Since the appearance of public-key cryptography in the seminal Diffie-Hellman paper, many new schemes have been proposed and many have been broken. Thus, the

We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy). Our constructions are based on the recently proposed GDH signature scheme of Boneh et al. [8]. Due to the instrumental structure of GDH groups and of the base scheme, it turns out that most of our constructions are simpler, more efficient and have more useful properties than similar existing constructions. We support all the proposed schemes with proofs under the appropriate computational assumptions, using the corresponding notions of security.

We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the so-called Strong RSA Assumption. Moreover, a hash function can be incorporated into the scheme in such a way that it is also secure in the random oracle model under the standard RSA Assumption.

Abstract not found

This paper presents a simple and generic conversion from a publickey encryption scheme which is indistinguishable against chosen-plaintext attacks into a public-key encryption scheme which is indistinguishable against adaptive chosen-ciphertext attacks in the random oracle model. The scheme obtained by the conversion is as efficient as the original encryption scheme and the security reduction is very tight in the exact security manner.

The aim of electronic voting schemes is to provide a set of protocols that allow voters to cast ballots while a group of authorities collect the votes and output the final tally. In this paper we describe a practical multi-candidate election scheme that guarantees privacy of voters, public verifiability, and robustness against a coalition of malicious authorities. Furthermore, we address the problem of receipt-freeness and incoercibility of voters. Our new scheme is based on the Paillier cryptosystem and on some related zero-knowledge proof techniques. The voting schemes are very practical and can be efficiently implemented in a real system. Keywords: Homomorphic cryptosystems, High-Residuosity Assumption, Practical Voting scheme, threshold cryptography 1

Abstract We introduce a new class of computational problems which we call the "one-more-RSAinversion " problems. Our main result is that two problems in this class, which we call the chosen-target and known-target inversion problems respectively, have polynomially-equivalent computational complexity. We show how this leads to a proof of security for Chaum's RSA-based blind signature scheme in the random oracle model based on the assumed hardness of either of these problems. We define and prove analogous results for "one-more-discrete-logarithm " problems. Since the appearence of the preliminary version of this paper, the new problems we have introduced have found other uses as well.

This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies

Abstract. In this paper we construct a practical group blind signature scheme. Our scheme combines the already existing notions of blind signatures and group signatures. It is an extension of Camenisch and Stadler’s Group Signature Scheme [5] that adds the blindness property. We show how to use our group blind signatures to construct an electronic cash system in which multiple banks can securely distribute anonymous and untraceable e-cash. Moreover, the identity of the e-cash issuing bank is concealed, which is conceptually novel. The space, time, and communication complexities of the relevant parameters and operations are independent of the group size. 1

We present a novel parallel one-more signature forgery against blind Okamoto-Schnorr and blind Schnorr signatures in which an attacker interacts some l times with a legitimate signer and produces from these interactions l + 1 signatures. Security against the new attack requires that the following ROS-problem is intractable: find an overdetermined, solvable system of linear equations modulo q with random inhomogenities (right sides). There is an inherent weakness in the security result of Pointcheval and Stern. Theorem 26 [PS00] does not cover attacks with 4 parallel interactions for elliptic curves of order 2 200 . That would require the intractability of the ROS-problem, a plausible but novel complexity assumption. Conversely, assuming the intractability of the ROS-problem, we show that Schnorr signatures are secure in the random oracle and generic group model against the one-more signature forgery.