3,860 Hits in 5.4 sec

A group signature scheme with unbounded message-dependent opening

Kazuma Ohara, Yusuke Sakai, Keita Emura, Goichiro Hanaoka
2013 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS '13  
Group signature with message-dependent opening (GS-MDO) is a kind of group signature in which only the signers who have created group signatures on problematic messages will be identified.  ...  Our unbounded GS-MDO scheme is based on the short group signature scheme proposed by Boneh, Boyen, and Shacham and the Boneh-Franklin identity-based encryption scheme.  ...  ACKNOWLEDGMENTS The authors are grateful to Hovav Shacham for pointing out the possibility of using random oracles to achieve unbounded security.  ... 
doi:10.1145/2484313.2484382 dblp:conf/ccs/OharaSEH13 fatcat:2l5ndxzd75ffjm3qhl7nnurhky

On the Impossibility of Algebraic Vector Commitments in Pairing-Free Groups [article]

Dario Catalano, Dario Fiore, Rosario Gennaro, Emanuele Giunta
2022 IACR Cryptology ePrint Archive  
Vector Commitments allow one to (concisely) commit to a vector of messages so that one can later (concisely) open the commitment at selected locations.  ...  aggregation, that are for example unknown in Merkle-tree-based schemes.  ...  From VCs to Signatures. Given a VC scheme for vectors of length n our transformation produces a signature scheme with polynomially bounded message space {1, . . . , n}.  ... 
dblp:journals/iacr/CatalanoFGG22 fatcat:63c56gh2rnf6thknpzkf4ydhym

Group Signatures with Message-Dependent Opening: Formal Definitions and Constructions

Keita Emura, Goichiro Hanaoka, Yutaka Kawai, Takahiro Matsuda, Kazuma Ohara, Kazumasa Omote, Yusuke Sakai
2019 Security and Communication Networks  
In a group signature scheme with message-dependent opening (GS-MDO), in addition to the opener, we set up an admitter that is not able to extract any user's identity but admits the opener to open signatures  ...  This paper introduces a new capability for group signatures called message-dependent opening.  ...  Acknowledgments The authors are grateful to Hovav Shacham for pointing out the possibility of using random oracles to achieve unbounded security.  ... 
doi:10.1155/2019/4872403 fatcat:66fdlwielzacpjpuz3lgfl4aui

Group Signature Schemes Using Braid Groups [article]

Tony Thomas, Arbind Kumar Lal
2006 arXiv   pre-print
In this paper we propose the first group signature schemes based on the conjugacy problem, decomposition problem and root problem in the braid groups which are believed to be hard problems.  ...  Artin's braid groups have been recently suggested as a new source for public-key cryptography.  ...  Group signature schemes were introduced by Chaum and van Heyst [7] to allow individual members of a group to sign messages on behalf of a group.  ... 
arXiv:cs/0602063v1 fatcat:em47w5hfy5gipk2obtoaonu3ki

On Simulation-Sound Trapdoor Commitments [chapter]

Philip MacKenzie, Ke Yang
2004 Lecture Notes in Computer Science  
We study the recently introduced notion of a simulation-sound trapdoor commitment (SSTC) scheme.  ...  In this paper, we present a new, simpler de nition for an SSTC scheme that admits more e cient constructions and can be used in a larger set of applications.  ...  Intuitively, to sign a message m, one exhibits the ability to open a commitment with label m to both the message 0 and the message 1.  ... 
doi:10.1007/978-3-540-24676-3_23 fatcat:eqn424j2brhsfg7lgyakqtl6mi

Efficient Identity Based Ring Signature [chapter]

Sherman S. M. Chow, Siu-Ming Yiu, Lucas C. K. Hui
2005 Lecture Notes in Computer Science  
These two features are desirable especially for the efficiency and the real spontaneity of ring signature, where a user can anonymously sign a message on behalf of a group of spontaneously conscripted  ...  The proposed scheme is proven to be existential unforgeable against adaptive chosen message-and-identity attack under the random oracle model, using the forking lemma for generic ring signature schemes  ...  1 ≤ i ≤ n, any message m and any signature σ, where σ = Sign(m, {U i }); any verifier A not from the actual signer group, even with unbounded computing resources, cannot identify the actual group of signers  ... 
doi:10.1007/11496137_34 fatcat:wer4qcglgrftvestdtxbf7y4oi

Hybrid commitments and their applications to zero-knowledge proof systems

Dario Catalano, Ivan Visconti
2007 Theoretical Computer Science  
Intuitively a hybrid trapdoor commitment scheme is a primitive which can be either an unconditionally binding commitment scheme or a trapdoor commitment scheme depending on the distribution of commitment  ...  Hybrid trapdoor commitments are related but different with respect to mixed commitments (introduced by Damgård and Nielsen at Crypto 2002).  ...  This means that even an unbounded prover can not later open the commitment with a message a = a. Indeed suppose that P succeeds in proving a false statement with some non-negligible probability p.  ... 
doi:10.1016/j.tcs.2007.01.007 fatcat:zgadb3mxwjathk44jha5iab5dm

Group Signatures with Message-Dependent Opening in the Standard Model [chapter]

Benoît Libert, Marc Joye
2014 Lecture Notes in Computer Science  
Group signatures allow members of a group to anonymously sign messages in the name of this group.  ...  by a second authority -associated with the message.  ...  Group Signatures with Message-Dependent Opening. Traditional group signature models allow opening authorities to identify the originator of every single signature. As discussed by Sakai et al.  ... 
doi:10.1007/978-3-319-04852-9_15 fatcat:e375p4ojdzdcbiesn7aqoyqoly

Bilateral-secure Signature by Key Evolving

Tao Xiang, Xiaoguo Li, Fei Chen, Yi Mu
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
In practice, the greatest threat against the security of a digital signature scheme is the exposure of signing key, since the forward security of past signatures and the backward security of future signatures  ...  We then provide a novel construction based on hub-and-spoke updating structure and the random oracle model, and show that the construction achieves bilateral security and unbounded number of time periods  ...  H1(·) a map-to-point hash function, which maps a message from message space to a element in group G1.  ... 
doi:10.1145/2897845.2897864 dblp:conf/ccs/XiangLCM16 fatcat:o7vppogu7fdv3kul7tr5f3yhmy

Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures [chapter]

Jens Groth
2006 Lecture Notes in Computer Science  
We suggest several NIZK proof systems based on prime order groups with a bilinear map.  ...  signature consists only of a constant number of group elements.  ...  Members' signatures are anonymous except to the group manager who can open a signature and see who signed the message.  ... 
doi:10.1007/11935230_29 fatcat:cl32ao5t3vhqnfffaph5aeq2be

Ring Group Signatures

Liqun Chen
2012 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications  
In this paper, we study these applications and combine a group signature with a ring signature to create a ring group signature, which specifies a set of possible groups without revealing which member  ...  The main contributions of this paper are a formal definition of a ring group signature scheme and its security model, a generic construction and a concrete example of such a scheme.  ...  Furthermore, we need figure out how a group with a true signer can trace a signature to the signer and other groups cannot, and how to avoid an unbound adversary to break group-ambiguity.  ... 
doi:10.1109/trustcom.2012.246 dblp:conf/trustcom/Chen12 fatcat:pdclevq3kveqlin6nkyd2uas4u

Nested cover-free families for unbounded fault-tolerant aggregate signatures

Thais Bardini Idalino, Lucia Moura
2020 Theoretical Computer Science  
Hartung et al. (2016) propose a fault-tolerant aggregate signature scheme based on combinatorial group testing.  ...  Given a bound d on the number of invalid signatures among n signatures to be aggregated, this scheme uses d-cover-free families to determine which signatures are invalid.  ...  Therefore, a d-faulttolerant aggregate signature scheme is an aggregate signature scheme with list verification with a tolerance against d errors.  ... 
doi:10.1016/j.tcs.2020.12.008 fatcat:iofiopugzzfkzaqdko3jz2tpie

Undeniable Signature Schemes Using Braid Groups [article]

Tony Thomas, Arbind Kumar Lal
2006 arXiv   pre-print
In this paper we propose the first undeniable signature schemes using the conjugacy problem and the decomposition problem in the braid groups which are believed to be hard problems.  ...  Artin's braid groups have been recently suggested as a new source for public-key cryptography.  ...  An undeniable signature, like digital signature depends on the signer's public key as well as on the message signed.  ... 
arXiv:cs/0601049v1 fatcat:diihsfkinrbc5gq5vyjr3x7yq4

Design and Analysis of a Practical E-Voting Protocol [chapter]

Marián Novotný
2009 IFIP Advances in Information and Communication Technology  
We assume a pre-established Public Key Infrastructure with registered conceivable voters with relevant certificates of public keys.  ...  It will be sufficient to obtain a certificate by the e-voting client where a user creates a pair -a private key with corresponding public key.  ...  We use a public key sender deniable encryption DE P k DE X (m, l) of a message m under a public key P k DE X with an random 1 We denote parameters which depends on a candidate c with the superscript  ... 
doi:10.1007/978-3-642-03315-5_13 fatcat:jqtr3mkjwffcpjzmmbnff5tvza

Attribute-Based Signatures for Unbounded Circuits in the ROM and Efficient Instantiations from Lattices [chapter]

Ali El Kaafarani, Shuichi Katsumata
2018 Lecture Notes in Computer Science  
This, in fact, was a formalization lacking in many existing anonymous signatures from lattices so far (e.g., group signatures).  ...  of a valid signature of the lattice-based signature scheme of Boyen (PKC'10). * This paper is the full version due to appear at PKC 2018.  ...  The first author was funded by a research grant from the UK Government. The second author was partially supported by JST CREST Grant Number JPMJCR1302 and JSPS KAKENHI Grant Number 17J05603.  ... 
doi:10.1007/978-3-319-76581-5_4 fatcat:ybab6uxqvfgy7l5xx43vj5fwb4
« Previous Showing results 1 — 15 out of 3,860 results