Study On Group-Oriented Digital Signature Schemes And Their Applications

In this thesis, we mainly start extensive discussions on performance, secure analysis and design of some group-oriented digital signature schemes and get some results in proxy signatures, concurrent signatures and RFID grouping-proof protocols.The concept of the proxy signature scheme was first introduced by Mambo et al. in 1996, which allows the original signer delegates her/his signing capability to a designated person, called a proxy signer. The proxy signer could stand proxy for the original signer to generate signatures. Following the development of the proxy signature scheme, the threshold proxy signature scheme was also widely studied recently. A (t, n) threshold proxy signature scheme allows at least t proxy signers of a proxy group to sign messages on behalf of the original signer. Since there is no efficient means for anonymous threshold proxy signature to withstand the conspiracy attack during long time, Hwang et al. proposed a secure non-repudiable threshold proxy signature scheme with known signers (called as HLL scheme). In 2004 Tzeng et al. showed a forge attack against HLL scheme and proposed an improvement scheme to remedy HLL scheme. Unfortunately, Tzeng et al.’s scheme did not work, so we provide modifications to the HLL scheme, and prove that the new scheme can withstand the frame attack. Then, we construct a novel threshold proxy signature scheme, which can resist the well-known attacks, such as frame attack, public-key substitute attack, warrant attack and collusion attack. In addition, our scheme reduces large amounts of computations and communications when compared to existing threshold proxy signature schemes based on discrete logarithms.Those proxy schemes mentioned above only consider the group-oriented case that the proxy agent is a group. Moreover, in some group-oriented applications, a group consisting of n original signers wants to authorize a proxy group consisting of m proxy signers. In order to provide the fair protection for the original and proxy groups, Hwang et al. proposed a new (t, n) threshold-proxy (c, m) threshold-signature scheme in 2005, in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then only c or more proxy signers can cooperatively generate threshold-proxy threshold-signatures. Then, Tang et al. and Han et al. made a security analysis of it and gave their improvements. However, in this thesis we point out that not only Hwang et al.’s scheme but also Tang et al.’s and Han et al.’s are vulnerable to collusion attack and public-key substitute attack. At the end, we give our improved scheme, which can resist the mentioned attacks.Electronic commerce has played an important role in global economic activity. Fair exchange protocols can guarantee the fairness and efficiency in exchange, which can ensure that two parties can not take any advantage in any stage of the whole exchange course, and the last result of the exchange is both parties getting the data or service of opposing parties, or neither party getting the opposing parties’ ones. We mainly focus attention on fair exchange protocol without trusted third party (TTP), and investigate perfect concurrent signatures in depth. A concurrent signature protocol allows two entities to produce two signatures in such a way that the signer of each signature is ambiguous from any third party’s point of view until the release of a secret param, known as the keystone. Once the keystone is released, both signatures become binding to their respective signers concurrently. In this thesis we get two results.1. We point out that the perfect concurrent signature protocol proposed by Huang et al. is unsafe. Both the participants A and B can forge the concurrent signature of both parties, and construct a signature of any message after completing the protocol. In order to fix these problems, we propose an improved protocol and prove its security.2. We review a fair ID_based concurrent signature scheme proposed by Huang et al. And then, we present a forgery attack of their scheme by showing that the initial signer can forge a valid concurrent signature of the matching signer. Finally we propose an improved scheme to fix our attack.A grouping-proof is evidence that two or more RFID tags are scanned simultaneously by a reader within its broadcast range. During a grouping-proof protocol execution, the verifier can be in two different modes:online or offline. In the first mode the verifier can send and receive messages from specific tags (via the reader) throughout the protocol execution. In contrast, in offline mode the verifier can only broadcast challenges to the reader. A typical application of the grouping-proof protocol is to scan tags that are supposed to stay together. For example, RFID tags attached on different parts of a car should be located near each other. Recently, more and more scholars paid attention to this topic and proposed their grouping-proof protocols. However, most of the proposals were analyzed and proved to be insecure.In recent years, with the rapid development of the Internet of Things, provable secure RFID protocol is becoming a hot topic. However, as far as we know, the research of grouping-proof protocols in the IOT is still relatively few. So, it is important to design a RFID grouping-proof protocol of security and high efficiency in the security for IOT. Firstly, we present an attack model and an interaction model, and give the analysis. Then, the ideal functionality FVS and the grouping-proof ideal functionality FGP are formally defined with the UC framework. Finally, a grouping-proof schemeπGP is designed in the FVS-hybrid model. It is proved that the protocolπGP realizes the ideal functionality FGP securely for any adversary. According to the composition theorem in the UC framework, the proposed grouping-proof protocol for RFID tags is UC secure.