Comment: A new blind signature based on the discrete logarithm problem for untraceability

In 2004, Lee et al. [C.C. Lee, M.S. Hwang, W.P. Yang, A new blind signature based on the discrete logarithm problem for untraceability, Appl. Math. Comput., in press] proposed a new untraceable blind signature based on DLP in order to overcome the “security limits” of Carmenisch et al.’s scheme. However, we show there are two mistakes in [C.C. Lee, M.S. Hwang, W.P. Yang, A new blind signature based on the discrete logarithm problem for untraceability, Appl. Math. Comput., in press]: 1. The Carmenisch et al.’s scheme does meet the requirement of untraceability and the cryptanalysis proposed by Lee et al. is not correct; 2. Though Lee et al.’s scheme is untraceable, the proof of its untraceability in [C.C. Lee, M.S. Hwang, W.P. Yang, A new blind signature based on the discrete logarithm problem for untraceability, Appl. Math. Comput., in press] is wrong (in this paper we also give the correct proof of its untraceability). So Lee et al.’s scheme does not have any advantage and it is unpractical since the cost of the scheme is higher compared with Carmenisch et al.’s scheme.     

Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem

The new signature scheme presented by the authors in [13] is the first signature scheme based on the discrete logarithm problem that gives message recovery. The purpose of this paper is to show that the message recovery feature is independent of the choice of the signature equation and that all ElGamal-type schemes have variants giving message recovery. For each of the six basic ElGamal-type signature equations five variants are presented with different properties regarding message recovery, length of commitment and strong equivalence. Moreover, the six basic signature schemes have different properties regarding security and implementation. It turns out that the scheme proposed in [13] is the only inversionless scheme whereas the message recovery variant of the DSA requires computing of inverses in both generation and verification of signatures. In general, message recovery variants can be given for ElGamal-type signature schemes over any group with large cyclic subgroup as the multiplicative group of GF(2n) or elliptic curve over a finite field.The present paper also shows how to integrate the DLP-based message recovery schemes with secret session key establishment and ElGamal encryption. In particular, it is shown that with DLP-based schemes the same functionality as with RSA can be obtained. However, the schemes are not as elegant as RSA in the sense that the signature (verification) function cannot at the same time be used as the decipherment (encipherment) function.     

An improved signature scheme without using one-way Hash functions

Recently, Chang et al. give a digital signature scheme, where neither one-way hash function nor message redundancy schemes are used, but Zhang et al. has shown that the scheme was forgeable, namely, any one can forge a new signature by the signer’s signature, and give two forgery attacks. To the above attacks, we give an improved signature scheme based on Chang signature scheme and analyze the security of the improved scheme.     

Efficient Rabin-type Digital Signature Scheme

Rabin's cryptosystem was proved to be as hard as factorization. However, Rabin's digital signature schemes is probabilistic. This paper shows two efficient Rabin type digital signature schemes, a basic scheme and an improved scheme. Both schemes run much faster than Rabin's scheme. They are deterministic and the size of a signature is much smaller than that of a signature in Rabin's scheme. Furthermore, it is proved that, by applying the technique of Bellare and Rogaway, the proposed scheme is secure against chosen plaintext attack. More precisely, breaking the proposed digital signature scheme by chosen plaintext attack is as hard as factoring N.     

Group signature schemes with forward secure properties

A group signature scheme allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature can be revealed by a designated entity. We introduce a forward secure schemes into group signature schemes. When the group public key remains fixed, a group signing key evolves over time. Because the signing key of a group member is evolving at time, the possibility of the signing key being exposed is decreased. We propose a forward secure group signature scheme based on Ateniese and Camenisch et al.’s group signature scheme. The security is analyzed and the comparisons between our scheme with other group signature schemes are made.     

Cryptography in Quadratic Function Fields

We describe severalcryptographic schemes in quadratic function fields of odd characteristic.In both the real and the imaginary representation of such a field,we present a Diffie-Hellman-like key exchange protocol as wellas a public-key cryptosystem and a signature scheme of ElGamaltype. Several of these schemes are improvements of systems previouslyfound in the literature, while others are new. All systems arebased on an appropriate discrete logarithm problem. In the imaginarysetting, this is the discrete logarithm problem in the idealclass group of the field, or equivalently, in the Jacobian ofthe curve defining the function field. In the real case, theproblem in question is the task of computing distances in theset of reduced principal ideals, which is a monoid under a suitableoperation. Currently, the best general algorithms for solvingboth discrete logarithm problems are exponential (subexponentialonly in fields of high genus), resulting in a possibly higherlevel of security than that of conventional discrete logarithmbased schemes.     

Improvement on Hwang et al.’s generalization of proxy signature schemes based on elliptic curves

Hwang et al. proposed their generalization of proxy signature schemes based on elliptic curves. However, two attacks are proposed to show that their schemes have serious security flaws. By the first attack, an adversary can forge an illegal proxy signature that verifiers cannot actually find out the original signers of proxy signatures. The second attack is used to change proxy signatures into multi-signatures belonging to the group that actually generates the proxy signatures. To overcome these flaws, our improvement on Hwang et al.’s scheme is also proposed.     

Efficient discrete logarithm based multi-signature scheme in the plain public key model

In this paper, we provide a new multi-signature scheme that is proven secure in the plain public key model. Our scheme is practical and efficient according to computational costs, signature size and security assumptions. At first, our scheme matches the single ordinary discrete logarithm based signature scheme in terms of signing time, verification time and signature size. Secondly, our scheme requires only two rounds of interactions and each signer needs nothing more than a certified public key to produce the signature, meaning that our scheme is compatible with existing PKIs. Thirdly, our scheme has been proven secure in the random oracle model under standard discrete logarithm (DL) assumption. It outperforms a newly proposed multi-signature scheme by Bagherzandi, Cheon and Jarecki (BCJ scheme) in terms of both computational costs and signature size.     

A cryptographic watermarking technique for multimedia signals

Digital watermarking has been widely used in digital rights management and copyright protection. In this paper, new cryptographic watermark schemes are proposed. Compare to the existing watermarking techniques, our proposed watermark schemes combine both security and efficiency that none of the existing schemes can do. We first develop an algorithm to randomly generate the watermark indices based on the discrete logarithm problem (DLP) and the Fermat’s little theorem. Then we embed watermark signal into the host image in both time domain and frequency domain at the indices. Our security analysis and simulation demonstrate that our proposed schemes can achieve excellent transparency and robustness under the major security attacks and common signal degradations. The novel approaches provided in this paper are ideal for general purpose commercial digital media copyright protection.     

A variant of Digital Signature Algorithm

In this paper we present a variant of the Digital Signature Algorithm based on a factorization problem and two discrete logarithm problems. We prove that our signature scheme is at least as secure as the original Digital Signature Algorithm and withstands all known attacks.      

对一群签名方案的分析与改进

通过对夏祥盛等人的动态门限群签名方案的研究,指出该方案的若干不足,其中最主要的不足是通过伪造和不可追踪性,并对该方案进行了改进．与现有群签名方案不同,新方案中用户的秘密数由用户自己选取,从而避免了双线性对的计算,大大提高了效率．分析说明改进的群签名方案几乎克服了原方案的所有缺点．     

基于身份的动态数字签名方案

数字签名是解决信息安全问题的重要途径,用于鉴别用户身份.随着计算机、网络的发展,安全的用户数字签名显得尤为重要.目前,现代的数字签名技术正向智能化、密码化、多因素、大容量和快速响应方向发展.结合数论中的中国剩余定理及RSA公钥体制,提出了一种基于身份的动态数字签名方案.     

How (Not) to design strong-RSA signatures

This paper considers strong-RSA signature schemes built from the scheme of Cramer and Shoup. We present a basic scheme encompassing the main features of the Cramer-Shoup scheme. We analyze its security in both the random oracle model and the standard model. This helps us to spot potential security flaws. As a result, we show that a seemingly secure signature scheme (Tan in Int J Security Netw 1(3/4): 237?C242, 2006) is universally forgeable under a known-message attack. In a second step, we discuss how to turn the basic scheme into a fully secure signature scheme. Doing so, we rediscover several known schemes (or slight variants thereof).     

A remark on He’s variational iteration technique for solving nonlinear equations

The variational iteration method (VIM) can be usefully applied for solving many linear and nonlinear scientific and engineering problems. In this note we show that He’s approach for solving nonlinear equations, arising from the VIM, is, actually, Schröder’s method presented in his classical work from 1870.     

Certificateless signature: a new security model and an improved generic construction

Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault’s Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification. A preliminary version of the extended abstract of partial results appeared in ACISP 2006 [9].     

Certificateless signature and proxy signature schemes from bilinear pairings

Due to avoiding the inherent escrow of identity-based cryptography and yet not requiring certificates to guarantee the authenticity of public keys, certificateless public key cryptography has received a significant attention. Due to various applications of bilinear pairings in cryptography, numerous pairing-based encryption schemes, signature schemes, and other cryptographic primitives have been proposed. In this paper, a new certificateless signature scheme based on bilinear pairings is presented. The signing algorithm of the proposed scheme is very simple and does not require any pairing computation. Combining our signature scheme with certificateless public key cryptography yields a complete solution of certificateless public key system. As an application of the proposed signature scheme, a certificateless proxy signature scheme is also presented. We analyze both schemes from security point of view.__________Published in Lietuvos Matematikos Rinkinys, Vol. 45, No. 1, pp. 95–103, January–March, 2005.     

A homotopy perturbation algorithm to solve a system of Fredholm–Volterra type integral equations

In this paper, an application of He’s homotopy perturbation (HPM) method is applied to solve the system of Fredholm and Volterra type integral equations, the results revealing that the HPM is very effective and simple.     

Discrete Logarithm Based Cryptosystems in Quadratic Function Fields of Characteristic 2

We present a key exchange scheme similar to that of Diffie and Hellman using the infrastructure of quadratic function fields of even characteristic. This is a modification of the results of Scheidler, Stein and Williams who used quadratic function fields of odd characteristic. We also extend these results to give a digital signature scheme similar to that of ElGamal. These schemes are possible in this structure even though it is not a group. Finally we examine the security of such systems, and give a possible attack based on Pohlig and Hellman's attack on discrete logarithms in finite groups.     

Discrete artificial boundary conditions for nonlinear Schrödinger equations

In this work we construct and analyze discrete artificial boundary conditions (ABCs) for different finite difference schemes to solve nonlinear Schrödinger equations. These new discrete boundary conditions are motivated by the continuous ABCs recently obtained by the potential strategy of Szeftel. Since these new nonlinear ABCs are based on the discrete ABCs for the linear problem we first review the well-known results for the linear Schrödinger equation. We present our approach for a couple of finite difference schemes, including the Crank–Nicholson scheme, the Dùran–Sanz-Serna scheme, the DuFort–Frankel method and several split-step (fractional-step) methods such as the Lie splitting, the Strang splitting and the relaxation scheme of Besse. Finally, several numerical tests illustrate the accuracy and stability of our new discrete approach for the considered finite difference schemes.     

Application of homotopy perturbation method for systems of Volterra integral equations of the first kind

In this article, an application of He’s homotopy perturbation method is applied to solve systems of Volterra integral equations of the first kind. Some non-linear examples are prepared to illustrate the efficiency and simplicity of the method. Applying the method for linear systems is so easily that it does not worth to have any example.