Tsz Hon Yuen

Ring signatures without random oracles

Since the formalization of ring signature by Rivest, Shamir and Tauman in 2001, there are lots of variations appeared in the literature. Almost all of the variations rely on the random oracle model for security proof. In this paper, we propose a ring signature scheme based on bilinear pairings, which is proven to be secure against adaptive chosen message attack without using the random oracle model. It is one of the first in the literature to achieve this security level.

ID-Based ring signature scheme secure in the standard model

The only known construction of ID-based ring signature schemes which maybe secure in the standard model is to attach certificates to non-ID-based ring signatures. This method leads to schemes that are somewhat inefficient and it is an open problem to find more efficient and direct constructions. In this paper, we propose two such constructions. Our first scheme, with signature size linear in the cardinality of the ring, is secure in the standard model under the computational Diffie-Hellman assumption. The second scheme, achieving constant signature size, is secure in a weaker attack model (the selective ID and selective chosen message model), under the Diffie-Hellman Inversion assumption.

Certificate based (linkable) ring signature

In this paper, we propose a new notion called Certificate Based Ring Signature (CBRS) that follows the idea of Certificate Based Encryption (CBE) presented by Gentry in EuroCrypt 2003. It preserves the advantages of CBE such as implicit certificate and no private key escrow. At the same time it inherits the properties of normal ring signature such as anonymity and spontaneity. We provide its security model and a concrete implementation. In addition, we also propose a variant of CBRS, called Certificate Based Linkable Ring Signature (CBLRS). It is similar to CBRS, except with linkability. That is, it allows the public to verify whether two given signatures are generated by the same signer, yet preserves the anonymity of this user. It can be seen as the Certificate Based version of normal linkable ring signature.

Fast and proven secure blind identity-based signcryption from pairings

We present the first blind identity-based signcryption(BIBSC). We formulate its security model and define the security notions of blindness and parallel one-more unforgeability (p1m-uf). We present an efficient construction from pairings, then prove a security theorem that reduces its p1m-uf to Schnorrs ROS Problem in the random oracle model plus the generic group and pairing model. The latter model is an extension of the generic group model to add support for pairings, which we introduce in this paper. In the process, we also introduce a new security model for (non-blind) identity-based signcryption (IBSC) which is a strengthening of Boyens. We construct the first IBSC scheme proven secure in the strengthened model which is also the fastest IBSC in this model or Boyens model. The shortcomings of several existing IBSC schemes in the strengthened model are shown.

Escrowed linkability of ring signatures and its applications

Ring signatures allow a user to sign anonymously on behalf of a group of spontaneously conscripted members. Two ring signatures are linked if they are issued by the same signer. We introduce the notion of Escrowed Linkability of ring signatures, such that only a Linking Authority can link two ring signatures; otherwise two ring signatures remain unlinkable to anyone. We give an efficient instantiation, and discuss the applications of escrowed linkability, like spontaneous traceable signature and anonymous verifiably encrypted signature. Moreover, we propose the first short identity-based linkable ring signatures from bilinear pairings. All proposals are provably secure under the random oracle model.

Improvements on an authentication scheme for vehicular sensor networks

In a recent paper, Shim (2012) presented a very interesting authentication scheme for vehicular sensor networks. Shim claimed that the scheme is secure against the highest adopted level of attack, namely the chosen-message attack (CID-CMA). Nevertheless, we find that the proof in Shims paper does not actually prove that the scheme is secure in this level. Instead, it can only ensure that the scheme is secure in a strictly weaker level of attack, the adaptive chosen-identity and no-message attack (CID-NMA). In this paper, first we show that there exist some security risks in vehicular networks if a scheme, which is only secure against CID-NMA but not CID-CMA, is deployed. Hence, having the proof that the scheme is only CID-NMA is insufficient for the aforementioned application. That is, Shim did not prove that the proposed scheme can resist these kinds of attack. Here, we use a different approach to prove the scheme for security against CID-CMA. We note that this proof is essential to ensure that the scheme can indeed be used for the aforementioned scenario. In addition, we also show that the batch verification of the scheme, proposed in the same paper, may have non-negligible error. Two invalid signatures may give a positive result. We further improve the batch verification part so that the error rate can be reduced to negligible level.

Constant-size ID-based linkable and revocable-iff-linked ring signature

In this paper, we propose a new notion called Revocable-iff-Linked Ring Signature (R-iff-L Ring Signature). In R-iff-L ring signatures, a signer can sign on behalf of the whole group, just like ordinary ring signatures. However, if he signs twice or more, he can be linked and his identity can be revoked by everyone. We formally define a new security model for the new notion in identity-based (ID-based) setting and propose a constant-size ID-based construction, that is, the size of the signature is independent of the size of the group. In addition, we enhance the security model of ID-based linkable ring signature scheme and provide an implementation with constant size setting. Both schemes are provably secure in our new model.

Proxy Ring Signature: Formal Definitions, Efficient Construction and New Variant

Proxy ring signatures allow proxy signer to sign messages on behalf of the original signer while providing anonymity. In this paper, we give the first formal security definitions and notions of proxy ring signatures. Subsequently, we propose a short proxy ring signature scheme, with rigorous security proofs. It is more efficient than the existing proxy ring signature schemes. Finally, we propose a new kind of proxy ring signatures. Existing proxy ring signatures in the literature provide anonymity for proxy signer only. We extend the notion to support anonymity for original signer as well. We give an efficient and secure instantiation of it

Group signature where group manager, members and open authority are identity-based

We present the first group signature scheme with provable security and signature size O(λ) bits where the group manager, the group members, and the Open Authority (OA) are all identity-based. We use the security model of Bellare, Shi, and Zhang [3], except to add three identity managers for manager, members, and OA respectively, and we discard the Open Oracle (

Continuous Non-malleable Key Derivation and Its Application to Related-Key Security

{\mathcal O} {\mathcal O}