Quantum-Resistant Lattice-Based Proxy Signature

A proxy signature scheme permits an entity to delegate its signing rights to another. Proxy signature scheme has been widely used in numerous applications. This paper proposed a proxy signature scheme based on lattice cryptography which is different from traditional proxy signature schemes. This scheme combines the idea of the traditional proxy signature and the lattice-based signature together. The security of the proposed scheme is based on the Short Integer Solution (SIS) problem, the proposed proxy signature scheme has smaller key size and lower computation cost. We use the Bimodal Gaussian Distribution, Reject Sampling, Hash matrix and other technologies to extend the original digital signature scheme to the proxy signature scheme. In this paper we will give the security proof of the proxy signature scheme. Moreover, since the key construction of the scheme is based on the operation of the ring, so the public and private key size can be greatly shrunk.

A strong designated verifier signature (SDVS) scheme only allows a designated veri- fier to validate signer's signatures for ensuring confidentiality. At the same time, the des- ignated verifier can not transfer the signature to any third party, since he can also generate another computationally indistinguishable SDVS, which is referred to as non-transfer- ability. A proxy signature scheme is a special type of digital signature schemes, which en- ables an authorized proxy signer to create a valid proxy signature on behalf of the original one. The resulted proxy signature is publicly verifiable by anyone. In this paper, we elabo- rate on the merits of SDVS schemes and proxy signature schemes to propose an efficient strong designated verifier proxy signature (SDVPS) scheme in which only a designated verifier can be convinced of the proxy signer's identity. The proposed scheme has crucial benefits in organizational operations and electronic commerce. Compared with related schemes, ours has not only shorter signature length, but also lower computational costs. Moreover, the security requirement of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) is proved in the random oracle model.

The concept of self proxy signature (SPS) scheme was proposed by Kim and Chang in 2007. In a self proxy signatures, the signer wants to protect his original keys by generating temporary key pairs for a time period and then revoke them. The temporary keys can be generated by delegating the signing right to himself. Thus, in SPS the user can prevent the exposure of his private key from repeated use. If we are considering the existence of quantum computers, then scheme proposed by Kim and Chang’s is no more secure since its security is based on the hardness of discrete logarithm assumption. In this paper we propose the first lattice based self proxy signature scheme. Since hard problems of lattices are secure against quantum attacks, therefore, our proposed scheme is secure against quantum computer also. We designed our scheme on NTRU lattices since NTRU lattices are most efficient lattices than general lattices.

Those existing proxy signature schemes are mainly based on the assumed hardness of Big Integer Factoring problem and Discrete Logarithm problem. So they can't resist quantum attacks. This proxy signature scheme is based on the assumed hardness of some lattice problem, which can resist quantum attack. The key pair of proxy signer was generated using basis delegation technology. Combined with GPV basic signature scheme, the proxy signature scheme was constructed. This scheme is satisfied with all the security property of proxy signature schemes. Based on this scheme, variant lattice-based proxy signature schemes will be designed, such as blind proxy signature, multi-grade proxy signature, and identity-based proxy signature etc.

As a special digital signature, proxy signature is becoming more and more important in electronic authentication. Compared with the insecurity of proxy signatures based on the decomposition of large integers and the difficulty of discrete logarithms, lattice-based cryptography have higher security and computational efficiency. This paper uses the pre-image sampling algorithm and trapdoor generation algorithm to construct a certificateless proxy signature scheme on lattices, and puts the scheme into the background of big data to realize authentication. The safety of the problem is proved by using the difficulty of small integer solutions on the lattices. Compared with other existing proxy signature schemes, it has low computational complexity and higher security.

In proxy signature schemes, the proxy signer B is permitted to produce a signature on behalf of the original signer A. However, exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper, we applied Dodis, et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.

A proxy signature scheme allows one user to delegate his/her signing capability to another user called a proxy signer in such a way that the latter can sign messages on behalf of the the former. After verification the verifier is convinced of the original signer's agreement on the signed message. Like digital signatures, these proxy signatures are also vulnerable to leakage of proxy secret key. Forward-Secure signatures enable the signer to guarantee the security of messages signed in the past even if his secret key is exposed today. By applying the concept of Forward-Security to proxy signatures, we have come up with a forward secure proxy signature scheme based on DSA(Digital signature algorithm). Compared to existing schemes, the special feature of our scheme is that an original signer can delegate his signing capability to any number of proxy signers in varying time periods. Though the original signer gives proxy information to all the proxy signers at the beginning of the protocol, the proxy signers will be able to generate proxy signatures only in their allotted time periods. Further, the proxy signatures are made forward-secure. Moreover, our scheme meets the basic requirements of a proxy signature scheme along with proxy revocation. Both on-demand proxy revocation i.e. whenever the original signer wants to revoke the proxy signer and automatic proxy revocation i.e. immediate revocation after the expiry of the time period of the proxy signer, is provided. Additional properties of our scheme are as follows: identity of the proxy signer is available in the information sent by original signer to proxy signer, original signer need not send the information to proxy signer through a secure channel, warrant on the delegated messages can be specified, original signer cannot play the role of proxy signer, and verifier can determine when the proxy signature was generated.

Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer or a group of proxy signers who can then sign documents on behalf of the original signer. In this paper, we investigate the problem of proxy signature with revocation. The revocation of delegated signing right is necessary for a proxy signature scheme when the proxy signer's key is compromised and/or any misuse of the delegated right is noticed. Although a proxy signature scheme usually specifies a delegation time period, it may happen that the original signer wants to terminate the delegation before it is expired. In order to solve this problem, in this paper we propose a new proxy signature scheme with revocation. Our scheme utilises and combines the techniques in the Naor-Naor-Lotspiech NNL framework for broadcast encryption, the Boneh-Boyen-Goh BBG hierarchical identity-based encryption and the Boneh-Lynn-Shacham BLS short signature scheme and thereby constructing an efficient tree-based revocation mechanism. The unrevoked proxy signer only needs to generate evidences for proving that he/she is a valid proxy signer once in per revocation epoch, and the verifier does not need a revocation list in order to verify the validity of a proxy signature.

Identity-based threshold signature and mediated proxy signature schemes

SummaryProxy signature scheme is an important cryptographic primitive, for an entity can delegate his signing right to another entity. Although identity‐based proxy signature schemes based on conventional number‐theoretic problems have been proposed for a long time, the researchers have paid less attention to lattice‐based proxy signature schemes that can resist quantum attack. In this paper, we first propose an identity‐based proxy signature scheme over Number Theory Research Unit (NTRU)‐lattice. We proved that the proposed paradigm is secure under the hardness of the γ‐shortest vector problem on the NTRU lattice in random oracle model; furthermore, the comparison with some existing schemes shows our scheme is more efficient in terms of proxy signature secret key size, proxy signature size, and computation complexity. As the elemental problem of the proposed scheme is difficult even for quantum computation model, our scheme can work well in quantum age.

A proxy signature scheme is a method which allows an original signer to delegate his signing power to a proxy signer. Most proxy signature schemes use a warrant appearing in the signature verification equation to declare the valid delegation period. However, the declaration in the warrant is useless because no-one can know the exact time when the proxy signer signed a message. To avoid the proxy signer abusing the signing capability, the original signer may hope to know the identity of who received the proxy signature from the proxy signer. Recently Sun and Chen proposed the concept of time-stamped proxy signatures with traceable receivers to solve these two problems. A time-stamped proxy signature scheme with traceable receivers is a proxy signature scheme which can ascertain whether a proxy signature is created during the delegation period, and can trace who actually received the proxy signatures from the proxy signer. The author shows that Sun and Chen's scheme suffers from weaknesses and consequently proposes a new time-stamped proxy signature scheme which doesn't suffer from the same weaknesses.

Allowing a proxy signer to generate a signature on behalf of an original signer, a proxy signature should satisfy the property of strong unforgeability: anyone except the designated proxy signer cannot create a valid proxy signature on behalf of the original signer. Since proxy signatures, as well as their derivatives, can be used in many applications in reality, such as secure mobile agent, e-commerce systems and etc., they have been receiving extensive research recently. In this paper, we show that the proxy signature scheme [14] from ISPA'04 will suffer from the original signer's forgery attack if the original signer once gets a valid proxy signature on a message, and a similar attack arises in the proxy signature scheme [1] from AWCC'04 if the verifier does not check the originality of the proxy signer's proxy public key before verifying a proxy signature. Therefore, in some degree, neither of these two schemes meets the property of strong unforgeability.

The concept of proxy signature was introduced by Mambo et al. to delegate signing capability in the digital world. In this paper, we show that three existing proxy signature schemes without certificates, namely, the Qian and Cao identity-based proxy signature (IBPS) scheme, the Guo et al. IBPS scheme and the Li et al. certificateless proxy signature (CLPS) scheme are insecure against universal forgery. More precisely, we show that any user who has a valid public-private key pair can act as a cheating proxy signer and forge the proxy signature on behalf of the original signer at will, without obtaining the official delegation from the original signer.

A proxy signature scheme allows one user to delegate his/her signing capability to another user called a proxy signer in such a way that the latter can sign messages on behalf of the former. After verification the verifier is convinced of the original signer's agreement on the signed message. Forward-secure signatures enable the signer to guarantee the security of messages signed in the past even if his secret key is exposed today. We propose a forward secure proxy signature scheme based on the popular Bellare-Miner forward-secure scheme. Compared to existing schemes, the special feature of our scheme is that an original signer can delegate his signing capability to any number of proxy signers in varying time periods. Though the original signer gives proxy information to all the proxy signers at the beginning of the protocol, the proxy signers will be able to generate proxy signatures only in their allotted time periods. Further, the proxy signatures are made forward-secure. Moreover, our scheme meets the basic requirements of a proxy signature scheme along with proxy revocation. Both on-demand proxy revocation i.e. whenever the original signer wants to revoke the proxy signer and automatic proxy revocation i.e.immediate revocation after the expiry of the time period of the proxy signer, is provided. Additional properties of our scheme are as follows: identity of the proxy signer is available in the information sent by original signer to proxy signer, original signer need not send the information to proxy signer through a secure channel, warrant on the delegated messages can be specified, original signer cannot play the role of proxy signer, and verifier can determine when the proxy signature was generated.

Proxy signature schemes based on factoring