Results 1  10
of
12
Security Arguments for Digital Signatures and Blind Signatures
 JOURNAL OF CRYPTOLOGY
, 2000
"... Since the appearance of publickey cryptography in the seminal DiffieHellman paper, many new schemes have been proposed and many have been broken. Thus, the ..."
Abstract

Cited by 350 (40 self)
 Add to MetaCart
Since the appearance of publickey cryptography in the seminal DiffieHellman paper, many new schemes have been proposed and many have been broken. Thus, the
Efficient Blind and Partially Blind Signatures Without Random Oracles
, 2006
"... This paper proposes a new efficient signature scheme from bilinear maps that is secure in the standard model (i.e., without the random oracle model). Our signature scheme is more effective in many applications (e.g., blind signatures, group signatures, anonymous credentials etc.) than the existing ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
This paper proposes a new efficient signature scheme from bilinear maps that is secure in the standard model (i.e., without the random oracle model). Our signature scheme is more effective in many applications (e.g., blind signatures, group signatures, anonymous credentials etc.) than the existing secure signature schemes in the standard model. As typical applications of our signature scheme, this paper presents efficient blind signatures and partially blind signatures that are secure in the standard model. Here, partially blind signatures are a generalization of blind signatures (i.e., blind signatures are a special case of partially blind signatures) and have many applications including electronic cash and voting. Our blind signature scheme is more efficient than the existing secure blind signature schemes in the standard model such as the CamenischKoprowskiWarinsch [9] and JuelsLubyOstrovsky [24] schemes. Our partially blind signature scheme is the first one that is secure in the standard model and it is also efficient (as efficient as our blind signatures). The security proof of our blind and partially blind signature schemes requires the 2SDH assumption, a stronger variant of the SDH assumption introduced by Boneh and Boyen [7]. This paper also presents an efficient way to convert our (partially) blind signature scheme in the standard model to a scheme secure for a concurrent run of users in the common reference string (CRS) model. Finally, we present a blind signature scheme based on the Waters signature scheme.
Efficient blind signatures without random oracles
 In Carlo Blundo and Stelvio Cimato, editors, SCN 2004
, 2004
"... Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We dev ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the CramerShoupFischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient twoparty computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles. 1
The composite discrete logarithm and secure authentication
 In Public Key Cryptography
, 2000
"... Abstract. For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certifica ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
Abstract. For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certification and users ’ anonymity. Therefore, he proposed the concept of blind signatures. For all those problems, and furthermore for online authentication, zeroknowledge proofs of knowledge became a very powerful tool. Nevertheless, high computational load is often the drawback of a high security level. More recently, witnessindistinguishability has been found to be a better property that can conjugate security together with efficiency. This paper studies the discrete logarithm problem with a composite modulus and namely its witnessindistinguishability. Then we offer new authentications more secure than factorization and furthermore very efficient from the prover point of view. Moreover, we significantly improve the reduction cost in the security proofs of Girault’s variants of the Schnorr schemes which validates practical sizes for security parameters. Finally, thanks to the witnessindistinguishability of the basic protocol, we can derive a blind signature scheme with security related to factorization.
Strengthened security for blind signatures
 Advances in CryptologyEurocrypt 1998, LNCS 1403
, 1998
"... Abstract. Provable security is a very nice property for cryptographic protocols. Unfortunately, in many cases, this is at the cost of a considerable loss in terms of efficiency. More recently, a new approach to achieve some kind of provable security was explored using the socalled “random oracle mo ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Provable security is a very nice property for cryptographic protocols. Unfortunately, in many cases, this is at the cost of a considerable loss in terms of efficiency. More recently, a new approach to achieve some kind of provable security was explored using the socalled “random oracle model”. Last year, Stern and the author studied the security of blind signatures in this model. We first defined appropriate notions of security for electronic cash purpose, then, we proposed the first efficient and provably secure schemes. Unfortunately, even if our proof prevents a user from spending more coins than he had withdrawn, this is only if the number of withdrawn coins is polylogarithmically bounded. In this paper, we propose a generic transformation of those schemes which extends the security even after polynomially many withdrawals. Moreover, this transformation keeps the scheme efficient and so can be used in a secure and efficient anonymous offline electronic cash system.
A User Efficient Fair Blind Signature Scheme for Untraceable Electronic Cash
 Journal of Information Science and Engineering
"... Blind signatures have been widely adopted to construct untraceable electronic cash systems since they are both unlinkable and unforgeable. Although unlinkability protects the privacy of customers and users, it may be abused by criminals for such purposes as to launder money or to safely get a ransom ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Blind signatures have been widely adopted to construct untraceable electronic cash systems since they are both unlinkable and unforgeable. Although unlinkability protects the privacy of customers and users, it may be abused by criminals for such purposes as to launder money or to safely get a ransom. The techniques of fair blind signatures are developed to deal with the abuse of unlinkability. In this paper we propose a user efficient fair blind signature scheme which makes it possible for a government or a judge to recover the link between a signature and the instance of the signing protocol which produces that signature when the unlinkability property is abused. Only two integers are required to form a signature in the proposed fair blind signature scheme. Furthermore, it only takes several modular multiplications for a user to obtain and verify a signature. It turns out that the scheme is suitable for situations where computation capability of users or customers is limited, such as smart cards and mobile units. Compared with existing blind signature schemes proposed in the literatures, our method reduces the computation required of users by more than 99%.
ManyTime Restrictive Blind Signatures
, 1999
"... Probably the most successful application of blind signatures is electronic cash. In order to avoid multiple copies of the same electronic coin, onetime blind signatures are of particular importance, i.e., a recipient can obtain a signature for at most one message from each interaction with a signer ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Probably the most successful application of blind signatures is electronic cash. In order to avoid multiple copies of the same electronic coin, onetime blind signatures are of particular importance, i.e., a recipient can obtain a signature for at most one message from each interaction with a signer. In offine electronic cash, customers who spend their electronic coins more than a specified number of times should get identified at least after the fact. This can be ensured by onetime restrictive blind signatures. Another important application of blind signatures are untraceable membership cards that can be used arbitrarily often, but only by their respective owners. An efficient cryptographic approach was presented at the Information Hiding Workshop '98. At its heart, a special signature scheme is specified and used for which no implementation has been given yet. It turns out that manytime restrictive blind signatures meet this specification. We present a first implementation of this n...
A New Blind IdentityBased Signature Scheme with Message Recovery
"... Abstract Anonymity of consumers is an essential functionality that should be supported in ecash systems, locations based services, electronic voting systems as well as digital rights management system. Privacy protection is an important aspect for wider acceptance of consumers of DRM systems. The ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract Anonymity of consumers is an essential functionality that should be supported in ecash systems, locations based services, electronic voting systems as well as digital rights management system. Privacy protection is an important aspect for wider acceptance of consumers of DRM systems. The concept of a blind signature is one possible cryptographic solution, yet it has not received much attention in the identitybased setting. In the identitybased setting, the public key of a user is derived from his identity, thus simplifying certificates management process compared to traditional public key cryptosystems. In this paper, a new blind identitybased signature scheme with message recovery based on bilinear pairings on elliptic curves is presented. The use of bilinear pairings over elliptic curves enables utilizing smaller key sizes, while achieving the same level of security compared to other schemes not utilizing elliptic curves. The scheme achieves computational savings compared to other schemes in literature. The correctness of the proposed scheme is validated and the proof of the blindness property is provided. Performance and other security related issues are also addressed. I.
APES Anonymity and Privacy in Electronic Services Deliverable 3 Technologies overview FINAL VERSION
"... Anonymity and privacy have become important issues in the digital world. Various techniques that augment the level of anonymity are available, but their motivation and implementation is often based on an adhoc rationale, which makes it is hard to compare them. Moreover, reflecting upon and implemen ..."
Abstract
 Add to MetaCart
(Show Context)
Anonymity and privacy have become important issues in the digital world. Various techniques that augment the level of anonymity are available, but their motivation and implementation is often based on an adhoc rationale, which makes it is hard to compare them. Moreover, reflecting upon and implementing improvements to the anonymity properties of a system is considerably complicated in this way. In order to improve this situation, we present the first step towards a more solid foundation for the analysis, design and implementation of anonymity technologies. Anonymity techniques are often composed of several subcomponents that are each responsible for a particular anonymity aspect. In this deliverable, we focus on these basic building blocks. In this way, we will increase the understanding in the exact execution of existing anonymity techniques and enable a more uniform evaluation process. In order to structure the description of basic building blocks, we first present a block taxonomy, which is mainly based on the distinction between
Secure IdentityBased Blind Signature Scheme in the Standard Model *
"... The only known construction of identitybased blind signature schemes that are secure in the standard model is based on the generic approach of attaching certificates to ordinary (i.e. nonidentitybased) blind signature schemes, and thus the identitybased blind signature schemes constructed using ..."
Abstract
 Add to MetaCart
The only known construction of identitybased blind signature schemes that are secure in the standard model is based on the generic approach of attaching certificates to ordinary (i.e. nonidentitybased) blind signature schemes, and thus the identitybased blind signature schemes constructed using this method are somewhat inefficient and have long signature size. In this paper, we present the first direct construction of an identitybased blind signature scheme based on Waters ’ recently proposed identitybased encryption scheme and PatersonSchuldt’s IDbased signature. Our identitybased blind signature scheme is communicationally efficient and only needs two data exchanges between the signer and the user, and the signatures are short. We prove that our scheme is concurrently secure in the standard model assuming that the computational DiffieHellman problem is hard.