In this letter, we propose a new secure and efficient certificateless aggregate signature scheme which has the advantages of both certificateless public key cryptosystem and aggregate signature. Based on the computational Diffie-Hellman problem, our scheme can be proven existentially unforgeable against adaptive chosen-message attacks. Most importantly, our scheme requires short group elements for aggregate signature and constant pairing computations for aggregate verification, which leads to high efficiency due to no relations with the number of signers.

Multivariate Public Key Cryptosystems (MPKC) are candidates for post-quantum cryptography. Rainbow is a digital signature scheme in MPKC, whose signature generation and verification are relatively efficient. However, the security of MPKC depends on the difficulty in solving a system of multivariate polynomials, and the key length of MPKC becomes substantially large compared with that of RSA cryptosystems for the same level of security. The size of the secret and public keys in MPKC has been reduced in previous research. The NC-Rainbow is a signature scheme in MPKC, which was proposed in order to reduce the size of secret key of Rainbow. So far, several attacks against NC-Rainbow have been proposed. In this paper, we summarize attacks against NC-Rainbow, containing attacks against the original Rainbow, and analyze the total security of NC-Rainbow. Based on the cryptanalysis, we estimate the security parameter of NC-Rainbow at the several security level.

Verifiable random functions (VRF), proposed in 1999, and selectively convertible undeniable signature (SCUS) schemes, proposed in 1990, are apparently thought as independent primitives in the literature. In this paper, we show that they are tightly related in the following sense: VRF is exactly SCUS; and the reverse also holds true under a condition. This directly yields several deterministic SCUS schemes based on existing VRF constructions. In addition, we create a new probabilistic SCUS scheme, which is very compact. We build efficient confirmation and disavowal protocols for the proposed SCUS schemes, based on what we call zero-knowledge protocols for generalized DDH and non-DDH. These zero-knowledge protocols are built either sequential, concurrent, or universally composable.

A recursive construction of (k+1)-ary error-correcting signature code is proposed to identify users for MAAC, even in the presence of channel noise. The recursion is originally from a trivial signature code. In the (j-1)-th recursion, from a signature code with minimum distance of 2j-2, a longer and larger signature code with minimum distance of 2j-1 is obtained. The decoding procedure of signature code is given, which consists of error correction and user identification.

The topic of retrieving videos containing a desired person from a dataset just using the content of faces without any help of textual information has many interesting applications like video surveillance, social network, video mining, etc. However, traditional face matching against a huge number of detected faces leads to an unacceptable response time and may also reduce the accuracy due to the large variations in facial expressions, poses, lighting, etc. Therefore, in this paper we propose a novel method to generate discriminative “signatures” for efficiently retrieving the videos containing the same person with a query. In this research, the signature is defined as a compact, discriminative and reduced dimensionality representation, which is generated from a set of high-dimensional feature vectors of an individual. The desired videos are retrieved based on the similarities between the signature of the query and those of individuals in the database. In particular, we make the following contributions. Firstly, we give an algorithm of two directional linear discriminant analysis with maximum correntropy criterion (2DLDA-MCC) as an extension to our recently proposed maximum correntropy criterion based linear discriminant analysis (LDA-MCC). Both algorithms are robust to outliers and noise. Secondly, we present an approach for transferring a set of exemplars to a fixed-length signature using LDA-MCC and 2DLDA-MCC, resulting in two kinds of signatures that are called 1D signature and 2D signature. Finally, a novel video retrieval scheme is given based on the signatures, which has low storage requirement and can achieve a fast search. Evaluations on a large dataset of videos show reliable measurement of similarities by using the proposed signatures to represent the identities generated from videos. Experimental results also demonstrate that the proposed video retrieval scheme has the potential to substantially reduce the response time and slightly increase the mean average precision of retrieval.

In 2004, Menezes and Smart left an open problem that is whether there exists a realistic scenario where message and key substitution (MKS) attacks can have damaging consequences. In this letter, we show that MKS attacks can have damaging consequences in practice, by pointing out that a verifiably encrypted signature (VES) scheme is not opaque if MKS attacks are possible.

At Eurocrypt'03, Boneh, Gentry, Lynn and Shacham proposed a pairing based verifiably encrypted signature scheme (the BGLS-VES scheme). In 2004, Hess mounted an efficient rogue-key attack on the BGLS-VES scheme in the plain public-key model. In this letter, we show that the BGLS-VES scheme is not secure in the proof of possession (POP) model.

Observing the security of existing identity-based proxy signature schemes was proven in the random oracle model, Cao et al. proposed the first direct construction of identity-based proxy signature secure in the standard model by making use of the identity-based signature due to Paterson and Schuldt. They also provided a security proof to show their construction is secure against forgery attacks without resorting to the random oracles. Unfortunately, in this letter, we demonstrate that their scheme is vulnerable to insider attacks. Specifically, after a private-key extraction query, an adversary, behaving as a malicious original signer or a malicious proxy signer, is able to violate the unforgeability of the scheme.

At Eurocrypt'2006, Lu et al. proposed a pairing based verifiably encrypted signature scheme (the LOSSW-VES scheme) without random oracles. In this letter, we show that the LOSSW-VES scheme does not have opacity against rogue-key attacks.

In this paper, we present a framework to construct message recovery signature schemes from Sigma-protocols. The key technique of our construction is the redundancy function that adds some redundancy to the message only legitimately signed and recovered message can have. We provide a characterization of the redundancy functions that make the resulting message recovery signature scheme proven secure. Our framework includes known schemes when the building blocks are given concrete implementations, i.e., random oracles and ideal ciphers, hence presents insightful explanation to their structure.

In this letter, we point out that key substitution attacks should be taken into account for multisignature schemes, which implies that the existing security notions for multisignature schemes are not sufficient. As an example, we show that the multisignature scheme proposed by Boldyreva at PKC'03 is susceptible to key substitution attacks.

Multimedia transactions between vehicles are expected to become a promising application in VANETs but security is a fundamental issue that must be resolved before such transactions can become practical and trusted. Existing certificate-based digital signature schemes are ineffective for ensuring the security of multimedia transactions in VANETs. This ineffectiveness exists because there is no guarantee that (1) vehicles can download the latest certificate revocation lists or that (2) vehicles can complete a multimedia transaction before leaving their communication range. These two problems result, respectively, from a lack of infrastructure and from the inconsistent connectivity inherent in VANETs. In this paper, we propose a digital signature approach that combines a certificateless signature scheme and short-lived public keys to alleviate these problems. We then propose a security protocol that uses the proposed signature approach for multimedia transactions between vehicles. The proposed protocol enables vehicles to trade in multimedia resources without an online trust authority. We provide an analytical approach to optimizing the security of the proposed protocol. The security and performance of our protocol are evaluated via simulation and theoretical analysis. Based on these evaluations, we contend that the proposed protocol is practical for multimedia transactions in VANETs in terms of security and performance.

Let G be a connected graph in which we designate a vertex or a block (a biconnected component) as the center of G. For each cut-vertex v, let Gv be the connected subgraph induced from G by v and the vertices that will be separated from the center by removal of v, where v is designated as the root of Gv. We consider the set R of all such rooted subgraphs in G, and assign an integer, called an index, to each of the subgraphs so that two rooted subgraphs in R receive the same indices if and only if they are isomorphic under the constraint that their roots correspond each other. In this paper, assuming a procedure for computing a signature of each graph in a class of biconnected graphs, we present a framework for computing indices to all rooted subgraphs of a graph G with a center which is composed of biconnected components from . With this framework, we can find indices to all rooted subgraphs of a outerplanar graph with a center in linear time and space.

Strong designated verifier signature scheme (SDVS) allows a verifier to privately check the validity of a signature. Recently, Huang et al. first constructed an identity-based SDVS scheme (HYWS) in a stronger security model with non-interactive proof of knowledge, which holds the security properties of unforgeability, non-transferability, non-delegatability, and privacy of signer's identity. In this paper, we show that their scheme does not provide the claimed properties. Our analysis indicates that HYWS scheme neither resist on the designated verifier signature forgery nor provide simulation indistinguishability, which violates the security properties of unforgeability, non-delegatability and non-transferability.

Since wireless sensor networks (WSNs) are resources-constrained, it is very essential to gather data efficiently from the WSNs so that their life can be prolonged. Data aggregation can conserve a significant amount of energy by minimizing transmission cost in terms of the number of data packets. Many applications require privacy and integrity protection of the sampled data while they travel from the source sensor nodes to a data collecting device, say a query server. However, the existing schemes suffer from high communication cost, high computation cost and data propagation delay. To resolve the problems, in this paper, we propose a new and efficient integrity protecting sensitive data aggregation scheme for WSNs. Our scheme makes use of the additive property of complex numbers to achieve sensitive data aggregation with protecting data integrity. With simulation results, we show that our scheme is much more efficient in terms of both communication and computation overheads, integrity checking and data propagation delay than the existing schemes for protecting integrity and privacy preserving data aggregation in WSNs.

This paper presents a new non-interactive multi-trapdoor commitment scheme from the standard RSA assumption. Multi-trapdoor commitment is a stronger variant of trapdoor commitment. Its notion was introduced by Gennaro at CRYPTO 2004. Multi-trapdoor commitment schemes are very useful because we can convert a non-interactive multi-trapdoor commitment scheme into a non-interactive and reusable non-malleable commitment scheme by using one-time signature and transform any proof of knowledge into a concurrently non-malleable one (this can be used as concurrently secure identification). Gennaro gave concrete constructions of multi-trapdoor commitment, but its security relies on stronger assumptions, such as the strong RSA assumption and the q-strong Diffie-Hellman assumption as opposed to our construction based on the standard RSA assumption. As a corollary of our results, we constructed a non-interactive and reusable non-malleable commitment scheme from the standard RSA assumption. Our scheme is based on the Hohenberger-Waters (weak) signature scheme presented at CRYPTO 2009. Several non-interactive and reusable non-malleable commitment schemes (in the common reference string model) have been proposed, but they all rely on stronger assumptions (such as the strong RSA assumption). Thus, we give the first construction of a non-interactive and reusable non-malleable commitment scheme from the standard RSA assumption.

Undeniable signature, and unpretendable signature schemes have been studied independently. In this paper, efficient schemes which serve as both at the same time are presented. The schemes find their typical application in anonymous auction where the winner cannot deny her bid; nobody can pretend to be the winner; and the anonymity of all losers is preserved. The security of the schemes is proved in the common reference string model under discrete logarithm type assumptions.

In Wireless Sensor Networks (WSNs), authentication is a crucial security requirement to avoid attacks against secure communication, and to mitigate against DoS attacks exploiting the limited resources of sensor nodes. Resource constraints of sensor nodes are hurdles in applying strong public key cryptographic based mechanisms in WSNs. To address the problem of authentication in WSNs, we propose an efficient and secure framework for authenticated broadcast/multicast by sensor nodes as well as for outside user authentication, which utilizes identity based cryptography and online/offline signature (OOS) schemes. The primary goals of this framework are to enable all sensor nodes in the network, firstly, to broadcast and/or multicast an authenticated message quickly; secondly, to verify the broadcast/multicast message sender and the message contents; and finally, to verify the legitimacy of an outside user. This paper reports the implementation and experimental evaluation of the previously proposed authenticated broadcast/multicast by sensor nodes scheme using online/offline signature on TinyOS and MICA2 sensor nodes.

At Asiacrypt'2001, Courtois, Finiasz and Sendrier proposed the first coding-based signature scheme which is also known as the CFS signature. The CFS signature is seen as one of the candidates of quantum immune signatures. In this letter, we show that the CFS signature is susceptible to both strong-key substitution attacks and weak-key substitution attacks. We also discuss potential countermeasures.

Traceable ring signatures, proposed at PKC'07, are a variant of ring signatures, which allow a signer to anonymously sign a message with a tag behind a ring, i.e., a group of users chosen by the signer, unless he signs two messages with the same tag. However, if a signer signs twice on the same tag, the two signatures will be linked and the identity of the signer will be revealed when the two signed messages are different. Traceable ring signatures can be applied to anonymous write-in voting without any special voting authority and electronic coupon services. The previous traceable ring signature scheme relies on random oracles at its security and the signature size is linear in the number of ring members. This paper proposes the first secure traceable ring signature schemes without random oracles in the common reference string model. In addition, the proposed schemes have a signature size of O(), where N is the number of users in the ring.