Author Topic: A Modified (t, n) Threshold Group Signature Generation and (k, m) Threshold Grou  (Read 1858 times)

0 Members and 1 Guest are viewing this topic.

IJSER Content Writer

  • Sr. Member
  • ****
  • Posts: 327
  • Karma: +0/-1
    • View Profile
Author : Ganesh Mante,Prof.Dr.S.D.Joshi
International Journal of Scientific & Engineering Research Volume 2, Issue 6, June-2011
ISSN 2229-5518
Download Full Paper : PDF

Abstract--Globalization of the Internet has boosted electronic information exchange on both the personal and business levels.  There is a need of the authentication of messages sent by a group of individuals to another group. A (t, n) threshold group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The idea of threshold cryptography is to protect information by distributing it among a cooperating member. Following some ideas of the classical threshold signature scheme, a (t, n) threshold group signature scheme and (k, m) threshold group signature verification scheme based on discrete logarithm problem is proposed. The group signature is generated by at least t group members and is verified by at least k members in the group. Only one group public key is required. Each group member separately signs the message. The scheme is highly secure and resists the conspiracy attack.
Index Terms-Discrete logarithm, Group Signature, Galois Field, Polynomial, Signers, Threshold, Verifiers
Traditionally to authorize the transactions done by corporation by the single person or group of persons is designed and implemented by software control defense mechanism. But considering the security threats in the highly popularized internet and mobile world above schemes are not satisfactory. Many cryptographic techniques are used to solve this problem. If the secret is kept with the single entity, it may cause the malicious damage to the system and there may also be the problem of availability. To overcome such problem the concept of threshold cryptography can be used in which the secret is distributed. Secret sharing refers to method for distributing a secret amongst a group of participants, each of which is allocated a share of the secret. The secret can be reconstructed only when a sufficient number of shares are combined together; individual shares are of no use. There are three main objects while designing a secure application:
Confidentiality: This can also be called privacy or secrecy and refers to the protection of information from unauthorized disclosure. Usually achieved either by restricting access to the information or by encrypting the information so that it is not meaningful to unauthorized individuals or entities.

Integrity: Assuring the receiver that the received message has not been altered in any way from the original. This can be thought of as accuracy. This refers to the ability to protect information, data, or transmissions from unauthorized, uncontrolled, or accidental alterations. The term integrity can also be used in reference to the functioning of a network, system, or application. Integrity is lost if unauthorized changes are made to the data by either intentional or accidental acts. To prevent the loss of integrity from happening, only authorized users should be allowed to modify data.
Authentication: Authentication serves as proof that you are who  you say you are or what you claim to be. Authentication is critical if there is to be any trust between parties. Authentication is required when communicating over a network or logging onto a network. When communicating over a network you should ask yourself two questions: 1) with whom am I communicating? And 2) why do I believe this person or entity is who he, she, or it claims to be?
Nonrepudiation: The ability to prevent individuals or entities from denying that information, data, or files were sent or received or that information or files were accessed or altered, when in fact they were.
Threshold Cryptosystems has gradually been attractive since the proposal of the first threshold cryptosystem by Desmedt and Frankel in 1989.Numerous international studies had published research results and considerable researches were devoted to the threshold cryptography. Threshold signature cryptosystem is an important aspect of threshold cryptography, and represents almost the core of threshold cryptography research.
Li, Hwang and Lee [8] proposed the RSA based threshold signature scheme. In related research [8], it was pointed out that t+1 or t sub secret shareholders can conspire to obtain the system secret, and a conspiracy attack from the participants enables the conspirators to easily generate a group signature. The paper presents a technique where k out of l individuals is required to generate a signature for a message. This is clearly better than having each of the k individuals create k signatures which would cause an increase in bandwidth overhead. The receiver would also be required to perform more calculations and store a large key directory. No interactions between shareholders is necessary for the generation of signature and the secret key is not revealed to any individual even after signatures have been created .The scheme is based on RSA and interpolation polynomials. The scheme fails to withstand the conspiracy attack.
L.Harn [7] proposed a group oriented threshold signature scheme based on Elgamal System. In this scheme any t out of n users in a group can represent this group to sign the group signature. The size of the group signature and the verification time of the group signature are equivalent to that of an individual digital signature. The signature verification process is simplified because there is only one group public key required, the group signature can be verified by any outsider. In addition the scheme proposed does not require assistance of a mutually trusted party. Each member selects its own secret key and the group public key is determined by all group members. Each group member signs a message separately and sends the individual signature to a designated clerk. The clerk validates each individual signature into a group signature.
Li, Hwang and Lee [6] proposed two (t, n) threshold signature methods for resisting the conspiracy attack. One method required a trusted distribution center, while the other did not. These two methods resisted the conspiracy attack by attaching a random number to the sub-keys of all participants, such that the signatures could be protected against tracing from the sub-key. However these schemes failed to resist forgery attack from the internal participants.
Wang, Lin and Chang proposed two new (t, n) threshold signature methods [5].The proposed methods enabled the signers traceable but do not require the attachment of random numbers to sub-keys. The scheme can withstand conspiracy attacks without attaching a secret number. The group’s public key is determined by all members, each member signs a message independently and transmits the individual signature to a designated clerk who checks and integrates them into a group signature. A verifier can authenticate the group signature and track back to find the signers.
Tsen, Jan and Chien [4] forged an attack to demonstrate the insecurity in the methods by Wang [5].They summarized the concepts of the attack and created a new threshold signature system that withstands conspiracy attacks [4].The system is a signer-untraceable method against conspiracy attacks, where required two sets of keys, one depended on the discrete logarithm problem and the other on the dissolution of the large integer problem. Both of which attempted to prevent the system participants from conspiring to obtain the system signature key. In reality, the method disabled to prevent the sub-key holders from conspiring to obtain system secrets, and it thus failed to resist conspiracy attack.
Related to the research of threshold signature cryptosystem, the method of [4] by Jan is briefly described in [3].Besides the attack the way to improve the scheme is examined. Later on many threshold group signature schemes with and without trusted party [1] have been proposed. But many of them face the problems of conspiracy attack or insider forgery attack.
Based on the study of above research an attempt to implement the threshold group signature library is proposed [2].In this paper [2] we have modified the scheme at group signature generation and verification protocol. The scheme [2] is modified by using Shamir’s secret sharing scheme for distributing the hash code among m members. When k or more members among m members comes together we can reconstruct the hash code. Using this hash code the group signature is verified. We are not considering the network delay so the algorithms can be executed on single machine. The scheme consists of (t, n) signing and (k, m) verifying. Till now any outsider could verify the group signature. Here in this scheme any m out of k can verify the message. If less then t and less than k members tries to sign and verify the signature signing and verifying is rejected. It can not only satisfy the properties of threshold group signatures, but also withstand the conspiracy attack. The scheme consists of six protocols:
– KeyGen: the group manager uses KeyGen protocol to generate system parameters and his master key.
– Join: a member runs join protocol, together with the group manager, to obtain a certificate as its group membership.
– Sign: a group member anonymously sign a message following sign protocol.
– Verify: a verifier uses verity protocol to check whether a signature is originated from a member in the group.
– Open: the group manager uses open protocol to find the original signer of a signature.
– Revoke: the group manager uses revoke protocol to exclude a group member.

Read More: Click here...