Sharif Digital Repository

The notion of identity-based proxy signature with message recovery feature has been proposed to shorten identity-based proxy signatures and improve their communication overhead because signed messages are not transmitted with these kinds of signatures. There are a few schemes for this notion: the schemes of Singh and Verma and Yoon et al. Unfortunately, Tian et al., by presenting two forgery attacks, show that Singh and Verma scheme is not secure, and also, the scheme of Yoon et al. does not support provable security. The contributions of this paper are twofold. First, we review the scheme by Yoon et al. and discuss why it does not have message recovery property, and consequently, it is not... 

With the advent of cloud computing and Internet of Things and delegation of data collection and aggregation to third parties, the results of the computations should be verified. In distributed models, there are multiple sources. Each source creates authenticators for the values and sends them to the aggregator. The aggregator combines the authenticated values and creates a verification object for verifying the computation/aggregation results. In this paper, we propose two constructions for verifying the results of countable and window-based countable functions. These constructions are useful for aggregate functions such as median, max/min, top-k/first-k, and range queries, where the... 

Proxy signatures allow an entity to delegate its signing capability to a proxy which can sign messages on behalf of the delegator. We examine identity-based versions of proxy signatures which employ identity strings in place of randomly generated public keys. First, we give a new generic construction of identity-based proxy signatures from identity-based standard signatures and show that our generic construction is secure if the underlying identity-based standard signature is secure. In addition, we present the first identity-based proxy signature from Rivest, Shamir and Adleman (RSA), secure under the one-wayness of RSA in the random oracle model. We should highlight that the proxy key... 

Identity-based proxy ring signature concept was introduced by Cheng et al. in 2004. This primitive is useful where the privacy of proxy signers is required. In this paper, the first short provably secure identity-based proxy ring signature scheme from RSA assumption has been proposed. In addition, the security of the proposed scheme tightly reduces to the RSA assumption, and therefore, the proposed scheme has a proper advantage in security reduction compared to the ones from RSA. The proposed scheme not only outperforms the existing schemes in terms of efficiency and practicality, but also does not suffer from the proxy key exposure attack due to the use of the sequential aggregation... 

Code-based digital signatures suffer from two main drawbacks: Large public key size and slow signature generation. Large public key size is inherent in almost all the code-based cryptosystems and other post-quantum alternatives; however, slow signature generation is due to their specific structure. Most of the current code-based signature schemes are constructed based on Courtois, Finiasz, and Sendrier (CFS) signature. CFS uses a counter to produce decodable syndromes or the complete decoding technique that imposes some extra computational cost to the signing algorithm for many choices of codes. In this study, the authors propose an efficient digital signature, PolarSig, which can reduce... 

The notion of identity-based proxy signature with message recovery feature has been proposed to shorten identity-based proxy signatures and improve their communication overhead because signed messages are not transmitted with these kinds of signatures. There are a few schemes for this notion: the schemes of Singh and Verma and Yoon et al. Unfortunately, Tian et al., by presenting two forgery attacks, show that Singh and Verma scheme is not secure, and also, the scheme of Yoon et al. does not support provable security. The contributions of this paper are twofold. First, we review the scheme by Yoon et al. and discuss why it does not have message recovery property, and consequently, it is not... 

An Optimistic fair exchange (OFE) protocol is a good way for two parties to exchange their digital items in a fair way such that at the end of the protocol, both of them receive their items or none of them receives anything. In 2008, Huang et al. presented an efficient OFE protocol, but there is a security problem in their scheme. If the trusted third party (TTP) is dishonest and colludes with the verifier, the TTP can complete the transaction without getting signer's agreement. To solve this problem, we propose an OFE protocol in which there is a tracing algorithm to detect the party who completes the transaction. Furthermore, we obtain the accountability property introduced by Huang et al.... 

Proxy ring (anonymous proxy) signatures allow an entity to delegate its signing capability to a group of entities (proxy group) such that only one of the members in the proxy group can generate a proxy signature on behalf of the delegator, while privacy of the proxy signer is protected. Identity-based versions of proxy ring signatures employ identity strings in place of randomly generated public keys. Our contribution is twofold. First, we formalize a security model for identity-based proxy ring signatures. We note that there exists no formal security model for identity-based proxy ring signatures prior to our work. Second, we present the first provably secure identity-based proxy ring... 

Strong Designated Verifier Signature (SDVS) provides authentication for the signer and the verifier such that the signer is assured that what s/he has signed, is only verified by the designated verifier. Currently, the security of most of the SDVS schemes is based on hard problems in the number theory. As it is proved that all kinds of cryptosystems which are based on the number theory will not tolerate quantum attacks, here, an SDVS scheme based on hard problems in coding theory is presented. We have proved that the suggested scheme is unforgeable under a chosen message attack in Random Oracle Model. Copyright © 2016 John Wiley & Sons, Ltd. Copyright © 2016 John Wiley & Sons, Ltd  

Signatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are helpful where bandwidth is one of the critical concern. This primitive is especially used for signing short messages in applications such as time stamping, certified email services, and identity-based cryptosystems. In this paper, to have quantum-attack-resistant short signatures, the first signature scheme with partially message recovery based on coding theory is presented. Next, it is shown that the proposal is secure under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially... 

Concurrent signatures allow two entities to generate two signatures in such a way that both signatures are ambiguous till some information is revealed by one of the parties. This kind of signature is useful in auction protocols and in a wide range of scenarios in which involving participants are mutually distrustful. In this study, to have quantum-attack-resistant concurrent signatures as recommended by National Institute of Standards and Technology (NISTIR 8105), the first concurrent signature scheme based on coding theory is proposed. Then, its security is proved under Goppa Parameterized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. In... 

Strong designated verifier signature (SDVS) is characterized by two properties; namely the nontransferability and the privacy of the signer's identity (PSI). Non-transferability prevents anyone else other than the designated verifier to verify the signature, while PSI prevents a third party to distinguish between two different signers. In this paper, we propose a non-delegatable SDVS which uses a trusted third party for the key generation. Our signature scheme does not use bilinear pairings which makes it suitable for the resource constraint applications. Using one-way homomorphic functions, our scheme is presented at an abstract level, the unification of which was noticed by Maurer in the... 

The notions of identity-based multi-proxy signature, proxy multi-signature and multi-proxy multi-signature have been proposed to facilitate public key certificate management of these kinds of signatures by merely employing signer's identities in place of the public keys and their certificates. In the literature, most identity-based multi-proxy signature, proxy multi-signature and multi-proxy multi-signature schemes are based on bilinear pairings. Without incorporating bilinear pairings, Tiwari and Padhye proposed an identity-based proxy multi-signature scheme in 2011. Subsequently, an identity-based multi-proxy multi-signature scheme was proposed by Tiwari et al. in 2012. First, we review...