed scheme is based on the Hess ID- based digital signature scheme. Also we analyze security and efficiency of the proposed scheme.
... The concept of a blind signature scheme was introduced by Chaum [1], since then many blind signature schemes have been presented in the literature [2,3,4,5].Blind signature scheme allows a user to acquire a signature from the signer without revealing message content for personal privacy. The basic idea is as follows. ...
Blind signatures, introduced by Chaum, allow a user to obtain a signature on a message without revealing any thing about the message to the signer. Blind signatures play on important role in plenty of applications such as e-voting, e-cash system where anonymity is of great concern. Identity based(ID-based) public key cryptography can be a good alternative for certified based public key setting, especially when efficient key management and moderate security are required. In this paper, we propose an ID-based blind signature scheme from bilinear pairings. The proposed scheme is based on the Hess ID- based digital signature scheme. Also we analyze security and efficiency of the proposed scheme.
... Blind signatures are one of the cryptographic tools which can provide such anonymity for users. The concept of a blind signature scheme was introduced by Chaum [8], since then many blind signature schemes have been presented in the literature [9,10,11,12]. A blind signature scheme is an interactive protocol allowing Bob to obtain a valid signature for a message m from a signer Alice without her seeing the message or its signature. ...
Anonymity of consumers is an essential functionality that should be supported in e-cash systems, locations based services, electronic voting systems as well as digital rights management system. Privacy protection is an important aspect for wider acceptance of consumers of DRM systems. The concept of a blind signature is one possible cryptographic solution, yet it has not received much attention in the identity-based setting. In the identity-based setting, the public key of a user is derived from his identity, thus simplifying certificates management process compared to traditional public key cryptosystems. In this paper, a new blind identity-based signature scheme with message recovery based on bilinear pairings on elliptic curves is presented. The use of bilinear pairings over elliptic curves enables utilizing smaller key sizes, while achieving the same level of security compared to other schemes not utilizing elliptic curves. The scheme achieves computational savings compared to other schemes in literature. The correctness of the proposed scheme is validated and the proof of the blindness property is provided. Performance and other security related issues are also addressed.
... A blind signature scheme is an interactive protocol which involves two participants, a signer and a requester. A distinguishing property required by a typical blind signature scheme [1][2][3][4][5] is so-called "unlinkability," which ensures that requesters can prevent the signer from deriving the exact correspondence between the actual signing process performed by the signer and the signature which will later be made public. Blind signatures can make possible secure electronic payment systems [2,6,7] that protect customers' anonymity and secure voting systems [8][9][10] that preserve voters' privacy. ...
... The other has been proved to be equivalent to the RSA problem. In [5], a blind signature scheme was proposed and proved to be equivalent to factorization. ...
In this paper, we propose a provably secure group-oriented blind (t; n) threshold signature scheme which is the first scheme, such that, its security is proved as equivalent as the discrete logarithm problem in the random oracle model. By the scheme, any t out of n signers in a group can represent the group to sign blind threshold signatures, which can be used in anonymous digital e-cash systems or secure voting systems. By our proposed scheme, the issue of e-coins is controlled by several authorities. In our scheme, the size of a blind threshold signature is the same as that of an individual blind signature and the signature verification process is equivalent to that of an individual signature.
... In order to put the security of electronic cash schemes on firm ground, the need for formal definitions of blind signatures arose. Apparently, the resulting efforts have been geared towards one-time blind signatures: Franklin, Yung [FY93] and Pointcheval, Stern [PS97,PS97a]. The latter work also contains an overview of recent work on one-time blind signatures. ...
Probably the most successful application of blind signatures is electronic cash. In order to avoid multiple copies of the same electronic coin, one-time blind signatures are of particular importance, i.e., a recipient can obtain a signature for at most one message from each interaction with a signer. In offine electronic cash, customers who spend their electronic coins more than a specified number of times should get identified at least after the fact. This can be ensured by one-time restrictive blind signatures. Another important application of blind signatures are untraceable membership cards that can be used arbitrarily often, but only by their respective owners. An efficient cryptographic approach was presented at the Information Hiding Workshop '98. At its heart, a special signature scheme is specified and used for which no implementation has been given yet. It turns out that many-time restrictive blind signatures meet this specification. We present a first implementation of this n...
