Fail-Stop Group Signature Scheme

Chen, Jonathan Jen-Rong; Chiang, Yi-Yuan; Hsu, Wang-Hsin; Lin, Wen-Yen

doi:https://doi.org/10.1155/2021/6693726

Security and Communication Networks

On this page

Abstract Introduction Related Work Analysis and Discussion Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Machine Learning: the Cybersecurity, Privacy, and Public Safety Opportunities and Challenges for Emerging Applications

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 6693726 | https://doi.org/10.1155/2021/6693726

Fail-Stop Group Signature Scheme

Jonathan Jen-Rong Chen,¹Yi-Yuan Chiang,²Wang-Hsin Hsu,³and Wen-Yen Lin³

Academic Editor: Xiaokang Zhou

Received17 Dec 2020

Revised25 Jan 2021

Accepted29 Jan 2021

Published09 Feb 2021

Abstract

In this study, a fail-stop group signature scheme (FSGSS) that combines the features of group and fail-stop signatures to enhance the security level of the original group signature is proposed. Assuming that FSGSS encounters an attack by a hacker armed with a supercomputer, this scheme can prove that the digital signature is forged. Based on the aforementioned objectives, this study proposes three lemmas and proves that they are indeed feasible. First, how does a recipient of a digitally signed document verify the authenticity of the signature? Second, when a digitally signed document is under dispute, how can the group’s manager determine the identity of the original group member who signed the document, if necessary, for an investigation? Third, how can one prove that the signature is indeed forged following an external attack from a supercomputer? Following an attack, the signature could be proved to be forged without exposing the key. In addition, the ultimate goal of the group fail-stop signature scheme is to stop using the same key immediately after the discovery of a forgery attack; this would prevent the attack from being repeated.

1. Introduction

Electronic documents are being increasingly used instead of paper to conduct official government and private business. Among other advantages, this benefits the environment by reducing the amount of paper being used. However, the use of electronic documents also increases the importance of using digital signatures to guarantee the validity, authenticity, and integrity of electronic documents and reduce the risk of documents being forged.

To cope with the wide range of potential uses for digital signature technology, the concept of group signing was proposed. A real-life example is considered to illustrate the process of using a group fail-stop signature scheme. The chief of Taiwan’s Environmental Protection Administration, along with 19 other staff members of the agency, is eligible to digitally sign documents; these staff members include those accusing a subordinate unit of breaking the law. To safeguard the agency members’ neutrality and protect them from interference, each staffer is required to activate a digital signature key when they release a statement or document representing the administration. The recipient of the document would be able to verify the authenticity of the digital signature. However, in the event that someone impeaches the integrity or validity of a digitally signed document, the identity of the individual who originally signed the document would remain a secret.

Companies or other entities cited for violations by the Environmental Protection Administration could file a complaint with the agency to deny that they had violated the law. As part of the review process, it might be necessary to determine the identity of the official who signed the original document making the accusation. Under the present scheme, only the manager in the group would have the ability to identify the person who signed the document. The manager, however, cannot pretend to be a member of another group to forge the digital signature.

Chaum and Van Heyst [1] concluded that there are three properties of group signatures. (i) Only members of the group can sign messages. (ii) The recipient can verify that it is a valid group signature but cannot discover the group member who signed the message. (iii) If necessary, the signature can be “opened,” to reveal the person who signed the message.

The group signature scheme also has some favorable features that make it applicable in a range of fields. A digital signature can ensure the validity and authenticity of electronic documents. If the possibility of a document being forged could be reduced, or even if it were possible to prove that the digital signature was forged, the security level of the digital signature could then be enhanced. Another type of fail-stop signature scheme (FSS) can satisfy the aforementioned requirements.

Kitajima et al. [2] showed that an FSS has to have at least two security properties. (i) A scheme based on information-theoretic security has to be secure, even against a computationally unbounded adversary. (ii) If the computational assumption is broken, an honest signer should be able to prove that a signature is a forgery by virtue of information-theoretic security.

In this work, a fail-stop group signature scheme (FSGSS) is proposed. FSGSS combines all the functions and features of two schemes: group signature (GS) and FSS. This algorithm integrates the features of the two types of digital signatures, which strengthens its security level under the GS system. The combination scheme ensures that the group members can prove that a digital signature is indeed a forgery after supercomputer forgery attacks.

The remainder of this paper is organized as follows: Section 2 describes studies related to the present work. Section 3 presents our scheme, and Section 4 provides an analysis of the scheme and a discussion thereof. Finally, Section 5 concludes the paper and provides directions for future research.

Desmedt proposed a group-oriented cryptosystem concept in 1987. In his dissertation [3], he noted that, in addition to entities that exist as individuals, there are entities comprising groups of several individuals, such as hospitals, schools, public institutions, and private companies. When these entities issue signed electronic documents, such as certificates, the concept of a digital signature becomes a mechanism to replace signatures on paper documents. Digital signatures could be placed on electronic diplomas, electronic medical records, and other official documents released by governmental agencies. The documents that carry digital signatures must have the following features: certainty of identity, nonrepudiation, and unforgeability.

Therefore, the design of the way keys are exchanged, the parameters of the exchanges become particularly important. Although each member in a group has a secret key, the group password must be reused. In other words, individuals in the group cannot exchange their keys during an operation. Instead, they exchange secondary keys derived from their main keys. This ensures the security of the main keys. In addition, members cannot export the group’s master key. This ensures that this key remains secure. Chen and Yuanchi [4] developed a new and fast anonymous digital signature system by linking the LUC function with the complexities of discrete logarithms and factorization.

Conversely, multiple studies have focused on the security of conventional digital signature schemes that rely on a computational assumption. FSSS provide security for a sender against a forger with unlimited computational power by enabling the sender to provide a proof of forgery if it occurs. FSSs have been proposed in [5–10]. Chain [11] proposed that a fail-stop scheme could assert a victim’s innocence, without exposing the secret, and would guard against malicious behavior. More recently, Kitajima et al. [2] proposed a framework for FSS operating in a multisigner setting and called for a primitive fail-stop multisignature scheme. In other words, they combined threshold and fail-stop signatures. After the first aggregate signature scheme was proposed, several researchers attempted to propose more efficient versions of FSS by combining various schemes.

Recently, blockchain technology was used to realize the calculation and verification of the original GS algorithm. The calculation of the group certificate and signature recognition should be completed by the corresponding smart contract. This reduces the possibility of a joint attack. The newly added signature node no longer needs the approval of the center and only requires the approval of the majority node, realizing the true decentralization of signatures [12]. However, the decentralized GS scheme, based on blockchain, requires more calculation and is more expensive to implement smart contracts and applications without a decentralized network. Conversely, the blockchain-based smart contract is visible to all blockchain users. This leads to a situation where bugs, including security holes, are visible to all, yet may not be quickly fixed [13–15]. In particular, issues in Ethereum smart contracts include ambiguities and easy-but-insecure constructs in its contract language solidity, compiler bugs, Ethereum virtual machine bugs, attacks on the blockchain network, and the immutability of bugs; moreover, there is no central source documenting known vulnerabilities, attacks, and problematic constructs [14].

3. Proposed Scheme

3.1. Initialization

The system center (SC) chooses a primitive element over the Galois field , satisfying the following equation:where are large primitive. Let

Then, SC chooses a number , satisfyingwhere and are the public key and secret key of the SC, respectively. The details of the initialization process are shown in 0 (Figure 1).

3.2. Group and Its Members

Without loss of generality, we assume a group and its members , where is the manager of a group. The member registers to SC individually as follows:

chooses a number and calculates uses the to register.

3.3. Parameters Exchange

Example 1: , requests a part of the parameter from ; and then, chooses a number and calculates

This means that sends to . chooses a number and calculates chooses a number , satisfying the following equation:

After the aforementioned procedure is performed, if manager knows the parameters, then is known. It is to be noted that is the public key of where , based on equation (4). The detailed process of GFSS is shown in 0 (three-way handshake for exchange parameters) (Figure 2).

3.4. Signing Message

Multiplying both sides of equation (11) with , we obtain

Multiplying both sides of equation (9) with , we obtain

Using equations (13) and (14), we obtain

Then, we choose two numbers and calculate

Letand

Adding on both sides of equation (15), we acquire

Using from equations (18) and (19) to multiply both sides of equation (20), we obtain

Letand

Assuming that the recipient of the message , sends messages to . It is to be noted thatwhere is used in the equations as follows:

The receiver accepts this digital signature if both equations (25) and (26) are valid. Otherwise, this digital signature is denied (Table 1).

4. Analysis and Discussion

In this section, we first introduce Lemma 1 to check the validity of a digital signature. Lemma 2 verifies whether a digital signature is activated by a group member. Lemma 3 shows that the attack method, mentioned by Susilo [7], will not succeed. There are several parameters after these procedures. We created a list of members holding parameters, as shown in 0. In this scheme, the members share partial parameters and maintain a few parameter(s). For example, manager holds only parameter member only holds parameter . In this case, someone creates a digital signature of and passes the verification; however, she/he is unaware of parameter . That is, this person is a forger.

Lemma 1. If are trusted authorities, then both equations (24) and (25) are valid.

Proof:. Using equation (22), we haveThere are two parts of the last term of the aforementioned equations; considering the first part and using equation (4), we haveConsidering the second part,By combining equations (28) and (29), we obtainHence,Therefore, both equations (25) and (26) are valid.
Certain parameters are required to check whether message has been sent by Hence, we obtain the following lemma:

Lemma 2. If are trusted authorities, then it implies that message was sent from by equation (8).

Proof:. The following should be noted:(a) from equation (8)(b) from equation (24)(c) from equation (12)(d) from equation (18)(e) from equation (15)(f) from equation (5)(g) from equation (25)(h) from equation (26)Considering equation (19), , can be determined because of equations (12) and (24). Hence, we can obtain and via equations (18) and (24). Finally, must be calculated (only knows this parameter) because is unaware of .
Considering equation (15), , and are known. It is not easy for anyone to obtain knows this value. In fact, it is a discrete logarithm problem when someone knows only by equation (8).
We conclude that can obtain because already knows parts of parameters from and has their own parameter Therefore, after checking equations (25) and (26), we can say that the message is sent by .

Lemma 3. An attacker intercepting the message passed by the digital signature to adapt the method of Susilo et al. will not succeed.

Proof:. The following is to be noted:(a) from equation (24)(b) from equation (25)(c) from equation (26)If an attacker A intercepts the message as shown in equation (24) because A is unaware of parameters , we assume thatAttacker A can easily forge for suitable parameters such that both equations (25) and (26) are valid. In other words, the digital signature passes the test of Lemma 2. After the procedure of Lemma 2 is performed, a nontrivial factor of can be found by computing We note that the probability of being equal to is . Therefore, it is proved that is not sent by the group members.

5. Conclusions and Future Work

In this study, we propose a novel FSGSS. This algorithm integrates the features of two types of digital signature, which strengthens its security level under the GS system. The proposed FSGSS ensures that the group members can prove that a digital signature is indeed a forgery after supercomputer forgery attacks. In addition to discussing the integration of these two digital signatures, this dissertation highlights three proposed Lemmas and proves that they are feasible. Lemma 1 verifies an FSGSS digital signature. Lemma 2 is used by the group manager, when needed, to determine the identity of the group member who originally created the digital signature. Finally, this dissertation proposes Lemma 3. When the digital signature is found to be forged, members of the group can prove this fact.

The ultimate goal of the group fail-stop signature scheme is to stop using the same key immediately after the discovery of a forgery attack; this would prevent the attack from being repeated. That is, the “key” considered in this study is parameter used by . If the parameters need to be changed each time an entity is under attack, the process of replacing the parameters is equivalent to reexecuting the exchange parameter program. Therefore, in future work, we plan to design a scheme wherein we need not directly expose key ; we can then prove that a certain number of signatures are forged, which will enhance the efficiency of GFSS.

Data Availability

No data were used to support the findings of this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

Wang-Hsin Hsu passed away in March 15, 2020. We would like to express our gratitude to him for his contribution to this paper. We will always miss you and continue your unfinished wishes. Hope you rest in peace. This research is partially supported by the “Higher Education Sprout Project,” Ministry of Education, Taiwan.

References

D. Chaum and E. Van Heyst, “Group signatures,” in Workshop On the Theory And Application Of Cryptographic Techniques, Springer, Berlin, Germany, 1991.
View at: Google Scholar
N. Kitajima, N. Yanai, T. Nishide, G. Hanaoka, and E. Okamoto, “Constructions of fail-stop signatures for multi-signer setting,” in Proceedings of the 2015 10th Asia Joint Conference On Information Security, IEEE, Kaohsiung City, Taiwan, May 2015.
View at: Google Scholar
Y. Desmedt, “Society and group oriented cryptography: a new concept,” in Proceedings of the Conference On the Theory And Application Of Cryptographic Techniques, Springer, Amsterdam, The Netherlands, April 1987.
View at: Google Scholar
J. J.-R. Chen and L. Yuanchi, “A traceable group signature scheme,” Mathematical Computer Modelling, vol. 31, no. 2-3, pp. 147–160, 2000.
View at: Publisher Site | Google Scholar
T. P. Pedersen and B. Pfitzmann, “Fail-stop signatures,” SIAM Journal on Computing, vol. 26, no. 2, pp. 291–330, 1997.
View at: Publisher Site | Google Scholar
K. Schmidt-Samoa, “Factorization-based fail-stop signatures revisited,” in Proceedings of the International Conference On Information And Communications Security, Springer, Malaga, Spain, October 2004.
View at: Google Scholar
W. Susilo, “A new and efficient fail-stop signature scheme,” The Computer Journal, vol. 43, no. 5, pp. 430–437, 2000.
View at: Publisher Site | Google Scholar
E. Van Heyst and T. P. Pedersen, “How to make efficient fail-stop signatures,” in Workshop On the Theory and Application of Cryptographic Techniques, Springer, Berlin, Germany, 1992.
View at: Google Scholar
X. Zhou, W. Liang, S. Shimizu, J. Ma, and Q. Jin, “Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems,” IEEE Transactions on Industrial Informatics, vol. 1, 2021.
View at: Publisher Site | Google Scholar
X. Zhou, Y. Hu, W. Liang, J. Ma, and Q. Jin, “Variational LSTM enhanced anomaly detection for industrial big data,” IEEE Transactions on Industrial Informatics, vol. 1, 2020.
View at: Publisher Site | Google Scholar
K. Chain, “An improved fail-stop signature scheme based on dual complexities,” International Journal of Innovative Computing, Information and Control, vol. 10, no. 2, pp. 535–544, 2014.
View at: Google Scholar
Y. Cao, “Decentralized group signature scheme based on blockchain,” in Proceedings of the 2019 International Conference On Communications, Information System And Computer Engineering (CISCE), Haikou, China, July 2019.
View at: Google Scholar
M. E. Peck, “Ethereum’s $150-million blockchain-powered fund opens just as researchers call for a halt,” 2016, https://spectrum.ieee.org/tech-talk/computing/networks/ethereums-150-million-dollar-dao-opens-for-business-just-as-researchers-call-for-a-moratorium.
View at: Google Scholar
N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts (sok),” in Proceedings of the International Conference on Principles of Security and Trust, Springer, Uppsala, Sweden, April 2017.
View at: Google Scholar
X. Zhou, W. Liang, K. I.-K. Wang, H. Wang, L. T. Yang, and Q. Jin, “Deep-Learning-Enhanced human activity recognition for internet of healthcare things,” IEEE Internet of Things Journal, vol. 7, no. 7, pp. 6429–6438, 2020.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Jonathan Jen-Rong Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

681

Downloads

759

Citations

Security and Communication Networks

Machine Learning: the Cybersecurity, Privacy, and Public Safety Opportunities and Challenges for Emerging Applications

Fail-Stop Group Signature Scheme

Abstract

1. Introduction

2. Related Work

3. Proposed Scheme

3.1. Initialization

3.2. Group and Its Members

3.3. Parameters Exchange

3.4. Signing Message

4. Analysis and Discussion

5. Conclusions and Future Work

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright