Content uploaded by Wang-Hsin Hsu
Author content
All content in this area was uploaded by Wang-Hsin Hsu on Sep 26, 2018
Content may be subject to copyright.
A preview of the PDF is not available
Fail-Stop Group Signature Scheme
Preprints and early-stage research may not have been peer reviewed yet.
Abstract and Figures
In this paper, we propose a Fail-Stop Group Signature Scheme (FSGSS). FSGSS combines the features of the Group Signature and the Fail-Stop Signature to enhance the security level of the original Group Signature. Assuming that the FSGSS encounters an attack by a hacker armed with a supercomputer, this scheme can prove that the digital signature is indeed forged. Based on the above objectives, this paper proposes three lemmas and proves that they are indeed feasible. First, how does a recipient of a digitally signed document verify the authenticity of the signature? Second, when a digitally signed document is under dispute, how can the group's manager find out the identity of the original group member who signed the document, if necessary for an investigation? Third, how can we prove that the signature is indeed forged following an external attack from a supercomputer? Soon, in a future paper, we will extend this work to make the scheme even more effective. Following an attack, the signature could be proved to be forged without the need to expose the key.
Figures - uploaded by Wang-Hsin Hsu
Author content
All figure content in this area was uploaded by Wang-Hsin Hsu
Content may be subject to copyright.
ResearchGate has not been able to resolve any citations for this publication.
The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature schemes provide security for a sender against a forger with unlimited computational power by enabling the sender to provide a proof of forgery if it occurs. In this paper we give an efficient fail-stop signature scheme that uses two hard problems, discrete logarithm and factorization, as the basis of a receiver's security. We show that the scheme has provable security against adaptively chosen message attack, and is the most efficient scheme with respect to the ratio of the message length to the signature length. The scheme provides an efficient solution to signing messages up to 1881 bits.
The basic design supposition for digital signatures in the cryptology domain is that the attacking and victimized computers have comparable resources. The operation of electronic commerce is based on this assumption, but the advent of accumulated networked resources and the changing computing landscape have elevated this risk. However, if an attacker has powerful computing capabilities compared with the victim, the attacker will, in given time, crack his password and gain the ability to fraudulently use the victim's identity. To avoid this threat, this study presents a plan that is based on the complexity of the fail-stop signature (FSS) scheme and the discrete logarithm and factorization of 2 mathematical problems of the digital signature algorithm. The scheme can be implemented in e-commerce information security environments and provides the user with the possibility of preventing attacks and enhancing system safety. This fail-stop scheme can assert a victim's innocence without exposing the n = p×q secret and guards against malicious behavior.
Camenisch [1] links Chaum's [2] blind signature and claims to solve the length problems of group public key and of anonymous digital signature. However, a heavy time burden in verification weakens digital signature. This paper is to develop a new and faster digital anonymous signature system by linking the LUC function with the complexities of discrete logarithm and factorization. Our scheme is free from the change in public key, private key, and semipublic key if there is any change in the group internal membership. Our verification needs smaller volume than the Camenisch method [1] does, is easier to implement, and can be applied to large computer networks.
Messages are frequently addressed to a group of people, e.g., board of directors. Conventional and public key systems (in the sense of Diffie and Hellman [4]) are not adapted when messages
are intended for a group instead of for an individual. To deeply understand the lack of usefulness of the above cryptmystems in the case that messages
are intended for (or are originating from) a group of people, let u s now nevertheless attempt to use these systems. When
conventional and public key systems are used to protect privacy, the legitimate receiver(s) has (have) to know the secret
key to decrypt. This means that, a first solution could be, to send the message to dl members of the group, e.g., using their public keys. A second is that the secret key is known to all membexs and that the message is sent only once.
All other solutions using a conventional or public key system, are combinations of the above two solutions. We now explain
briefly why these two obvious solutions are not adapted to security needs specific to the protection of information intended
for groups.
In this paper we present a new type of signature for a group of persons, called a group signature, which has the following properties: (i) only members of the group can sign messages; (ii) the receiver can verify that it is a valid group signature, but cannot discover which group member made it; (iii) if necessary, the signature can be "opened", so that the person who signed the message is revealed. The group signatures are a "generalization" of the credential/ membership authentication schemes, in which one person proves that he belongs to a certain group. We present four schemes that satisfy the properties above. Not all these schemes arc based on the same cryptographic assumption. In some of the schemes a trusted centre is only needed during the setup; and in other schemes, each pason can create the group he belongs to.
Fail-stop signatures (introduced in [WP89]) have the very nice property that the signer is secure against unlimited powerful forgers. However, the known fail-stop
signatures require very long keys, and they are quite inefficient, because messages are signed bit-wise. This paper presents
a fail-stop signature scheme, in which signing a message block requires two modular multiplications and verification requires
less than two modular exponentiations. Furthermore a construction is shown of an undeniable signature scheme, which is unconditionally
secure for the signer, and which allows the signer to convert undeniable signatures into fail-stop signatures. This is the
first published undeniable signature having this property.
Fail-stop signature (FSS) schemes are important primitives because in a fail-stop signature scheme the signer is protected against unlimited powerful adversaries as follows: Even if an adversary breaks the scheme’s underlying computational hard problem and hence forges a signature, then with overwhelming probability the signer is able to prove that a forgery has occurred (i.e. that the underlying hard problem has been broken). Although there is a practical FSS scheme based on the discrete logarithm problem, no provable secure FSS scheme is known that is based on the pure factorization problem (i.e. the assumption that integer factoring for arbitrary integers is hard). To be more concrete, the most popular factorization based FSS scheme relies on the assumption that factoring a special kind of Blum integers is intractable. All other FSS schemes related to integer factoring are based on even stronger assumptions or insecure.
In this paper, we first cryptanalyze one of those schemes and show how to construct forged signatures that don’t enable the signer to prove forgery. Then we repair the scheme at the expense of a reduced message space. Finally, we develop a new provable secure scheme based on the difficulty of factoring integers of the shape p
2
q for primes p,q.
In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.