Zero knowledge one time digital signature scheme

In many applications, when communicating with a host, we may or may not be concerned about the privacy of the data but are mainly concerned about the integrity of data being transmitted. This paper presents a simple algorithm based on zero knowledge proof by which the receiver can confirm the integrity of data without the sender having to send the digital signature of the message directly. Also, if the same document is sent across by the same user multiple times, this scheme results in different digital signature each time thus making it a practical one-time signature scheme.

Low-cost digital signature architecture suitable for radio frequency identification tags

Continuing achievements in hardware technology are bringing ubiquitous computing closer to reality. The notion of a connected, interactive and autonomous environment is common to all sensor networks, biosystems and radio frequency identification (RFID) devices, and the emergence of significant deployments and sophisticated applications can be expected. However, as more information is collected and transmitted, security issues will become vital for such a fully connected environment. In this study the authors consider adding security features to low-cost devices such as RFID tags. In particular, the authors consider the implementation of a digital signature architecture that can be used for device authentication, to prevent tag cloning, and for data authentication to prevent transmission forgery. The scheme is built around the signature variant of the cryptoGPS identification scheme and the SHA-1 hash function. When implemented on 130 nm CMOS the full design uses 7494 gates and consumes 4.72 mu W of power, making it smaller and more power efficient than previous low-cost digital signature designs. The study also presents a low-cost SHA-1 hardware architecture which is the smallest standardised hash function design to date.

Practical Lattice-Based Digital Signature Schemes

Digital signatures are an important primitive for building secure systems and are used in most real-world security protocols. However, almost all popular signature schemes are either based on the factoring assumption (RSA) or the hardness of the discrete logarithm problem (DSA/ECDSA). In the case of classical cryptanalytic advances or progress on the development of quantum computers, the hardness of these closely related problems might be seriously weakened. A potential alternative approach is the construction of signature schemes based on the hardness of certain lattice problems that are assumed to be intractable by quantum computers. Due to significant research advancements in recent years, lattice-based schemes have now become practical and appear to be a very viable alternative to number-theoretic cryptography. In this article, we focus on recent developments and the current state of the art in lattice-based digital signatures and provide a comprehensive survey discussing signature schemes with respect to practicality. Additionally, we discuss future research areas that are essential for the continued development of lattice-based cryptography.

A novel nonrepudiable threshold multi-proxy multi-signature scheme with shared verification

Tzeng et al. proposed a new threshold multi-proxy multi-signature scheme with threshold verification. In their scheme, a subset of original signers authenticates a designated proxy group to sign on behalf of the original group. A message m has to be signed by a subset of proxy signers who can represent the proxy group. Then, the proxy signature is sent to the verifier group. A subset of verifiers in the verifier group can also represent the group to authenticate the proxy signature. Subsequently, there are two improved schemes to eliminate the security leak of Tzeng et al.’s scheme. In this paper, we have pointed out the security leakage of the three schemes and further proposed a novel threshold multi-proxy multi-signature scheme with threshold verification.

Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party can even verify the validity of a designated verifier signature. We show that anyone who intercepts one signature can verify subsequent signatures in Zhang-Mao ID-based designated verifier signature scheme and Lal-Verma ID-based designated verifier proxy signature scheme. We propose a new and efficient ID-based designated verifier signature scheme that is strong and unforgeable. As a direct corollary, we also get a new efficient ID-based designated verifier proxy signature scheme.

Multiple-time signature schemes against adaptive chosen message attacks

Multiple-time signatures are digital signature schemes where the signer is able to sign a predetermined number of messages. They are interesting cryptographic primitives because they allow to solve many important cryptographic problems, and at the same time offer substantial efficiency advantage over ordinary digital signature schemes like RSA. Multiple-time signature schemes have found numerous applications, in ordinary, on-line/off-line, forward-secure signatures, and multicast/stream authentication. We propose a multiple-time signature scheme with very efficient signing and verifying. Our construction is based on a combination of one-way functions and cover-free families, and it is secure against the adaptive chosen-message attack.

Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

cryptanalysis of some signature schemes with message recovery

IEEE Computer Society

Preserving transparency and accountability in optimistic fair exchange of digital signatures

Optimistic fair exchange (OFE) protocols are useful tools for two participants to fairly exchange items with the aid of a third party who is only involved if needed. A widely accepted requirement is that the third party's involvement in the exchange must be transparent, to protect privacy and avoid bad publicity. At the same time, a dishonest third party would compromise the fairness of the exchange and the third party thus must be responsible for its behaviors. This is achieved in OFE protocols with another property called accountability. It is unfortunate that the accountability has never been formally studied in OFE since its introduction ten years ago. In this paper, we fill these gaps by giving the first complete definition of accountability in OFE where one of the exchanged items is a digital signature and a generic (also the first) design of OFE where transparency and accountability coexist.

Cryptanalysis and improvement of an efficient certificateless signature scheme

In traditional digital signature schemes, certificates signed by a trusted party are required to ensure the authenticity of the public key. In Asiacrypt 2003, the concept of certificateless signature scheme was introduced. The advantage of certificate-less public key cryptography successfully eliminates the necessity of certificates in the traditional public key cryptography and simultaneously solves the inherent key escrow problem suffered in identity-based cryptography. Recently, Yap et al. proposed an efficient certificateless signature scheme and claimed that their scheme is existentially unforgeable in the random oracle model. In this paper, we show that the certificateless signature scheme proposed by Yap et al. is insecure against public key replacement attacks. Furthermore, we propose an improved certificateless signature scheme, which is existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model and provide the security proof of the proposed scheme.

Avaliação morfométrica e densimétrica através de assinatura nuclear digital em biópsias de esôfago

Foram estudadas, pelo método da assinatura digital, 35 biópsias esofágicas provenientes de pacientes da província de Linxian, China, classificadas por dois observadores com ampla experiência em patologia gastrointestinal como normais, displasias ou carcinomas (8 casos normais, 6 displasias leves, 8 displasias moderadas, 4 displasias acentuadas, 4 carcinomas suspeitos de invasão e 5 carcinomas invasores). O objetivo do trabalho foi caracterizar os núcleos das populações celulares desses casos de forma que permitisse a derivação de informações diagnósticas e de possível implicação prognóstica a partir do estudo quantitativo das características nucleares de cada caso ou categoria diagnóstica. As biópsias foram coradas pelo método de Feulgen, sendo então selecionados e digitalizados 48 a 50 núcleos de cada uma delas. De cada núcleo foram extraídas 93 características cariométricas, arranjadas arbitrariamente em histograma designado como assinatura nuclear. Da média aritmética de cada característica dos núcleos de uma mesma biópsia resultou a assinatura digital do caso. A análise de funções discriminantes, baseada nas 15 características cariométricas que ofereceram melhor discriminação entre as categorias diagnósticas, mostrou que o grupo classificado como normal foi claramente distinto das demais categorias. A densidade óptica total aumentou progressivamente segundo a classificação das biópsias, do normal à displasia acentuada, sendo o valor do carcinoma semelhante ao da displasia moderada. A matriz de comprimento de seqüência apresentou o mesmo perfil, ou seja, ambas as características ofereceram discriminação clara entre as categorias diagnósticas, com exceção do carcinoma invasor, cujos valores foram superponíveis aos da displasia moderada. O estudo demonstrou a viabilidade da quantificação de características nucleares através das assinaturas nucleares digitais, que demonstraram diferenças estatisticamente significativas entre diferentes categorias diagnósticas e a elevação progressiva dos valores mensurados relacionados com o espectro das lesões, apresentando-as como um histograma (assinatura digital nuclear).

Cariometria digital em adenocarcinoma de pâncreas

O adenocarcinoma de pâncreas continua sendo uma doença com alta mortalidade apesar dos avanços na ciência e na tecnologia. O diagnóstico é tardio, na maior parte dos casos, impossibilitando uma abordagem com fins curativos. Os estudos em busca de um método para o diagnóstico precoce ou mesmo um tratamento eficaz, até o momento, não revelaram mudanças significativas. Atualmente, pesquisas em biologia molecular apontando alterações em determinados genes nos tumores de pâncreas parecem ser promissoras. Neste sentido, porém seguindo uma outra linha de pesquisa, o estudo atual que objetiva a determinação das características nucleares das células neoplásicas através da cariometria por análise digital, constitui um passo inicial para futuras especulações. Recentemente, estudos em outros tecidos como o prostático, o mamário e o endométrio vêm demonstrando existir eficácia na diferenciação entre seus tecidos normais e neoplásicos e também uma forte relação entre as alterações encontradas na cromatina de seus núcleos celulares e a agressividade de seus respectivos tumores. Utilizando-se tecido pancreático estocado em parafina por até onze anos no laboratório de Patologia do Hospital de Clínicas de Porto Alegre (HCPA), foram determinadas as características nucleares em mil e trezentos núcleos de células ductais de adenocarcinoma de pâncreas e de tecido pancreático normal. Noventa e três características da cromatina foram estudadas por análise digital. Onze características apresentaram valores diferentes entre os dois grupos e estas diferenças foram estatisticamente significativas. A média para o valor da ÁREA nuclear nos tumores foi de 977.78 e de 336.60, no tecido normal; a da RLM278 foi de 353.23 e 97.07; a da RLM266 de 99.32 e 28.06; a do PERIM de 125.58 e 65.05; a do ROUND de 1.37 e 1.04; a da IOD de 123.49 e 107.97; a da FRACDIM de 1.22 e 1.05; a da DENSMIN de 0.01 e 0.14; a da DENSMAX de 0.53 e 0.62; a da DENSSD 0.25 e 0.10 e a da DENS20P de 0.49 e 0.33, respectivamente para os núcleos dos tumores e para os do tecido normal. Sete destas características serviram como marcadores ideais de neoplasia. Estes achados permitiram a criação de uma assinatura digital específica para cada um dos dois tipos de tecido estudado.

Caracterização de núcleos celulares no adenocarcinoma primário de reto por análise de imagem digital

O câncer colorretal é um tumor maligno freqüente no mundo ocidental. É o terceiro em freqüência e o segundo em mortalidade nos países desenvolvidos. No Brasil está entre as seis neoplasias malignas mais encontradas e a quinta em mortalidade. Dos tumores colorretais, aproximadamente 40% estão localizados no reto. A sobrevida, em cinco anos, dos pacientes operados por câncer do reto varia entre 40% e 50%, estando os principais fatores prognósticos, utilizados na prática clínica corrente, baseados em critérios de avaliação clínico-patológicos. A avaliação das alterações morfométricas e densimétricas nas neoplasias malignas tem, recentemente, sido estudadas e avaliadas através da análise de imagem digital e demonstrado possibilidades de utilização diagnóstica e prognóstica. A assinatura digital é um histograma representativo de conjuntos de características de textura da cromatina do núcleo celular obtida através da imagem computadorizada. O objetivo deste estudo foi a caracterização dos núcleos celulares neoplásicos no adenocarcinoma primário de reto pelo método da assinatura digital e verificar o valor prognóstico das alterações nucleares da textura da cromatina nuclear para esta doença. Foram avaliados, pelo método de análise de imagem digital, 51 casos de pacientes operados no Hospital de Clínicas de Porto Alegre (HCPA) entre 1988 e 1996 e submetidos à ressecção eletiva do adenocarcinoma primário de reto, com seguimento de cinco anos pós-operatório, ou até o óbito antes deste período determinado pela doença, e 22 casos de biópsias normais de reto obtidas de pacientes submetidos a procedimentos endoscópicos, para controle do método da assinatura digital. A partir dos blocos de parafina dos espécimes estocados no Serviço de Patologia do HCPA, foram realizadas lâminas coradas com hematoxilina e eosina das quais foram selecionados 3.635 núcleos dos adenocarcinomas de reto e 2.366 núcleos dos controles da assinatura digital, totalizando 6.001 núcleos estudados por análise de imagem digital. De cada um destes núcleos foram verificadas 93 características, sendo identificadas 11 características cariométricas com maior poder de discriminação entre as células normais e neoplásicas. Desta forma, através da verificação da textura da cromatina nuclear, foram obtidos os histogramas representativos de cada núcleo ou conjunto de núcleos dos grupos ou subgrupos estudados, também no estadiamento modificado de Dukes, dando origem às assinaturas digitais correspondentes. Foram verificadas as assinaturas nucleares, assinaturas de padrão histológico ou de lesões e a distribuição da Densidade Óptica Total. Houve diferença significativa das características entre o grupo normal e o grupo com câncer, com maior significância para três delas, a Área, a Densidade Óptica Total e a Granularidade nuclear. Os valores das assinaturas médias nucleares foram: no grupo normal 0,0009 e nos estadiamentos; 0,9681 no A, 4,6185 no B, 2,3957 no C e 2,1025 no D e diferiram com significância estatística (P=0,001). A maior diferença do normal ocorreu no subgrupo B de Dukes-Turnbull. As assinaturas nucleares e de padrão histológico mostraram-se distintas no grupo normal e adenocarcinoma, assim como a distribuição da Densidade Óptica Total a qual mostra um afastamento progressivo da normalidade no grupo com câncer. Foi possível a caracterização do adenocarcinoma de reto, que apresentou assinaturas digitais específicas. Em relação ao prognóstico, a Densidade Óptica Total representou a variável que obteve o melhor desempenho, além do estadiamento, como preditor do desfecho.