Publications-Theses
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 可撤回簽章的通用結構
The Generic Construction of Withdrawable Signature作者 張智翔
Chang, Chih-Hsiang貢獻者 曾一凡
Tseng, Yi-Fan
張智翔
Chang, Chih-Hsiang關鍵詞 可撤回簽章
通用構造
指定驗證者簽章(UDVS)
Withdrawabe signature
generic scheme
udvs日期 2025 上傳時間 1-Sep-2025 16:57:40 (UTC+8) 摘要 數位簽章是確保訊息的真實性、完整性與不可否認性的基礎密碼學工具。然 而,傳統的簽章機制具有不可更改的特性,並未提供簽章者撤回已簽署訊息的 機制,這在某些應用場景中降低了其靈活性。本研究探討「可撤回簽章(Withdrawable Signatures, WS)」這一新型態的簽章機制,允許簽章者在不洩漏私鑰、也不影響其他簽章安全性的情況下撤回簽章。其核心特性為「可撤回性(withdrawability)」,此性質可確保驗證者無法確定簽章者是否曾對特定訊息簽署,有助於實現可控的模糊性。 本研究的主要貢獻為提出一套通用的可撤回簽章構造方法,該構造可靈活地根據不同的底層密碼假設加以實現。我們證明所提出的方案同時滿足不可偽造性與可撤回性,確保其具備強健的安全保證。此通用架構為可撤回簽章在去中心化系統中的應用奠定了堅實基礎,例如電子投票、區塊鏈智慧合約與第三方託管服務等情境中,常常需要具備條件式與可撤回的承諾。
Digital signatures are a fundamental cryptographic tool for ensuring the authenticity, integrity, and non-repudiation of messages. However, traditional signature schemes are immutable by design, offering no mechanism for signers to retract previously issued signa-tures. This limitation reduces their flexibility in certain application scenarios. This study investigates Withdrawable Signatures (WS)—a novel type of signature that allows a signer to withdraw a signature without revealing their private key or compromising the security of other signatures. The core property of such schemes is withdrawability, which ensures that a verifier cannot determine whether a signer has actually signed a specific message, enabling a controllable level of ambiguity. The primary contribution of this work is the proposal of a generic construction for withdrawable signatures, which can be flexibly instantiated over different underlying cryp-tographic assumptions. The resulting schemes are proven to satisfy both unforgeability and withdrawability, ensuring robust security guarantees. This generic approach lays a solid foundation for the broader adoption of WS in decentralized systems such as e-voting, blockchain-based smart contracts, and escrow services, where conditional and revocable commitments are often required.參考文獻 [BBD09] D. J. Bernstein, J. Buchmann, and E. Dahmen, “Post-quantum signatures,” in PQCrypto 2009, Springer, 2009, pp. 1–14 (cit. p. 3). [BBD17] D. J. Bernstein, J. Buchmann, and E. Dahmen, Post-Quantum Cryptography. Springer, 2017 (cit. p. 8). [BHH+15] D. J. Bernstein, D. Hopwood, A. Hülsing, et al., “Sphincs: Practical stateless hash-based signatures,” in EUROCRYPT 2015, Springer, 2015, pp. 368–397 (cit. p. 3). [BKM05] A. Bender, J. Katz, and R. Morselli, Ring signatures: Stronger definitions, and constructions without random oracles, https://eprint.iacr.org/2005/304, IACR Cryptology ePrint Archive, 2005 (cit. p. 1). [BLS+22] M. Buser, J. K. Liu, R. Steinfeld, and A. Sakzad, Post-quantum id-based ring signatures from symmetric-key primitives, https : / / eprint . iacr . org /2022/416, IACR Cryptology ePrint Archive, 2022 (cit. p. 1). [CFS01] N. T. Courtois, M. Finiasz, and N. Sendrier, “How to achieve a mceliece-based digital signature scheme,” in ASIACRYPT 2001, Springer, 2001, pp. 157–174 (cit. p. 3). [Che+20] P. Cheng et al., Coinmagic: A differential privacy framework for ring signature schemes, https://arxiv.org/abs/2003.06826, arXiv preprint arXiv:2003.06826, 2020 (cit. p. 1). [Che12] L. Chen, Ring group signatures, https://eprint.iacr.org/2012/289, IACR Cryptology ePrint Archive, 2012 (cit. p. 1). [CY07] S. Chow and W. Yap, Certificateless ring signature, https://eprint.iacr.org/2007/236, IACR Cryptology ePrint Archive, 2007 (cit. p. 1). [DH76] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976 (cit. p. 1). [FS07] E. Fujisaki and K. Suzuki, “Traceable ring signature,” in ASIACRYPT 2007,ser. Lecture Notes in Computer Science, vol. 4833, Springer, 2007, pp. 181–200 (cit. p. 3). [GKC21] M. S. Garjan, N. G. O. Kılıç, and M. S. Cenk, Supersingular isogeny-based ring signature, https://eprint.iacr.org/2021/1318, IACR Cryptology ePrint Archive, 2021 (cit. p. 1). [HWX04] Q. Huang, D. S. Wong, and C. Xing, “Secure identity-based designated verifier signature schemes,” in ICICS 2004, Springer, 2004, pp. 294–307 (cit. p. 1). [JZT+24] Y. Ji, R. Zhang, Y. Tao, and B. Gao, “Designated confirmer threshold signature and its applications in blockchains,” Cybersecurity, vol. 1, p. 256, 2024 (cit. p. 4). [KKP+19] O. Kurbatov, P. Kravchenko, N. Poluyanenko, O. Shapoval, and T. Kuznetsova, “Using ring signatures for an anonymous e-voting system,” in 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT), IEEE, 2019, pp. 187–190 (cit. p. 3). [KL22] S. Krenn and T. Lorünser, “Single-use delegatable signatures based on smart contracts,” arXiv preprint arXiv:2210.02826, 2022 (cit. p. 4). [LBS25] X. Liu, J. Baek, and W. Susilo, “Withdrawable signature: How to call off a signature,” 2025 (cit. pp. 2, 5, 27). [LWW04] J. K. Liu, V. K. Wei, and D. S. Wong, “Linkable spontaneous anonymous group signature for ad hoc groups,” in ASIACCS 2004, ACM, 2004, pp. 325–335 (cit. p. 3). [Mar96] R. I. Markus Jakobsson Kazue Sako, “Designated verifier proofs and their applications,” in Advances in Cryptology – EUROCRYPT ’96, Springer, 1996, pp. 143–154 (cit. p. 1). [MPW+19] G. Maxwell, A. Poelstra, P. Wuille, and Y. Seurin, “Discreet log contracts,” MIT Digital Currency Initiative, Tech. Rep., 2019 (cit. p. 4). [Nat91] National Institute of Standards and Technology, “Digital signature standard (dss),” NIST, Tech. Rep., 1991, FIPS PUB 186 (cit. p. 2). [NIS] NIST, Nist post-quantum cryptography standardization - digital signature schemes, https://csrc.nist.gov/projects/post- quantum- cryptography/round-3-submissions, Accessed: 2025-05-29 (cit. pp. 2, 8). [Pei16] C. Peikert, “A decade of lattice cryptography,” Foundations and Trends in Theoretical Computer Science, vol. 10, no. 4, pp. 283–424, 2016 (cit. p. 3). [RSA78] R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978 (cit. pp. 1, 2). [RST01] R. L. Rivest, A. Shamir, and Y. Tauman, “How to leak a secret,” in International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2001, pp. 552–565 (cit. p. 1). [SBZ03] R. Steinfeld, L. Bull, and Y. Zheng, “Content extraction signatures,” in ICISC 2001, Springer, 2003, pp. 285–304 (cit. p. 1). [Sch91] C.-P. Schnorr, “Efficient identification and signatures for smart cards,” in CRYPTO ’89 Proceedings, 1991, pp. 239–252 (cit. pp. 1, 2). [Sho94] P. W. Shor, “Algorithms for quantum computation: Discrete logarithms and factoring,” in Proceedings of the 35th Annual Symposium on Foundations of Computer Science, IEEE, 1994, pp. 124–134 (cit. p. 8). [SKM03] S. Saeednia, S. Kremer, and O. Markowitch, “An efficient strong designated verifier signature scheme,” Information Processing Letters, vol. 86, no. 6, pp. 323–327, 2003 (cit. p. 2). [Var23] Various, “Secure ring signature scheme for privacy-preserving blockchain,” Entropy, vol. 25, no. 9, p. 1334, 2023 (cit. p. 1). [WS22] I. Weber and M. Staples, “Programmable money: Next-generation blockchain-based conditional payments,” Journal of Blockchain Research, 2022 (cit. p. 4). [WZ14] S. Wang and R. Zhao, Lattice-based ring signature scheme under the random oracle model, https://arxiv.org/abs/1405.3177, arXiv preprint arXiv:1405.3177, 2014 (cit. p. 1). [ZDZ+18] L. Zhou, J. Dai, Z. Zheng, and S. Xu, “Blockchain-based smart contracts - applications and challenges,” arXiv preprint arXiv:1810.04699, 2018 (cit. p. 4). [ZLC+21] L. Zhu, Q. Li, Z. Cao, X. Chen, and W. Xie, “An efficient ring signature scheme with improved anonymity and unforgeability,” Computers & Security, 2021, doi:10.1016/j.cose.2021.102401 (cit. p. 3). 描述 碩士
國立政治大學
資訊科學系
112753128資料來源 http://thesis.lib.nccu.edu.tw/record/#G0112753128 資料類型 thesis dc.contributor.advisor 曾一凡 zh_TW dc.contributor.advisor Tseng, Yi-Fan en_US dc.contributor.author (Authors) 張智翔 zh_TW dc.contributor.author (Authors) Chang, Chih-Hsiang en_US dc.creator (作者) 張智翔 zh_TW dc.creator (作者) Chang, Chih-Hsiang en_US dc.date (日期) 2025 en_US dc.date.accessioned 1-Sep-2025 16:57:40 (UTC+8) - dc.date.available 1-Sep-2025 16:57:40 (UTC+8) - dc.date.issued (上傳時間) 1-Sep-2025 16:57:40 (UTC+8) - dc.identifier (Other Identifiers) G0112753128 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/159415 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系 zh_TW dc.description (描述) 112753128 zh_TW dc.description.abstract (摘要) 數位簽章是確保訊息的真實性、完整性與不可否認性的基礎密碼學工具。然 而,傳統的簽章機制具有不可更改的特性,並未提供簽章者撤回已簽署訊息的 機制,這在某些應用場景中降低了其靈活性。本研究探討「可撤回簽章(Withdrawable Signatures, WS)」這一新型態的簽章機制,允許簽章者在不洩漏私鑰、也不影響其他簽章安全性的情況下撤回簽章。其核心特性為「可撤回性(withdrawability)」,此性質可確保驗證者無法確定簽章者是否曾對特定訊息簽署,有助於實現可控的模糊性。 本研究的主要貢獻為提出一套通用的可撤回簽章構造方法,該構造可靈活地根據不同的底層密碼假設加以實現。我們證明所提出的方案同時滿足不可偽造性與可撤回性,確保其具備強健的安全保證。此通用架構為可撤回簽章在去中心化系統中的應用奠定了堅實基礎,例如電子投票、區塊鏈智慧合約與第三方託管服務等情境中,常常需要具備條件式與可撤回的承諾。 zh_TW dc.description.abstract (摘要) Digital signatures are a fundamental cryptographic tool for ensuring the authenticity, integrity, and non-repudiation of messages. However, traditional signature schemes are immutable by design, offering no mechanism for signers to retract previously issued signa-tures. This limitation reduces their flexibility in certain application scenarios. This study investigates Withdrawable Signatures (WS)—a novel type of signature that allows a signer to withdraw a signature without revealing their private key or compromising the security of other signatures. The core property of such schemes is withdrawability, which ensures that a verifier cannot determine whether a signer has actually signed a specific message, enabling a controllable level of ambiguity. The primary contribution of this work is the proposal of a generic construction for withdrawable signatures, which can be flexibly instantiated over different underlying cryp-tographic assumptions. The resulting schemes are proven to satisfy both unforgeability and withdrawability, ensuring robust security guarantees. This generic approach lays a solid foundation for the broader adoption of WS in decentralized systems such as e-voting, blockchain-based smart contracts, and escrow services, where conditional and revocable commitments are often required. en_US dc.description.tableofcontents 致謝 i 摘要 iii Abstract v Contents vii List of Figures ix List of Tables xi List of Definitions xiii List of Theorems xv List of Abbreviations xvii List of Notations xix 1 Introduction 1 1.1 Research Background 1 1.2 Application 3 1.3 Related Work 5 1.4 Contributions 7 2 Preliminaries 9 2.1 Notation and Terminology 9 2.2 The Formal Definition of Withdrawable Signature 12 2.3 Security Notions of Withdrawable Signature 13 3 Construction 17 3.1 The generic construction scheme 17 4 Security analysis 23 4.1 Unforgeability under Insider Corruption 23 4.2 Withdrawability 25 5 Conclusion 27 Bibliography 29 zh_TW dc.format.extent 644287 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0112753128 en_US dc.subject (關鍵詞) 可撤回簽章 zh_TW dc.subject (關鍵詞) 通用構造 zh_TW dc.subject (關鍵詞) 指定驗證者簽章(UDVS) zh_TW dc.subject (關鍵詞) Withdrawabe signature en_US dc.subject (關鍵詞) generic scheme en_US dc.subject (關鍵詞) udvs en_US dc.title (題名) 可撤回簽章的通用結構 zh_TW dc.title (題名) The Generic Construction of Withdrawable Signature en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [BBD09] D. J. Bernstein, J. Buchmann, and E. Dahmen, “Post-quantum signatures,” in PQCrypto 2009, Springer, 2009, pp. 1–14 (cit. p. 3). [BBD17] D. J. Bernstein, J. Buchmann, and E. Dahmen, Post-Quantum Cryptography. Springer, 2017 (cit. p. 8). [BHH+15] D. J. Bernstein, D. Hopwood, A. Hülsing, et al., “Sphincs: Practical stateless hash-based signatures,” in EUROCRYPT 2015, Springer, 2015, pp. 368–397 (cit. p. 3). [BKM05] A. Bender, J. Katz, and R. Morselli, Ring signatures: Stronger definitions, and constructions without random oracles, https://eprint.iacr.org/2005/304, IACR Cryptology ePrint Archive, 2005 (cit. p. 1). [BLS+22] M. Buser, J. K. Liu, R. Steinfeld, and A. Sakzad, Post-quantum id-based ring signatures from symmetric-key primitives, https : / / eprint . iacr . org /2022/416, IACR Cryptology ePrint Archive, 2022 (cit. p. 1). [CFS01] N. T. Courtois, M. Finiasz, and N. Sendrier, “How to achieve a mceliece-based digital signature scheme,” in ASIACRYPT 2001, Springer, 2001, pp. 157–174 (cit. p. 3). [Che+20] P. Cheng et al., Coinmagic: A differential privacy framework for ring signature schemes, https://arxiv.org/abs/2003.06826, arXiv preprint arXiv:2003.06826, 2020 (cit. p. 1). [Che12] L. Chen, Ring group signatures, https://eprint.iacr.org/2012/289, IACR Cryptology ePrint Archive, 2012 (cit. p. 1). [CY07] S. Chow and W. Yap, Certificateless ring signature, https://eprint.iacr.org/2007/236, IACR Cryptology ePrint Archive, 2007 (cit. p. 1). [DH76] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976 (cit. p. 1). [FS07] E. Fujisaki and K. Suzuki, “Traceable ring signature,” in ASIACRYPT 2007,ser. Lecture Notes in Computer Science, vol. 4833, Springer, 2007, pp. 181–200 (cit. p. 3). [GKC21] M. S. Garjan, N. G. O. Kılıç, and M. S. Cenk, Supersingular isogeny-based ring signature, https://eprint.iacr.org/2021/1318, IACR Cryptology ePrint Archive, 2021 (cit. p. 1). [HWX04] Q. Huang, D. S. Wong, and C. Xing, “Secure identity-based designated verifier signature schemes,” in ICICS 2004, Springer, 2004, pp. 294–307 (cit. p. 1). [JZT+24] Y. Ji, R. Zhang, Y. Tao, and B. Gao, “Designated confirmer threshold signature and its applications in blockchains,” Cybersecurity, vol. 1, p. 256, 2024 (cit. p. 4). [KKP+19] O. Kurbatov, P. Kravchenko, N. Poluyanenko, O. Shapoval, and T. Kuznetsova, “Using ring signatures for an anonymous e-voting system,” in 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT), IEEE, 2019, pp. 187–190 (cit. p. 3). [KL22] S. Krenn and T. Lorünser, “Single-use delegatable signatures based on smart contracts,” arXiv preprint arXiv:2210.02826, 2022 (cit. p. 4). [LBS25] X. Liu, J. Baek, and W. Susilo, “Withdrawable signature: How to call off a signature,” 2025 (cit. pp. 2, 5, 27). [LWW04] J. K. Liu, V. K. Wei, and D. S. Wong, “Linkable spontaneous anonymous group signature for ad hoc groups,” in ASIACCS 2004, ACM, 2004, pp. 325–335 (cit. p. 3). [Mar96] R. I. Markus Jakobsson Kazue Sako, “Designated verifier proofs and their applications,” in Advances in Cryptology – EUROCRYPT ’96, Springer, 1996, pp. 143–154 (cit. p. 1). [MPW+19] G. Maxwell, A. Poelstra, P. Wuille, and Y. Seurin, “Discreet log contracts,” MIT Digital Currency Initiative, Tech. Rep., 2019 (cit. p. 4). [Nat91] National Institute of Standards and Technology, “Digital signature standard (dss),” NIST, Tech. Rep., 1991, FIPS PUB 186 (cit. p. 2). [NIS] NIST, Nist post-quantum cryptography standardization - digital signature schemes, https://csrc.nist.gov/projects/post- quantum- cryptography/round-3-submissions, Accessed: 2025-05-29 (cit. pp. 2, 8). [Pei16] C. Peikert, “A decade of lattice cryptography,” Foundations and Trends in Theoretical Computer Science, vol. 10, no. 4, pp. 283–424, 2016 (cit. p. 3). [RSA78] R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978 (cit. pp. 1, 2). [RST01] R. L. Rivest, A. Shamir, and Y. Tauman, “How to leak a secret,” in International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2001, pp. 552–565 (cit. p. 1). [SBZ03] R. Steinfeld, L. Bull, and Y. Zheng, “Content extraction signatures,” in ICISC 2001, Springer, 2003, pp. 285–304 (cit. p. 1). [Sch91] C.-P. Schnorr, “Efficient identification and signatures for smart cards,” in CRYPTO ’89 Proceedings, 1991, pp. 239–252 (cit. pp. 1, 2). [Sho94] P. W. Shor, “Algorithms for quantum computation: Discrete logarithms and factoring,” in Proceedings of the 35th Annual Symposium on Foundations of Computer Science, IEEE, 1994, pp. 124–134 (cit. p. 8). [SKM03] S. Saeednia, S. Kremer, and O. Markowitch, “An efficient strong designated verifier signature scheme,” Information Processing Letters, vol. 86, no. 6, pp. 323–327, 2003 (cit. p. 2). [Var23] Various, “Secure ring signature scheme for privacy-preserving blockchain,” Entropy, vol. 25, no. 9, p. 1334, 2023 (cit. p. 1). [WS22] I. Weber and M. Staples, “Programmable money: Next-generation blockchain-based conditional payments,” Journal of Blockchain Research, 2022 (cit. p. 4). [WZ14] S. Wang and R. Zhao, Lattice-based ring signature scheme under the random oracle model, https://arxiv.org/abs/1405.3177, arXiv preprint arXiv:1405.3177, 2014 (cit. p. 1). [ZDZ+18] L. Zhou, J. Dai, Z. Zheng, and S. Xu, “Blockchain-based smart contracts - applications and challenges,” arXiv preprint arXiv:1810.04699, 2018 (cit. p. 4). [ZLC+21] L. Zhu, Q. Li, Z. Cao, X. Chen, and W. Xie, “An efficient ring signature scheme with improved anonymity and unforgeability,” Computers & Security, 2021, doi:10.1016/j.cose.2021.102401 (cit. p. 3). zh_TW
