The susceptibility of digital signatures to fraud in the National Electronic Conveyancing System : an analysis

Public key cryptography, and with it,the ability to compute digital signatures, have made it possible for electronic commerce to flourish. It is thus unsurprising that the proposed Australian NECS will also utilise digital signatures in its system so as to provide a fully automated process from the creation of electronic land title instrument to the digital signing, and electronic lodgment of these instruments. This necessitates an analysis of the fraud risks raised by the usage of digital signatures because a compromise of the integrity of digital signatures will lead to a compromise of the Torrens system itself. This article will show that digital signatures may in fact offer greater security against fraud than handwritten signatures; but to achieve this, digital signatures require an infrastructure whereby each component is properly implemented and managed.

Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Preserving transparency and accountability in optimistic fair exchange of digital signatures

Optimistic fair exchange (OFE) protocols are useful tools for two participants to fairly exchange items with the aid of a third party who is only involved if needed. A widely accepted requirement is that the third party's involvement in the exchange must be transparent, to protect privacy and avoid bad publicity. At the same time, a dishonest third party would compromise the fairness of the exchange and the third party thus must be responsible for its behaviors. This is achieved in OFE protocols with another property called accountability. It is unfortunate that the accountability has never been formally studied in OFE since its introduction ten years ago. In this paper, we fill these gaps by giving the first complete definition of accountability in OFE where one of the exchanged items is a digital signature and a generic (also the first) design of OFE where transparency and accountability coexist.

Double-authentication-preventing signatures

Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a trusted authority could make multiple certifications for the same subject but different objects, be it intentionally, by accident, or following a (legal or illegal) coercion. We propose the notion of a double-authentication-preventing signature, in which a value to be signed is split into two parts: a subject and a message. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property discourages signers from misbehaving---a form of self-enforcement---and would give binding authorities like CAs some cryptographic arguments to resist legal coercion. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer.

Sealing the leak on classical NTRU signatures

Initial attempts to obtain lattice based signatures were closely related to reducing a vector modulo the fundamental parallelepiped of a secret basis (like GGH [9], or NTRUSign [12]). This approach leaked some information on the secret, namely the shape of the parallelepiped, which has been exploited on practical attacks [24]. NTRUSign was an extremely efficient scheme, and thus there has been a noticeable interest on developing countermeasures to the attacks, but with little success [6]. In [8] Gentry, Peikert and Vaikuntanathan proposed a randomized version of Babai’s nearest plane algorithm such that the distribution of a reduced vector modulo a secret parallelepiped only depended on the size of the base used. Using this algorithm and generating large, close to uniform, public keys they managed to get provably secure GGH-like lattice-based signatures. Recently, Stehlé and Steinfeld obtained a provably secure scheme very close to NTRUSign [26] (from a theoretical point of view). In this paper we present an alternative approach to seal the leak of NTRUSign. Instead of modifying the lattices and algorithms used, we do a classic leaky NTRUSign signature and hide it with gaussian noise using techniques present in Lyubashevky’s signatures. Our main contributions are thus a set of strong NTRUSign parameters, obtained by taking into account latest known attacks against the scheme, a statistical way to hide the leaky NTRU signature so that this particular instantiation of CVP-based signature scheme becomes zero-knowledge and secure against forgeries, based on the worst-case hardness of the O~(N1.5)-Shortest Independent Vector Problem over NTRU lattices. Finally, we give a set of concrete parameters to gauge the efficiency of the obtained signature scheme.

Double-authentication-preventing signatures

Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a trusted authority could make multiple certifications for the same subject but different objects, be it intentionally, by accident, or following a (legal or illegal) coercion. We propose the notion of a double-authentication-preventing signature, in which a value to be signed is split into two parts: a subject and a message. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property discourages signers from misbehaving—a form of self-enforcement—and would give binding authorities like CAs some cryptographic arguments to resist legal coercion. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer; we show an additional application of these new extractable trapdoor functions to standard digital signatures.

Practical Lattice-Based Digital Signature Schemes

Digital signatures are an important primitive for building secure systems and are used in most real-world security protocols. However, almost all popular signature schemes are either based on the factoring assumption (RSA) or the hardness of the discrete logarithm problem (DSA/ECDSA). In the case of classical cryptanalytic advances or progress on the development of quantum computers, the hardness of these closely related problems might be seriously weakened. A potential alternative approach is the construction of signature schemes based on the hardness of certain lattice problems that are assumed to be intractable by quantum computers. Due to significant research advancements in recent years, lattice-based schemes have now become practical and appear to be a very viable alternative to number-theoretic cryptography. In this article, we focus on recent developments and the current state of the art in lattice-based digital signatures and provide a comprehensive survey discussing signature schemes with respect to practicality. Additionally, we discuss future research areas that are essential for the continued development of lattice-based cryptography.

Forward secure attribute-based signatures

Attribute-Based Signatures (ABS) is a versatile primitive which allows an entity to sign a message with fine-grained control over identifying information. A valid ABS only attests to the fact that “A single user, whose attributes satisfy the predicate, has endorsed the message”. While ABS has been well investigated since its introduction, it is unfortunate that key exposure–an inherent weakness of digital signatures–has never been formally studied in the scenario of ABS. We fill this gap by proposing a new notion called forward secure ABS, its formal security models and a generic (also the first) design based on well established crypto primitives.

Certificate-based signatures revisited

Certificate-based encryption was introduced in Eurocrypt '03 to solve the certificate management problem in public key encryption. Recently, this idea was extended to certificate-based signatures. Several new schemes and security models of certificate-based signature by comparing it with digital signatures in other popular public key systems. We introduce a new security model of certificate-based signature, which defines several new types of adversaries against certificate-based signature, which defines several new types of adversaries against certificate-based signatures, along with the security model of certificate-based signatures against them. The new model is clearer and more elaborated compared with other existing ones. We then investigate the relationship between certificate-based signatures and certificate-less signatures, and propose a generic construction of certificate-based signatures and certificate less signatures, and propose a generic construction of certificate-based signatures. We prove that the generic construction is secure (in the random oracle model) against all types of adversaries defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions. Based on our generic construction, we are able to construct new certificate-based signatures schemes, which are more effiecient in comparison with other schemes with similar security levels

Caracterização de núcleos celulares no adenocarcinoma primário de reto por análise de imagem digital

O câncer colorretal é um tumor maligno freqüente no mundo ocidental. É o terceiro em freqüência e o segundo em mortalidade nos países desenvolvidos. No Brasil está entre as seis neoplasias malignas mais encontradas e a quinta em mortalidade. Dos tumores colorretais, aproximadamente 40% estão localizados no reto. A sobrevida, em cinco anos, dos pacientes operados por câncer do reto varia entre 40% e 50%, estando os principais fatores prognósticos, utilizados na prática clínica corrente, baseados em critérios de avaliação clínico-patológicos. A avaliação das alterações morfométricas e densimétricas nas neoplasias malignas tem, recentemente, sido estudadas e avaliadas através da análise de imagem digital e demonstrado possibilidades de utilização diagnóstica e prognóstica. A assinatura digital é um histograma representativo de conjuntos de características de textura da cromatina do núcleo celular obtida através da imagem computadorizada. O objetivo deste estudo foi a caracterização dos núcleos celulares neoplásicos no adenocarcinoma primário de reto pelo método da assinatura digital e verificar o valor prognóstico das alterações nucleares da textura da cromatina nuclear para esta doença. Foram avaliados, pelo método de análise de imagem digital, 51 casos de pacientes operados no Hospital de Clínicas de Porto Alegre (HCPA) entre 1988 e 1996 e submetidos à ressecção eletiva do adenocarcinoma primário de reto, com seguimento de cinco anos pós-operatório, ou até o óbito antes deste período determinado pela doença, e 22 casos de biópsias normais de reto obtidas de pacientes submetidos a procedimentos endoscópicos, para controle do método da assinatura digital. A partir dos blocos de parafina dos espécimes estocados no Serviço de Patologia do HCPA, foram realizadas lâminas coradas com hematoxilina e eosina das quais foram selecionados 3.635 núcleos dos adenocarcinomas de reto e 2.366 núcleos dos controles da assinatura digital, totalizando 6.001 núcleos estudados por análise de imagem digital. De cada um destes núcleos foram verificadas 93 características, sendo identificadas 11 características cariométricas com maior poder de discriminação entre as células normais e neoplásicas. Desta forma, através da verificação da textura da cromatina nuclear, foram obtidos os histogramas representativos de cada núcleo ou conjunto de núcleos dos grupos ou subgrupos estudados, também no estadiamento modificado de Dukes, dando origem às assinaturas digitais correspondentes. Foram verificadas as assinaturas nucleares, assinaturas de padrão histológico ou de lesões e a distribuição da Densidade Óptica Total. Houve diferença significativa das características entre o grupo normal e o grupo com câncer, com maior significância para três delas, a Área, a Densidade Óptica Total e a Granularidade nuclear. Os valores das assinaturas médias nucleares foram: no grupo normal 0,0009 e nos estadiamentos; 0,9681 no A, 4,6185 no B, 2,3957 no C e 2,1025 no D e diferiram com significância estatística (P=0,001). A maior diferença do normal ocorreu no subgrupo B de Dukes-Turnbull. As assinaturas nucleares e de padrão histológico mostraram-se distintas no grupo normal e adenocarcinoma, assim como a distribuição da Densidade Óptica Total a qual mostra um afastamento progressivo da normalidade no grupo com câncer. Foi possível a caracterização do adenocarcinoma de reto, que apresentou assinaturas digitais específicas. Em relação ao prognóstico, a Densidade Óptica Total representou a variável que obteve o melhor desempenho, além do estadiamento, como preditor do desfecho.

Utilizing Electronic Signatures and Electronic Form Filling to Streamline Document Approval Process

This CPM project focuses on the document approval process that the Division of State Human Resources consulting team utilizes as it relates to classification and compensation requests, e.g. job reclassifications, PD update requests, and salary requests. The ultimate goal is to become more efficient by utilizing electronic signatures and electronic form filling to streamline the current process of document approvals.