234 research outputs found

    Some Aggregate ForwardSecure Signature Schemes, In:

    No full text
    Abstract: Ordinary digital signatures have an inherent weakness: if the secret key is leaked, then all signatures, even the ones generated before the leak, are no longer trustworthy. Forward-secure digital signatures address this weakness, they ensure that the past signatures remain secure even if the current secret key is leaked. Following the notion of aggregate signatures introduced by Boneh et al, which provides compression of signatures, we have come up with aggregate signature schemes for ElGamal, DSA and BellareMiner forward-secure signatures. We describe two schemes of aggregation for the Bellare-Miner Scheme. The first is a aggregate signature scheme with aggregation done separately in different time periods.The second is a aggregate signature scheme with aggregation done for a set of time periods. All our schemes can be used for multiple signers. To avoid individual verification of signatures, we propose a method by which the verifier will be able to verify n signatures at a time using a single verification equation. We observe that our method saves approximately 160n modular multiplications when compared to individual signature verification of DSA. Keywords : Aggregate Signature, Forward-Security, Key evolution, Hash function, Digital Signature. I Introduction Aggregate signature schemes were introduced in 2003 by Boneh, Gentry, Lynn and Shacham [6]. Basically, an aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1, . . . , n). The advantage of these signatures is that they provide compression of signatures. In a general signature aggregation scheme each user i signs her message M i to obtain a signature σ i . Then anyone can use a public aggregation algorithm to take all n signatures σ 1 , . . . , σ n and compress them into a single signature σ. Moreover, the aggregation can be performed incrementally. Signatures σ 1 , σ 2 can be aggregated into σ 12 which can then be further aggregated with σ 3 to obtain σ 123 , and so on. Received December 22, 2008 There is also an aggregate verification algorithm that takes P K 1 , . . . , P K n , M 1 , . . . , M n and σ to decide whether the aggregate signature is valid. Thus, an aggregate signature provides non-repudiation at once on many different messages by many users. This is referred to as general aggregation since aggregation can be done by anyone and without the cooperation of the signers. In another type of aggregation called sequential aggregation scheme, signature aggregation can only be done during the signing process. Each signer in turn sequentially adds her signature to the current aggregate. Thus, there is an explicit order imposed on the aggregate signature and the signers must communicate with each other during the aggregation process. Operationally, sequential aggregation works as follows: U ser 1 signs M 1 to obtain σ 1 ; U ser 2 then combines σ 1 and M 2 to obtain σ 2 ; and so on. The final signature σ n binds U ser i to M i for all i = 1, . . . , n. In [6], the concept of an aggregate signature, security models for such signatures, and applications for aggregate signatures are presented. They construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham [6]. In 1554-1010 $ 03.50 Dynamic Publishers, Inc

    Flood perception and mitigation: The role of severity, agency, and experience in the purchase of flood protection, and the communication of flood information

    No full text
    Protection of human life and property from flooding is a strategic priority in the UK. We examine how to encourage home owners to protect themselves and their residences. A model of factors that influence the decision to buy flood protection devices is tested using survey data from 2,109 home owners. The results showed that the majority of respondents have not purchased domestic flood protection (N=1,732; 82.1%). Purchase of flood protection devices was influenced by age; perceived seriousness; and beliefs about, and trust in, the role of regulators in managing flooding. In younger respondents, the perceived seriousness of the dangers of flooding acted as precursors and barriers to action depending on individual sense of responsibility and agency. The second part of the study examined responsiveness to information. Information about flooding alone was insufficient to promote behavioural change, particularly among people who have not experienced a flood or who believe that they are not in a flood zone. Implications for understanding flood protection, managing agency issues, and flood communication campaigns are discussed

    A Probabilistic Public Key Encryption Switching Protocol for Secure Cloud Storage Applications

    No full text
    The high demand for customer-centric applications such as secure cloud storage laid the foundation for the development of user-centric security protocols with multiple security features in recent years. But, the current state-of-art techniques primarily emphasized only one type of security feature i.e., either homomorphism or non-malleability. In order to fill this gap and provide a common platform for both homomorphic and non-malleable cloud applications, we have introduced a new public key based probabilistic encryption switching (i.e., homomorphism to/from non-malleability property switching during the encryption phase without changing the underlying security structure) scheme by introducing a novel Contiguous Chain Bit Pair Encryption (CC-BPE) and Discrete Chain Bit Pair Encryption (DC-BPE) techniques for plaintext bits encryption and using quadratic residuosity based trapdoor function of Freeman et al. [13] for intermediate ciphertext connections. The proposed scheme generates O ( m +2 log N ) bits of ciphertext where m &#8712; N and m < n , n &#8712; N is the plaintext size, N is the RSA composite. This security extension would be helpful to cover both homomorphism and non-malleability cloud applications. The superior performance of the proposed scheme has been tested in comparison to existing methods and is reported in this paper
    corecore