The notion of anonymous signatures has recently been formalized by [18], which captures an interesting property that a digital signature can sometimes hide the identity of the signer, if the message is hidden from the verifier. However, in many practical applications, e.g., an anonymous paper review system mentioned in [18], the message for anonymous authentication is actually known to the verifier. This implies that the effectiveness of previous anonymous signatures may be unjustified in these applications. In this paper, we extend the previous models, and develop a related primitive called strong anonymous signatures. For strong anonymous signatures, the identity of the signer remains secret even if the challenge message is chosen by an adversary. We then demonstrate some efficient constructions and prove their security in our model.

A group signature scheme introduced by Chaum and Van Heyst allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signer of a group signature can be revealed only by a privileged entity, called a group manager. The group signature scheme has mainly been studied from the viewpoint of computational security setting so far. The main contribution of this paper is to study group signature schemes in unconditional security. More specifically, we newly introduce strong security notions of unconditionally secure group signatures (USGS for short) based on the idea of those of computationally secure group signatures proposed by Bellare, Micciancio and Warinschi. We also provide a generic method to construct USGS that is provably secure in our security definition. More precisely, we construct USGS by combining an encryption scheme with a signature, and show that the constructed scheme is unconditionally secure if the encryption and the signature used in the construction are unconditionally secure. Finally, we provide an instantiation of the one-time secure group signature scheme based on the generic construction.

We explicitly describe and analyse blind hierachical identity-based encryption (blind HIBE) schemes, which are natural generalizations of blind IBE schemes [20]. We then uses the blind HIBE schemes to construct: (1) An identity-based blind signature scheme secure in the standard model, under the computational Diffie-Hellman (CDH) assumption, and with much shorter signature size and lesser communication cost, compared to existing proposals. (2) A new mechanism supporting a user to buy digital information over the Internet without revealing what he/she has bought, while protecting the providers from cheating users.

By modifying the private key and the public key setting in Boneh-Lynn-Shacham's short signature shcheme, a variation of BLS' short signature scheme is proposed. Based on this variation, we present a very efficient threshold signature scheme where the number of pairing computation for the signaure share verification reduces to half.

Sanitizable signatures allow sanitizers to delete some pre-determined parts of a signed document without invalidating the signature. While ordinary sanitizable signatures allow verifiers to know how many subdocuments have been sanitized, invisibly sanitizable signatures do not leave any clue to the sanitized subdocuments; verifiers do not know whether or not sanitizing has been performed. Previous invisibly sanitizable signature scheme was constructed based on aggregate signature with pairings. In this article, we present the first invisibly sanitizable signature without using pairings. Our proposed scheme is secure under the RSA assumption.

Even though it is very important to retrieve similar trajectories with a given query trajectory, there has been a little research on trajectory retrieval in spatial networks, like road networks. In this paper, we propose an efficient indexing scheme for retrieving moving object trajectories in spatial networks. For this, we design a signature-based indexing scheme for efficiently dealing with the trajectories of current moving objects as well as for maintaining those of past moving objects. In addition, we provide an insertion algorithm for storing the segment information of a moving object trajectory as well as a retrieval algorithm to find a set of moving objects whose trajectories match the segments of a query trajectory. Finally, we show that our signature-based indexing scheme achieves at least twice better performance on trajectory retrieval than the leading trajectory indexing schemes, such as TB-tree, FNR-tree, and MON-tree.

In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

In a linkable ring signature scheme, a signer himself selects a set of parties called a "ring" and signs the messages on behalf of the ring. Any party can know whether or not the ring signatures are made by the same signer, although the party cannot know the identity of the actual signer. Au, Liu, Susilo, and Yuen proposed an ID-based linkable ring signature scheme and an ID-based revocable-iff-linked ring signature scheme. With a revocable-iff-linked ring signature scheme, any party can recover the identity of the signer, if the signer makes two or more ring signatures. In this paper, we show that Au et al.'s revocable-iff-linked ring signature scheme does not provide anonymity, even if the signer makes only one ring signature. Anonymity is one of the most basic security requirements of ring signatures.

In a seminal paper of identity based encryption (IBE), Boneh and Franklin [6] mentioned an interesting transform from an IBE scheme to a signature scheme, which was observed by Moni Naor. In this paper, we give formal security treatments for this transform and discover several implications and separations among security notions of IBE and transformed signature. For example, we show for such a successful transform, one-wayness of IBE is an essential condition. Additionally, we give a sufficient and necessary condition for converting a semantically secure IBE scheme into an existentially unforgeable signature scheme. Our results help establish strategies on design and automatic security proof of signature schemes from (possibly weak) IBE schemes. We also show some separation results which strongly support that one-wayness, rather than semantic security, of IBE captures an essential condition to achieve secure signature.

We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features: 1) no one, not even an authority, can identify users who have been authenticated within the allowable number, 2) anyone can trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

In 2006, Miranda et al. proposed an anonymity scheme to achieve peers' anonymity in Peer-to-Peer (P2P) reputation systems. In this paper, we show that this scheme can not achieve peers' anonymity in two cases. We also propose an improvement which solves the problem and improves the degree of anonymity.

The development of network technology reveals the clear trend that mobile devices will soon be equipped with more and more network-based functions and services. This increase also results in more intrusions and attacks on mobile devices; therefore, mobile security mechanisms are becoming indispensable. In this paper, we propose a novel signature matching scheme for mobile security. This scheme not only emphasizes a small resource requirement and an optimal scan speed, which are both important for resource-limited mobile devices, but also focuses on practical features such as stable performance, fast signature set updates and hardware implementation. This scheme is based on the finite state machine (FSM) approach widely used for string matching. An SRAM-based two-level finite state machine (TFSM) solution is introduced to utilize the unbalanced transition distribution in the original FSM to decrease the memory requirement, and to shorten the critical path of the single-FSM solution. By adjusting the boundary of the two FSMs, optimum memory usage and throughput are obtainable. The hardware circuit of our scheme is designed and evaluated by both FPGA and ASIC technology. The result of FPGA evaluation shows that 2,168 unique patterns with a total of 32,776 characters are stored in 177.75 KB SelectRAM blocks of Xilinx XC4VLX40 FPGA and a 3.0 Gbps throughput is achieved. The result of ASIC evaluation with 180 nm-CMOS library shows a throughput of over 4.5 Gbps with 132 KB of SRAM. Because of the small amount of memory and logic cell requirements, as well as the scalability of our scheme, higher performance is achieved by instantiating several signature matching engines when more resources are provided.

In this letter, a decision-directed MOE detector with excellent robustness against signature waveform mismatch is proposed for DS-CDMA systems. Both the theoretic analysis and computer simulation results demonstrate that the proposed detector can provide better SINR performance than that of conventional detectors.

In on-line signature verification, complexity of signature shape can influence the value of the optimal threshold for individual signatures. Writer-dependent threshold selection has been proposed but it requires forgery data. It is not easy to collect such forgery data in practical applications. Therefore, some threshold equalization method using only genuine data is needed. In this letter, we propose three different threshold equalization methods based on the complexity of signature. Their effectiveness is confirmed in experiments using a multi-matcher DWT on-line signature verification system.

In this letter, we improve NF'07 (Nakanishi and Funabiki) VLR group signature scheme such that it satisfies exculpability and has lower computation costs. In the proposed scheme, a group member generates his own private key together with the group manager in order to realize exculpability while the signature size is not made longer. Also, a new revocation check method is proposed at the step of verifying, and the computation costs of verifying are independent of the number of the revoked members, while they are linear with the number of the revoked members in the original scheme. Thus, the proposed scheme is more efficient than the original scheme and can be applicable to mobile environments such as IEEE 802.1x.

In a proxy multi-signature scheme, a designated proxy signer can generate the signature on behalf of a group of original signers. Recently, Wang and Cao proposed an identity based proxy multi-signature scheme along with a security model. Although they proved that their scheme is secure under this model, we disprove their claim and show that their scheme is not secure.

In this paper, a generalized Montgomery multiplication algorithm in GF(2m) using the Toeplitz matrix-vector representation is presented. The hardware architectures derived from this algorithm provide low-complexity bit-parallel systolic multipliers with trinomials and pentanomials. The results reveal that our proposed multipliers reduce the space complexity of approximately 15% compared with an existing systolic Montgomery multiplier for trinomials. Moreover, the proposed architectures have the features of regularity, modularity, and local interconnection. Accordingly, they are well suited to VLSI implementation.

Unforgeability of digital signatures is closely related to the security of hash functions since hashing messages, such as hash-and-sign paradigm, is necessary in order to sign (arbitrarily) long messages. Recent successful collision finding attacks against practical hash functions would indicate that constructing practical collision resistant hash functions is difficult to achieve. Thus, it is worth considering to relax the requirement of collision resistance for hash functions that is used to hash messages in signature schemes. Currently, the most efficient strongly unforgeable signature scheme in the standard model which is based on the CDH assumption (in bilinear groups) is the Boneh-Shen-Waters (BSW) signature proposed in 2006. In their scheme, however, a collision resistant hash function is necessary to prove its security. In this paper, we construct a signature scheme which has the same properties as the BSW scheme but does not rely on collision resistant hash functions. Instead, we use a target collision resistant hash function, which is a strictly weaker primitive than a collision resistant hash function. Our scheme is, in terms of the signature size and the computational cost, as efficient as the BSW scheme.

In [13], we proposed new decision problems related to lattices, and proved their NP-completeness. In this paper, we present a new public-key identification scheme and a digital signature scheme based on one of the problems in [13]. We also prove the security of our schemes under certain assumptions, and analyze the efficiency of ours.

Previously proposed batch signature schemes do not allow a signer to generate a signature immediately for sequentially asked signing queries. In this letter, we propose flexible batch signatures which do not need any waiting period and have very light computational overhead. Therefore our schemes are well suited for low power devices.