學術產出-Theses
Article View/Open
Publication Export
-
題名 新式具欺騙者偵測之不可否認(t,n)-門檻策略簽章
A Novel Undeniable (t, n)-Threshold Signature with Cheater Identification作者 林彥賓
Lin, Yan-Bin貢獻者 曾一凡
Tseng, Yi-Fan
林彥賓
Lin, Yan-Bin關鍵詞 (t, n)-門檻策略
不可否認簽章
欺騙者偵測
零知識證明
(t, n)-threshold
Undeniable signature
Cheater identification
Zero knowledge proof日期 2022 上傳時間 1-Jul-2022 16:21:09 (UTC+8) 摘要 (t, n)-門檻策略簽章中,n人的群組中只要有t人參與,即可順利簽章,不可否認的特性讓群組來決定誰可以驗證此簽章的合法性,但此方案在交互過程中出錯一般都無法找出是t個人中的誰蓄意破壞,此論文有以下貢獻:• 展示如何欺騙過 TzuohYi Lin 與 TzongChen Wu 的具欺騙者偵測的 (t, n)-門檻策略不可否認簽章方法而不被偵測• 第一個證明滿足不可偽造與隱密性的 (t, n)-門檻策略不可否認簽章方案• 方案出錯時,可以偵測出欺騙者• 不須任何可信任第三方或安全密碼模型
(t, n)-threshold signature, as long as t people in the group of n people participate, the signature can be smoothly signed. The undeniable feature allows the group to determine who can verify the validity of the signature. In the processof interaction, if the program makes mistakes, it is generally impossible to find out who among the t people deliberately sabotaged. This paper has the followingcontributions:• Demonstrate how to deceive TzuohYi Lin and TzongChen Wu’s undeniable (t, n)-threshold signature with cheater identification without being detected• The first undeniable (t, n)-threshold signature that proves it meets unforgeability and invisibility• The cheater can be detected when the proposol scheme goes wrong• Does not require any trusted third party or secure cryptographic mode參考文獻 [1] David Chaum. 1990. Zeroknowledge undeniable signatures. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 458–464.[2] David Chaum and Torben Pryds Pedersen. 1992. Wallet databases with observers. In Annual international cryptology conference. Springer, 89–105.[3] David Chaum and Hans Van Antwerpen. 1989. Undeniable signatures. In Conference on the Theory and Application of Cryptology. Springer, 212–216.[4] Giovanni Di Crescenzo, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. 2001. Efficient and noninteractive nonmalleable commitment. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 40–59.[5] Ivan Damgard and Jens Groth. 2003. Noninteractive and reusable nonmalleable commitment schemes. In Proceedings of the thirtyfifth annual ACM symposium on Theory of computing. 426–437.[6] Ivan Damgård and Torben Pedersen. 1996. New convertible undeniable signature schemes.In International Conference on the Theory and Applications of Cryptographic Techniques.Springer, 372–386.[7] Yvo G Desmedt. 1994. Threshold cryptography. European Transactions on Telecommunications 5, 4 (1994), 449–458.[8] Giovanni Di Crescenzo, Yuval Ishai, and Rafail Ostrovsky. 1998. Noninteractive and nonmalleable commitment. In Proceedings of the thirtieth annual ACM symposium on Theory of computing. 141–150. [9] Danny Dolev, Cynthia Dwork, and Moni Naor. 2003. Nonmalleable cryptography. SIAM review 45, 4 (2003), 727–784.[10] Shanshan Duan. 2008. Certificateless undeniable signature scheme. Information Sciences 178, 3 (2008), 742–755.[11] Paul Feldman. 1987. A practical scheme for noninteractive verifiable secret sharing. In 28th Annual Symposium on Foundations of Computer Science (sfcs 1987). IEEE, 427–438.[12] Steven D Galbraith and Wenbo Mao. 2003. Invisibility and anonymity of undeniable and confirmer signatures. In Cryptographers’Track at the RSA Conference. Springer, 80–97.[13] Rosario Gennaro. 2004. Multitrapdoor commitments and their applications to proofs of knowledge secure under concurrent maninthemiddle attacks. In Annual International Cryptology Conference. Springer, 220–236.[14] Lein Harn and Shoubao Yang. 1992. Grouporiented undeniable signature schemes without the assistance of a mutually trusted party. In International Workshop on the Theory and Application of Cryptographic Techniques. Springer, 133–142.[15] ShinJia Hwang, HaoChih Liao, et al. 2006. A GroupOriented Undeniable Signature Scheme for Unlikely Signers and Verifiers. Journal of Applied Science and Engineering 9, 1 (2006), 45–54.[16] Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. 2014. Secure multiparty computation with identifiable abort. In Annual Cryptology Conference. Springer, 369–386.[17] Markus Jakobsson, Kazue Sako, and Russell Impagliazzo. 1996. Designated verifier proofs and their applications. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 143–154.[18] Kaoru Kurosawa and Jun Furukawa. 2008. Universally composable undeniable signature.In International Colloquium on Automata, Languages, and Programming. Springer, 524– 535.[19] Kaoru Kurosawa and SweeHuay Heng. 2005. 3move undeniable signature scheme.In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 181–197. [20] NY Lee and Tzonelih Hwang. 1999. Grouporiented undeniable signature schemes with a trusted center. Computer Communications 22, 8 (1999), 730–734.[21] Yong Li, Willy Susilo, Yi Mu, and Dingyi Pei. 2007. Designated verifier signature: definition, framework and new constructions. In International Conference on Ubiquitous Intelligence and Computing. Springer, 1191–1200.[22] ChuHsing Lin, ChingTe Wang, and ChinChen Chang. 1996. A grouporiented (t, n) undeniable signature scheme without trusted center. In Australasian Conference on Information Security and Privacy. Springer, 266–274.[23] TzuohYi Lin and TzongChen Wu. 1998. Undeniable (t, n)threshold signature scheme with cheater identification. Journal of the Chinese Institute of Engineers 21, 6 (1998), 775–780.[24] YanBin Lin and YiFan Tsengg. 2021. Cryptanalysis on Lin and Wu’s Undeniable (t, n) Threshold Signature Scheme with Cheater Identification. In 2021 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS). IEEE, 1–2.[25] Helger Lipmaa, Guilin Wang, and Feng Bao. 2005. Designated verifier signature schemes: Attacks, new security notions and a new construction. In International Colloquium on Automata, Languages, and Programming. Springer, 459–471.[26] Yu Liu and Tong Liu. 2019. A novel threshold signature scheme based on elliptic curve with designated verifier. In International Conference on Artificial Intelligence and Security. Springer, 332–342.[27] Philip MacKenzie and Ke Yang. 2004. On simulationsound trapdoor commitments. In International Conference on the Theory and Applications of Cryptographic Techniques.Springer, 382–400.[28] Markus Michels and Markus Stadler. 1997. Efficient convertible undeniable signature schemes. In Proc. of 4th annual workshop on selected areas in cryptography (SAC’97).231–244. [29] Wakaha Ogata, Kaoru Kurosawa, and SweeHuay Heng. 2005. The security of the FDH variant of Chaum’s undeniable signature scheme. In International Workshop on Public Key Cryptography. Springer, 328–345.[30] David Pointcheval and Jacques Stern. 1996. Security proofs for signature schemes. In International Conference on the Theory and Applications of Cryptographic Techniques.Springer, 387–398.[31] Swati Rawal, Sahadeo Padhye, and Debiao He. 2022. Latticebased undeniable signature scheme. Annals of Telecommunications (2022), 1–8.[32] Shahrokh Saeednia, Steve Kremer, and Olivier Markowitch. 2003. An efficient strong designated verifier signature scheme. In International conference on information security and cryptology. Springer, 40–54.[33] Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612–613.[34] Victor Shoup. 2000. Practical threshold signatures. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 207–220.[35] Ron Steinfeld, Laurence Bull, Huaxiong Wang, and Josef Pieprzyk. 2003. Universal designatedverifier signatures. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 523–542.[36] Guilin Wang, Sihan Qing, Mingsheng Wang, and Zhanfei Zhou. 2001. Threshold undeniable RSA signature scheme. In International Conference on Information and Communications Security. Springer, 221–232.[37] Guilin Wang and Sihan Qing. 2002. A threshold undeniable signature scheme without a trusted party. Journal of Software 13, 9 (2002), 1758–1764. 描述 碩士
國立政治大學
資訊科學系
109753111資料來源 http://thesis.lib.nccu.edu.tw/record/#G0109753111 資料類型 thesis dc.contributor.advisor 曾一凡 zh_TW dc.contributor.advisor Tseng, Yi-Fan en_US dc.contributor.author (Authors) 林彥賓 zh_TW dc.contributor.author (Authors) Lin, Yan-Bin en_US dc.creator (作者) 林彥賓 zh_TW dc.creator (作者) Lin, Yan-Bin en_US dc.date (日期) 2022 en_US dc.date.accessioned 1-Jul-2022 16:21:09 (UTC+8) - dc.date.available 1-Jul-2022 16:21:09 (UTC+8) - dc.date.issued (上傳時間) 1-Jul-2022 16:21:09 (UTC+8) - dc.identifier (Other Identifiers) G0109753111 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/140661 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系 zh_TW dc.description (描述) 109753111 zh_TW dc.description.abstract (摘要) (t, n)-門檻策略簽章中,n人的群組中只要有t人參與,即可順利簽章,不可否認的特性讓群組來決定誰可以驗證此簽章的合法性,但此方案在交互過程中出錯一般都無法找出是t個人中的誰蓄意破壞,此論文有以下貢獻:• 展示如何欺騙過 TzuohYi Lin 與 TzongChen Wu 的具欺騙者偵測的 (t, n)-門檻策略不可否認簽章方法而不被偵測• 第一個證明滿足不可偽造與隱密性的 (t, n)-門檻策略不可否認簽章方案• 方案出錯時,可以偵測出欺騙者• 不須任何可信任第三方或安全密碼模型 zh_TW dc.description.abstract (摘要) (t, n)-threshold signature, as long as t people in the group of n people participate, the signature can be smoothly signed. The undeniable feature allows the group to determine who can verify the validity of the signature. In the processof interaction, if the program makes mistakes, it is generally impossible to find out who among the t people deliberately sabotaged. This paper has the followingcontributions:• Demonstrate how to deceive TzuohYi Lin and TzongChen Wu’s undeniable (t, n)-threshold signature with cheater identification without being detected• The first undeniable (t, n)-threshold signature that proves it meets unforgeability and invisibility• The cheater can be detected when the proposol scheme goes wrong• Does not require any trusted third party or secure cryptographic mode en_US dc.description.tableofcontents 致謝 i中文摘要 iiAbstract iii1 Introduction 11.1 Motivation 11.2 Contribution 31.3 Organization of the Paper 32 Preliminaries 42.1 NonMalleable Equivocable Commitments 52.2 Threshold Signatures 62.3 Feldman’s VSS Protocol 72.4 The FDH Variant of Chaum’s Undeniable Signature Scheme 72.5 Cheater Identification 82.6 Undeniable (t, n)Threshold Signature with Cheater Identification 83 Related Work 103.1 Lin and Wu’s undeniable (t, n)threshold signature scheme with cheater identification scheme 103.1.1 Detail of Lin and Wu’s scheme 103.1.2 Attack on Group Signature Generation Phase 133.2 Threshold Undeniable RSA Signature Scheme 143.2.1 Detail of Wang et al.’s scheme 143.3 A Threshold Undeniable Signature Scheme Without a Trusted Party 183.3.1 Detail of WANG and QING’s scheme 183.4 Grouporiented undeniable signature schemes with a trusted center 263.4.1 Detail of LeeHwang’s schemes 263.5 A GroupOriented Undeniable Signature Scheme for Unlikely Signers and Verifiers 283.5.1 Detail of LeeHwang’s schemes 283.6 A Novel Threshold Signature Scheme Based on Elliptic Curve with Designated Verifier 323.6.1 Detail of Yu Liu and Tong Liu’s scheme 324 The Proposal Scheme 355 Security Proof 395.0.1 Unforgeability 405.0.2 Invisibility 436 Comparison and Analysis 476.1 Security Properties 476.2 Computational complexity 487 Future Work and Conclusions 507.1 Future Work 507.2 Conclusions 50References 51 zh_TW dc.format.extent 1287226 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0109753111 en_US dc.subject (關鍵詞) (t, n)-門檻策略 zh_TW dc.subject (關鍵詞) 不可否認簽章 zh_TW dc.subject (關鍵詞) 欺騙者偵測 zh_TW dc.subject (關鍵詞) 零知識證明 zh_TW dc.subject (關鍵詞) (t, n)-threshold en_US dc.subject (關鍵詞) Undeniable signature en_US dc.subject (關鍵詞) Cheater identification en_US dc.subject (關鍵詞) Zero knowledge proof en_US dc.title (題名) 新式具欺騙者偵測之不可否認(t,n)-門檻策略簽章 zh_TW dc.title (題名) A Novel Undeniable (t, n)-Threshold Signature with Cheater Identification en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] David Chaum. 1990. Zeroknowledge undeniable signatures. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 458–464.[2] David Chaum and Torben Pryds Pedersen. 1992. Wallet databases with observers. In Annual international cryptology conference. Springer, 89–105.[3] David Chaum and Hans Van Antwerpen. 1989. Undeniable signatures. In Conference on the Theory and Application of Cryptology. Springer, 212–216.[4] Giovanni Di Crescenzo, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. 2001. Efficient and noninteractive nonmalleable commitment. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 40–59.[5] Ivan Damgard and Jens Groth. 2003. Noninteractive and reusable nonmalleable commitment schemes. In Proceedings of the thirtyfifth annual ACM symposium on Theory of computing. 426–437.[6] Ivan Damgård and Torben Pedersen. 1996. New convertible undeniable signature schemes.In International Conference on the Theory and Applications of Cryptographic Techniques.Springer, 372–386.[7] Yvo G Desmedt. 1994. Threshold cryptography. European Transactions on Telecommunications 5, 4 (1994), 449–458.[8] Giovanni Di Crescenzo, Yuval Ishai, and Rafail Ostrovsky. 1998. Noninteractive and nonmalleable commitment. In Proceedings of the thirtieth annual ACM symposium on Theory of computing. 141–150. [9] Danny Dolev, Cynthia Dwork, and Moni Naor. 2003. Nonmalleable cryptography. SIAM review 45, 4 (2003), 727–784.[10] Shanshan Duan. 2008. Certificateless undeniable signature scheme. Information Sciences 178, 3 (2008), 742–755.[11] Paul Feldman. 1987. A practical scheme for noninteractive verifiable secret sharing. In 28th Annual Symposium on Foundations of Computer Science (sfcs 1987). IEEE, 427–438.[12] Steven D Galbraith and Wenbo Mao. 2003. Invisibility and anonymity of undeniable and confirmer signatures. In Cryptographers’Track at the RSA Conference. Springer, 80–97.[13] Rosario Gennaro. 2004. Multitrapdoor commitments and their applications to proofs of knowledge secure under concurrent maninthemiddle attacks. In Annual International Cryptology Conference. Springer, 220–236.[14] Lein Harn and Shoubao Yang. 1992. Grouporiented undeniable signature schemes without the assistance of a mutually trusted party. In International Workshop on the Theory and Application of Cryptographic Techniques. Springer, 133–142.[15] ShinJia Hwang, HaoChih Liao, et al. 2006. A GroupOriented Undeniable Signature Scheme for Unlikely Signers and Verifiers. Journal of Applied Science and Engineering 9, 1 (2006), 45–54.[16] Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. 2014. Secure multiparty computation with identifiable abort. In Annual Cryptology Conference. Springer, 369–386.[17] Markus Jakobsson, Kazue Sako, and Russell Impagliazzo. 1996. Designated verifier proofs and their applications. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 143–154.[18] Kaoru Kurosawa and Jun Furukawa. 2008. Universally composable undeniable signature.In International Colloquium on Automata, Languages, and Programming. Springer, 524– 535.[19] Kaoru Kurosawa and SweeHuay Heng. 2005. 3move undeniable signature scheme.In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 181–197. [20] NY Lee and Tzonelih Hwang. 1999. Grouporiented undeniable signature schemes with a trusted center. Computer Communications 22, 8 (1999), 730–734.[21] Yong Li, Willy Susilo, Yi Mu, and Dingyi Pei. 2007. Designated verifier signature: definition, framework and new constructions. In International Conference on Ubiquitous Intelligence and Computing. Springer, 1191–1200.[22] ChuHsing Lin, ChingTe Wang, and ChinChen Chang. 1996. A grouporiented (t, n) undeniable signature scheme without trusted center. In Australasian Conference on Information Security and Privacy. Springer, 266–274.[23] TzuohYi Lin and TzongChen Wu. 1998. Undeniable (t, n)threshold signature scheme with cheater identification. Journal of the Chinese Institute of Engineers 21, 6 (1998), 775–780.[24] YanBin Lin and YiFan Tsengg. 2021. Cryptanalysis on Lin and Wu’s Undeniable (t, n) Threshold Signature Scheme with Cheater Identification. In 2021 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS). IEEE, 1–2.[25] Helger Lipmaa, Guilin Wang, and Feng Bao. 2005. Designated verifier signature schemes: Attacks, new security notions and a new construction. In International Colloquium on Automata, Languages, and Programming. Springer, 459–471.[26] Yu Liu and Tong Liu. 2019. A novel threshold signature scheme based on elliptic curve with designated verifier. In International Conference on Artificial Intelligence and Security. Springer, 332–342.[27] Philip MacKenzie and Ke Yang. 2004. On simulationsound trapdoor commitments. In International Conference on the Theory and Applications of Cryptographic Techniques.Springer, 382–400.[28] Markus Michels and Markus Stadler. 1997. Efficient convertible undeniable signature schemes. In Proc. of 4th annual workshop on selected areas in cryptography (SAC’97).231–244. [29] Wakaha Ogata, Kaoru Kurosawa, and SweeHuay Heng. 2005. The security of the FDH variant of Chaum’s undeniable signature scheme. In International Workshop on Public Key Cryptography. Springer, 328–345.[30] David Pointcheval and Jacques Stern. 1996. Security proofs for signature schemes. In International Conference on the Theory and Applications of Cryptographic Techniques.Springer, 387–398.[31] Swati Rawal, Sahadeo Padhye, and Debiao He. 2022. Latticebased undeniable signature scheme. Annals of Telecommunications (2022), 1–8.[32] Shahrokh Saeednia, Steve Kremer, and Olivier Markowitch. 2003. An efficient strong designated verifier signature scheme. In International conference on information security and cryptology. Springer, 40–54.[33] Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612–613.[34] Victor Shoup. 2000. Practical threshold signatures. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 207–220.[35] Ron Steinfeld, Laurence Bull, Huaxiong Wang, and Josef Pieprzyk. 2003. Universal designatedverifier signatures. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 523–542.[36] Guilin Wang, Sihan Qing, Mingsheng Wang, and Zhanfei Zhou. 2001. Threshold undeniable RSA signature scheme. In International Conference on Information and Communications Security. Springer, 221–232.[37] Guilin Wang and Sihan Qing. 2002. A threshold undeniable signature scheme without a trusted party. Journal of Software 13, 9 (2002), 1758–1764. zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202200498 en_US