In this letter, we show that Fan-Chen-Yeh's blind signature scheme and Chien-Jan-Tseng's partially blind signature scheme are vulnerable to the chosen-plaintext attack. We also show that both schemes can be modified so that the chosen-plaintext attack is impossible. But, still Chien-Jan-Tseng's partially blind signature scheme is vulnerable. It fails to satisfy the partial blindness property.
In 1999, Araki et al. proposed a convertible limited verifier signature scheme. In this letter, we propose a universal forgery attack on their scheme. We show that any one can forge a valid signature of a user UA on an arbitrary message.
In an order-specified multisignature scheme, one can verify not only a set of signers who have signed the message but also its signing order. Though we have seen several schemes with such properties proposed, none of them is given the security proof against active adversaries. The scheme can be easily modified to be an order-specified multisignature scheme, but still has the restriction that the possible signing orders are only ones of the type of serial signing. In this paper, we propose the first order-specified multisignature scheme, which is shown to be secure against adaptive chosen-message insider attacks in the random oracle model, and which allows the signing orders to form like any series-parallel graphs. The security is shown by using ID-reduction technique, which reduces the security of multisignature schemes to those of multi-round identification schemes. Furthermore, we discuss the efficiency of the proposed scheme and the upper bound of the possible number of participating signers.
We present an efficiency improvement on an existing unlinkable divisible e-cash system. In the based e-cash system, an e-coin can be divided to spent, and thus the exact payments are available. Furthermore, to protect customer's privacy, the system also satisfies the unlinkability in all the payments, which is not satisfied in other existing divisible e-cash systems. The unlinkability means the infeasibility of determining whether two payments are made by the same customer. However, in the unlinkable divisible e-cash system, the payment protocol needs O(N) computations, and thus inefficient, where N indicates the divisibility precision. For example, in case of N=100,000, about 200,000 exponentiations are needed for the worst. We improve the payment protocol using the tree approach. In case of N=100,000, the protocol with our improvement needs only about 600 exponentiations for the worst. This good result can be obtained for other N which is more than about 100.
Multisignature scheme realizes that plural users generate the signature on a message, and that the signature is verified. Various studies on multisignature have been proposed. They are classified into two types: RSA-based multisignature, and discrete logarithm problem (DLP) based multisignature, all of which assume that a message is fixed beforehand. In a sense, these schemes do not have a feature of message flexibility. Furthermore all schemes which satisfy with order verifiability designate order of signers beforehand. Therefore these protocols have a feature of order verifiability but not order flexibility. For a practical purpose of circulating messages soundly through Internet, a multisignature scheme with message flexibility, order flexibility and order verifiability should be required. However, unfortunately, all previous multisignature do not realize these features. In this paper, we propose a general model of multisignature schemes with flexibility and verifiability. We also present two practical schemes based on DLP based message recover signature and RSA signature, respectively.
A novel protocol scheme is proposed here to compile a program or run a software package. It is a modification where a file can be detected by checking the consistency of the original file with its accompanying digital signature. When an executable program is created it may get infected with some viruses before the signature is attached to it. The infection cannot be detected by signature verification and the origin of the infection cannot be specified either. We propose a signature scheme that let one can sign right in atomic step after the creation of an executable program. Our security-related and cryptographic protocol is used to establish secure communication over insecure open networks and distributed systems. When a server compiles a source program, the compiler automatically creates both the executable program and its signature. Thus no virus can infect the executable programs without being detected. In our proposed signature scheme, the server signature is created a set of proxy secret integers, which is calculated from a compiler maker's secret key. Each server compiler is possessed by its corresponding client user and it is used only when a server secret value is fed into it. The infections of files can be detected by the ordinary server digital signatures. The proposed signature scheme together with the digital signature against infection in the preprocessing step enables us to specify the origin of the infection. Besides that, we also provide the message recovery capability to recover the original file to save the infected files. The most natural extension of this novel protocol scheme is a server-based signature that integrated together with application packages will allow client and the server to commit themselves to one another.
Shin-Jia HWANG Chin-Chen CHANG
In this paper, we propose a new secure server-aided RSA secret computation protocol which guards against not only the attacks in [1],[2],[15],[18] but also the new powerful active attacks in [3],[4]. The new protocol is also efficient to support high security level.
Recently, two new efficient server-aided RSA secret computation protocols were proposed. They are efficient and can guard against some active attacks. In this letter, we propose two multi-round active attacks which can effectively reduce their security level even break them.
Keisuke USUDA Masahiro MAMBO Tomohiko UYEMATSU Eiji OKAMOTO
Computer viruses, hackers, intrusions and ther computer crimes have recently become a serious security problem in information systems. Digital signatures are useful to defend against these threats, especially against computer viruses. This is because a modification of a file can be detected by checking the consistency of the originai file with its accompanying digital signature. But an executable program might have been infected with the viruses before the signature was created. In this case, the infection cannot be detected by signature verification and the origin of the infection cannot be specified either. In this paper, we propose a signature scheme in which one can sign right after the creation of an executable program. That is, when a user compiles a source program, the compiler automatically creates both the executable program and its signature. Thus viruses cannot infect the executable programs without detection. Moreover, we can specify the creator of contaminated executable programs. In our signature scheme, a signature is created from a set of secret integers stored in a compiler, which is calculated from a compiler-maker's secret key. Each compiler is possessed by only one user and it is used only when a secret value is fed into it. In this way a signature of an executable program and the compiler-owner are linked to each other. Despite these measures, an executable program could run abnormally because of an infection in prepro-cessing step, e.g. an infection of library files or included files. An infection of these files is detected by ordinary digital signatures. The proposed signature scheme together with digital signature against infection in the preprocessing step enables us to specify the origin of the infection. The name of the signature creator is not necessary for detecting an infection. So, an owner's public value is not searched in our scheme, and only a public value of a compiler-maker is required for signature verification. Furthermore, no one can use a compiler owned by another to create a proper signature.