• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.169-176
• /
• 2003

Distributed signcryption was specially designed for distributing a signcrypted message to a designated group. Since a verifier of this signcryption should how the signer's public key in advance, it cannot provide the signer's anonymity. This study adds anonymity and non-repudiation by trusted party to the distributed signcryption with almost the same computational load. We also analyze security and computational loads of the proposed scheme. In addition, we extend our scheme to an efficient group signcryption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2407-2426
• /
• 2016

A group signature scheme allows any member to sign on behalf of a group. It is applied to practical distributed security communication environments, such as privacy-preserving, data mining. In particular, the excellent features of group signatures, including membership joining and revocation, anonymity, traceability, non-frameability and controllable linkability, make group signature scheme more attractive. Among these features, non-frameability can guarantee that a member's signature cannot be forged by any other (including issuer), and controllable linkability supports to confirm whether or not two group signatures are created by the same signer while preserving anonymity. Until now, only Hwang et al.'s group schemes (proposed in 2013 and 2015) can support all of these features. In this paper, we present a new dynamic group signature scheme which can achieve all of the above excellent features. Compared with their schemes, our scheme has the following advantages. Firstly, our scheme achieves more efficient membership revocation, signing and verifying. The cost of update key in our scheme is two-thirds of them. Secondly, the tracing algorithm is simpler, since the signer can be determined without the judging step. Furthermore, in our scheme, the size of group public key and member's private key are shorter. Lastly, we also prove security features of our scheme, such as anonymity, traceability, non-frameability, under a random oracle model.

• Bulletin of the Korean Mathematical Society
• /
• v.46 no.4
• /
• pp.743-769
• /
• 2009

An ID-based DNF signature scheme is an ID-based signature scheme with an access structure which is expressed as a disjunctive normal form (DNF) with literals of signer identities. ID-based DNF signature schemes are useful to achieve not only signer-privacy but also a multi-user access control. In this paper, we formally define a notion of a (non-interactive) ID-based DNF signature and propose the first noninteractive ID-based DNF signature schemes that are secure under the computational Diffie-Hellman and subgroup decision assumptions. Our first scheme uses random oracles, and our second one is designed without random oracles. To construct the second one, we use a novel technique that converts a non-interactive witness indistinguishable proof system of encryption of one bit into a corresponding proof system of encryption of a bit-string. This technique may be of independent interest. The second scheme straightforwardly yields the first ID-based ring signature that achieves anonymity against full key exposure without random oracles. We finally present two extensions of the proposed ID-based DNF signature schemes to support multiple KGCs and different messages.

• Journal of Communications and Networks
• /
• v.18 no.2
• /
• pp.190-200
• /
• 2016

In this paper, we consider some aspects of binding properties that bind an anonymous user with messages. According to whether all the messages or some part of the messages are bound with an anonymous user, the protocol is said to satisfy the full binding property or the partial binding property, respectively. We propose methods to combine binding properties and anonymity-based authenticated key agreement protocols. Our protocol with the full binding property guarantees that while no participant's identity is revealed, a participant completes a key agreement protocol confirming that all the received messages came from the other participant. Our main idea is to use an anonymous signature scheme with a signer-controlled yet partially enforced linkability. Our protocols can be modified to provide additional properties, such as revocable anonymity. We formally prove that the constructed protocols are secure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.4
• /
• pp.85-97
• /
• 1999

A blind signature scheme is a protocol allowing verifier to obtain a valid signature for a message m from a signer without him seeing the message. This means that the bank in collaboration with the shop cannot trace the electronic cash to user. However anonymous electronic cash also facilitates fraud and criminal acts such as money laundering anonymous blackmailing and illegal purchaes. Therefore in this paper we propose fair blind signature scheme based on KCDSA which is a domestic digital signature scheme and it apply a electronic cash system. In particularly a proposed electronic cash system have an anonymity control ability which trace a user who make use a electronic cash illegally in association with a trusted center.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1546-1565
• /
• 2019

Signcryption schemes offer the possibility to simultaneously sign and encrypt a message. In order to guarantee the authentication of both signer and receiver in the most efficient way during the signcryption, certificate based solutions have been proposed in literature. We first compare into detail three recently proposed certificate based signcryption systems relying on the elliptic curve discrete logarithm problem and without the usage of compute intensive pairing operations. Next, we demonstrate how the performance of these certificate based systems can be improved by using the Elliptic Curve Qu Vanstone (ECQV) implicit certificates. What is more, generalized signcryption schemes are easily derived from these schemes and the anonymity feature of sender and receiver is already inherently included or can be very efficiently obtained without a significant additional cost.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.78-87
• /
• 2009

An attribute-based signature scheme is a signature scheme where a signer's private key is associate with an attribute set and a signature is associated with an access structure. Attribute-based signature schemes are useful to provide anonymity and access control for role-based systems and attribute-based systems where an identity of object is represented as a set of roles or attributes. In this paper, we formally define the definition of attribute-based signature schemes and propose the first efficient attribute-based signature scheme that requires constant number of pairing operations for verification where a policy is represented as a disjunctive normal form (DNF). To construct provably secure one, we introduce a new interactive assumption and prove that our construction is secure under the new interactive assumption and the random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2692-2707
• /
• 2012

A separable identity-based ring signature scheme has been constructed as a fundamental cryptographic primitive for protecting user privacy. Using the separability property, ring members can be selected from arbitrary domains, thereby, giving a signer a wide range of ways to control privacy. In this paper we propose a generic method to construct efficient identity-based ring signature schemes with various levels of separability. We first describe a method to efficiently construct an identity-based ring signature scheme for a single domain, in which a signer can select ring identities by choosing from identities defined only for the domain. Next, we present a generic method for linking ring signatures constructed for a single domain. Using this method, an identity-based ring signature scheme with a compact structure, supporting multiple arbitrary domains can be designed. We show that our method outperforms the best known schemes in terms of signature size and computational costs, and that the security model based on the separability of identity-based ring signatures, presented in this paper, is highly refined and effective by demonstrating the security of all of the proposed schemes, using a model with random oracles.

• The Journal of the Korea Contents Association
• /
• v.9 no.10
• /
• pp.59-66
• /
• 2009

A strong designated verifier signature scheme is a special type of signature scheme which provides signer anonymity by enabling the specified recipient, called a designated verifier, to simulate a signature which is indistinguishable from the signer's signature. It has many applications such as software distribution or electronic voting. In this paper, we consider two important security properties of strong designated verifier signature scheme - source hiding and security against key-compromise attack. We show that the two properties cannot be achieved at the same time. Finally, we present a new ID-based strong designated verifier signature scheme which is secure against key-compromise attack.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.2
• /
• pp.57-66
• /
• 2013

Wireless Sensor Networks consist of small, inexpensive, low-powered sensor nodes that communicate with each other. To achieve a low communication cost in a resource constrained network, a novel concept of signcryption has been applied for secure communication. Signcryption enables a user to perform a digital signature for providing authenticity and public key encryption for providing message confidentiality simultaneously in a single logical step with a lower cost than that of the sign-then-encrypt approach. Ring signcryption maintains the signer's privacy, which is lacking in normal signcryption schemes. Signcryption can provide confidentiality and authenticity without revealing the user's identity of the ring. This paper presents the security notions and an evaluation of an ID-based ring signcryption scheme for wireless sensor networks. The scheme has been proven to be better than the existing schemes. The proposed scheme was found to be secure against adaptive chosen ciphertext ring attacks (IND-IDRSC-CCA2) and secure against an existential forgery for adaptive chosen message attacks (EF-IDRSC-ACMA). The proposed scheme was found to be more efficient than scheme for Wireless Sensor Networks reported by Qi. et al. based on the running time and energy consumption.