Group Signature And Its Special Group Signature Scheme

In this dissertation, we mainly research on some group signatures and special group signatures, such as group signature, (t,n) threshold signature, multisignature for specified group of verifiers, authenticated encryption scheme and threshold proxy signature etc. In this research field, the research works of the author is as follows:1. We propose a new attack called secret key substitution attack, and show that Laih - Yen's multisignature scheme for specified group of verifiers, Tseng et al. and Chang et al.'s authenticated encryption schemes with message recovery using self-certified public keys, Ma-Chen's authenticated encryption schemes with public verifiability cannot resist the secret key substitution attack. To overcome the secret key substitution attack, we present the improvement schemes, respectively.In some applications, the variant of secret key substitution attack is that the specified group of verifiers can impersonate the original signer to sign any message to the third party, and the third party can allege that the original signer signs the signature, and the original signer cannot deny it It is efficient for the secret key substitution attack on many threshold shared verification schemes and authenticated encryption schemes.2. We show that Chen- Zhu's group signature scheme is universally forgeable, that is, the group authority can forge a valid group signature on an arbitrary message, which stands in any group member without being detected, and the group member who were impersonated has no way to deny. If there is a dispute later, compared with exist forgery attack on group signatures that the forger's identifier cannot be traced, the merit of our attack is that the identifier of the group member who were impersonated can be traced.A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member;and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations. Through comparison of our scheme and Ateniese et al.'s scheme, we conclude that ours reduced computational cost and signature size.3. A conspiracy attack is proposed to show that Wang-Li's, Jan et al.'s and Gan's (t,n) threshold signature scheme withstanding the conspiracy attack are insecure, respectively. Any set of the group can impersonate another set of members to sign any message without holding the responsibility, and all the members who were impersonated have no way to deny the signature. On the other hand, we demonstrate that Wang et al.'s threshold signature scheme is universally forgeable by attacking their signature verification equation. An adversary can forge a valid threshold signature for any message, their scheme cannot fulfill the claimed security requirements. To overcome the weakness, we present an improvement thresholdsignature schemes, respectively.In most of the threshold group signature scheme, the group has their designed clerk. A new (t, ri) threshold group signature scheme with tractability based on designated clerk is proposed. The main merits are that the verification of the group signature is efficient, it need not to renew the members' shadows when the system renewed, and all members can reuse their shadows. In addition, any / members cannot impersonate another set of group members to sign any message.On the other hand, because there are tightly co-related between secret sharing and threshold group signature, we propose a secure and efficient (t, ri) multisecret sharing authenticating scheme based on double shadow, and design a new type of secret sharing scheme called block secret sharing scheme, in which any t subgroup shares one shadow, and the sum of all of the shadows is the group secret, therefore, any t or more group members cannot cooperate to reveal the group secret key with high probability. Additional, a secure (t, ri) threshold group signature scheme with traceable signers based on block secret sharing scheme is proposed.4. We demonstrate that the public key substitution attack on Sun et al.'s threshold proxy signature scheme proposed by Li-Cao is wrong.On the other hand, we show that the improvement scheme of Hwang et al.'s nonrepudiable threshold proxy signature scheme with known signers proposed by Tzeng et al. is also vulnerable to the forgery attack;and the improvement scheme of Hsu et al.'s nonrepudiable threshold proxy signature scheme with known signers proposed by Yang et al. cannot resist the forgery attack, warrant substitution attack and public key substitution attack;and a nonrepudiable threshold multi-proxy multisignature scheme with shared verification proposed by Tzeng et al. might violate the properties of threshold shared verification and unforgeability. To defeat the weaknesses, we propose an improvement schemes, respectively.