Modeling and Optimization in Space Engineering

This volume presents a selection of advanced case studies that address a substantial range of issues and challenges arising in space engineering. The contributing authors are well-recognized researchers and practitioners in space engineering and in applie

  • PDF / 170,377 Bytes
  • 10 Pages / 430 x 659.996 pts Page_size
  • 68 Downloads / 201 Views

DOWNLOAD

REPORT


2

College of sciences, North China University of Technology, Shijingshan district, 100041, Beijing, China {jhzhang, zjh}@ncut.edu.cn, State Key Lab. on ISN, Xidian University, 710071, Xi’an, Shaanxi, China [email protected]

Abstract. As a special digital signature, a group signature scheme allows a group member to sign message on behalf of the group in an anonymous and unlinkability way, In case of a dispute, a designated group manager can reveal the actual identity of the signer. Anonymity and unlinkability are basic properties of group signature, which distinguish other signature schemes. Recently, based on a variant of Nyberg-Rueppel signature and knowledge proof signature, A.Miyaji et al proposed a new group signature scheme over only known-order group and claimed that the scheme is secure. Unfortunately, in this work we first show that the scheme has linkability, Namely, any one can distinguish whether two different group signatures are produced by the same signer, then give the corresponding attack on the scheme. Finally, we propose an improved scheme to overcome the above drawback:linkability and include a novel concept:individual revocation of signatures. At the same time, we give the security analysis of the improved scheme.

1

Introduction

Digital signature plays an important role to provide data integrity, authentication and undeniability for electronic transactions. Group signatures, first introduced by Chaum and van Heyst in[14]. In such a scheme each group member of a given group is allowed to sign messages on behalf of the group in an anonymous and unlinkable way. A receiver only needs the unique group public key to check the validity of a group signature. In case of a dispute, group manager can reveal the identify the identity of the signer, while other group members neither can identify the identity of the signer nor determine whether multiple signature are produced by the same group member. With time, more security requirements were added, including unlinkability, unforgeability, collusion resistance [4], exculpability [4], and framing resistance [16]. Many practical schemes were presented, some with claims of proven security in the random oracle model [1]. However, it is often unclear what the schemes or claimed proofs in these works actually deliver in terms of security guarantees, due largely to the fact that the requirements are informal and sometimes ambiguous, not precisely specifying adversary capabilities and goals. It would be beneficial S. Katsikas, J. L´ opez, G. Pernul (Eds.): TrustBus 2005, LNCS 3592, pp. 185–194, 2005. c Springer-Verlag Berlin Heidelberg 2005 

186

J. Zhang, J. Zou, and Y. Wang

in this context to have proper foundations, meaning strong formal definition and rigorously proven-secure schemes. Anonymity and unlinkability are two important properties of group signature. Because of the anonymity and unlinkability of group signature, their properties can hide the group internal structure for a verifier, while they can assure group manager to reveal the signer’s ident