Secure universal designated verifier signature without random oracles

In Asiacrypt 2003, the concept of universal designated verifier signature (UDVS) was introduced by Steinfeld, Bull, Wang and Pieprzyk. In the new paradigm, any signature holder (not necessarily the signer) can designate the publicly verifiable signature to any desired designated verifier (using the verifier’s public key), such that only the designated verifier can believe that the signature holder does have a valid publicly verifiable signature, and hence, believes that the signer has signed the message. Any other third party cannot believe this fact because this verifier can use his secret key to create a valid UDVS which is designated to himself. In ACNS 2005, Zhang, Furukawa and Imai proposed the first UDVS scheme without random oracles. In this paper, we give a security analysis to the scheme of Zhang et al. and propose a novel UDVS scheme without random oracles based on Waters’ signature scheme, and prove that our scheme is secure under the Gap Bilinear Diffie Hellman assumption

Two sources of Michael Polanyi`s prototypal notion of incommensurability: Evans-Pritchard on Azande witchcraft and St Augustine on conversion

Michael Polanyi argues in Personal Knowledge (1958) that conceptual frameworks involved in major scientific controversies are separated by a `logical gap'. Such frameworks, according to Polanyi (1958: 151), are logically disconnected: their protagonists think differently, use different languages and occupy different worlds. Relinquishing one framework and adopting another, Polanyi's scientist undergoes a `conversion' to a new `faith'. Polanyi, in other words, presaged Kuhn and Feyerabend's concept of incommensurability. To what influences was Polanyi subject as he developed his concept of the logical gap? The answer, as unfolded in this article, is twofold: Evans-Pritchard's Witchcraft, Oracles and Magic among the Azande and the Confessions of St Augustine.

Further observations on optimistic fair exchange protocols in the multi-user setting

Recent research has shown that the single-user security of optimistic fair exchange cannot guarantee the multi-user security. This paper investigates the conditions under which the security of optimistic fair exchange in the single-user setting is preserved in the multi-user setting. We first introduce and define a property called “Strong Resolution-Ambiguity”. Then we prove that in the certified-key model, an optimistic fair exchange protocol is secure in the multi-user setting if it is secure in the single-user setting and has the property of strong resolution-ambiguity. Finally we provide a new construction of optimistic fair exchange with strong resolution-ambiguity. The new protocol is setup-free, stand-alone and multi-user secure without random oracles.

Optimistic fair exchange with strong resolution-ambiguity

Optimistic fair exchange (OFE) allows two parties to exchange their digital items in a fair way. As one of the fundamental problems in secure electronic business and digital rights management, OFE has been studied intensively since its introduction. This paper introduces and defines a new property for OFE: Strong Resolution-Ambiguity. We show that many existing OFE protocols have the new property, but its formal investigation has been missing in those protocols. We prove that in the certified-key model, an OFE protocol is secure in the multi-user setting if it is secure in the single-user setting and has the property of strong resolution-ambiguity. Our result not only simplifies the security analysis of OFE protocols in the multi-user setting but also provides a new approach for the design of multi-user secure OFE protocols. Following this approach, a new OFE protocol with strong resolution-ambiguity is proposed. Our analysis shows that the protocol is setup-free, stand-alone and multi-user secure without random oracles.

A strong provably secure IBE scheme without bilinear map

Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an encryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. According to the Menezes-Okamoto-Vanstone (MOV) reduction theory, the IBE scheme based on bilinear map loses the high efficiency of elliptic curve because of the requirement of large security parameters. Therefore, it is important to build a provably secure IBE scheme without bilinear map. To this end, this paper proposes an improved IBE scheme that is different from the previous schemes because this new scheme does not use symmetric encryption algorithm. Furthermore, it can be proven to be secure against adaptively chosen identity and chosen plaintext attacks in the standard model. Elaborated security and performance analysis demonstrate that this new scheme outperforms the previous ones in terms of the time complexity for encryption and decryption.

Cost-effective authentic and anonymous data sharing with forward security

Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to re-authenticate their data even if a secret key of one single user has been compromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality.