A New Fail-Stop Group Signature over Elliptic Curves Secure against Computationally Unbounded Adversary

in A New Fail-Stop Group Signature over


INTRODUCTION
Nowadays, organizations are using e-documents instead of using paper documents. Paper-less work helps to maintain green environment. Due to use of electronic documents, digital signature's importance has been increased that ensures validity, authenticity and integrity of e-documents. Potential uses of Digital signature's technology introduced a technique called Group Signature in which only authorized group members can sign on behalf of whole group.
Receiver can verify its validity and if necessary, actual signer's identity could be revealed. David Cham firstly introduced the concept of GSS [15] in 1991. GSS can be used in many applications like electronic voting and electronic auctions etc. In the journey GSS, a lot of GSS [7][8][9][10] have been proposed in the literature. Ling et al. [7] proposed a new GSS by combining the properties of [9] and security features in [10]. In this proposal they made possible the revocation of group members efficiently as well as dynamic registration. Having inspired by Ling et al. [7], Sun et. al. proposed the first full dynamic GSS over ring [8]. They used the concept of Markel hash tree.
Besides these literatures, there is always a new thought in new direction that makes research more interesting. Literature tells us that security level of digital signatures could be enhanced if there is an algorithm to prove that signature has actually been forged. To meet this requirement, there is another type of digital signature called "Fail Stop digital Signature scheme" (FSSS) [16].
In an electronic cash payment system, customer can use FSS while signing for money with-drawl. In this setting, customer need not worry about the unbounded powered bank. A secure FSS scheme has at-least two security requirements [1]: FSS is secure against an adversary which has unbounded power computationally. (ii) If security assumption based on mathematical equation has been broken, actual signer can prove that forged signature has been produced by an unbounded adversary.
Combining the features of GSS and FSSS, "Fail Stop Group Signature scheme" (FSGSS) has been proposed in the literature. Main goal of the FSGSS is to stop the repetition of signing key after the discovery of a forgery attack. Motivated by these features, we have raised one real-world scenario namely "Forgery done by Computationally Unbounded Adversary" discussed in Application section. Recently, blockchain technology has been widely used for verification of the original signature. Smart cards have been used in calculation of signature recognition and certificates which prevents the joint attack. ''In Block-chain technology newly added signature node does not require center approval. It requires only the approval of the majority node [6]. However, the GS scheme, based on block-chain, requires heavy calculation and is more Website: www.ijeer.forexjournal.co.in A New Fail-Stop Group Signature over Elliptic Curves Secure against expensive to implement. We noticed that several limitations and improvements are required to make existing schemes practically efficient and allowing less key sizes. Motivated by above, We propose an Efficient FSGSS based on ECDLP.
Our proposed scheme is the first ever FSGSS whose security is based on ECDLP. It uses mathematics of elliptic curves given in section 2 that makes it much more efficient due to less key sizes [11][12].
LAYOUT: In section 2, mathematical foundation is given. Our proposed FSGSS is given in `Section 3`. Security issues of our FSGSS are demonstrated in`Section 4`. Section 5 presents a detailed explanation of application related to FSGSS. At the end Section 6 concludes our proposed scheme with some future directions.

Basics/Brief of Elliptic Curve Group (Tiwari et.al. [13])
Consider a prime field , the symbol ' ' means an elliptic curve over a prime finite field s.t, , and The collection of points of with an extra point (point at infinity) Make a group .
Let G be the cyclic subgroup of under point addition . Let P be the generator of order n of group G. Readers can refer [13] for more details.

Complexity assumption
Given such that xP Q  "For any Q and generator P in elliptic curve group, to find x is assumed to be computationally intractable in polynomial time." This mathematical problem is known as ECDLP.

░ 3. PROPOSED SCHEME
Let is signer's group. Any group member Pi can make signature on behalf of whole group, where P0 is group manager (GM).

KGC (Key Generating Center)
(1) KGC picks an elliptic curve such that n = order of elliptic curve group Eq(x; y) over finite field Fq.
(2) Chooses a point P in Eq(x; y) and d in Zn* calculates Q = dP, publishes Here are hash functions.
Note: If n is not prime in above random selection of elliptic curve, discard the curve and repeat the process. Readers can refer for detail [14].

Key extract
This algorithm is conversation between group manager and group members.
Suppose Pi wishes to be an authorized group member, then (a) Pi sends IDi to P0.
(b) P0 computes ski = x Qi mod n, where Qi = xH (IDi) and sends ski to Pi via secure channel.

Signing algorithm
Message owner request for signature on message M, Pi computes

Verification algorithm
Recipient can verify the signature the signature ) , , ( In addition our proposed FSGSS satisfies all of the following security concerns: (1) CORRECTNESS: FSGSS using Signing Algorithm passes Verification algorithm as follows:  Only GM knows ski, therefore he is the only person who can determine the actual signer on given message M.

░ 5. APPLICATION
Let us consider the recruitment scenario in an organization. Vice Chancellor (VC) of university has unbounded Powers. Suppose he constitute a committee so that any committee member can put sign on documents on behalf of whole committee. Now if VC wants to forge a signature for his own interest, then he can do so because of unbounded computational power. Now both the signatures (signature by pre-assumed signer and by VC) passes verification process. So it is very difficult to find out whether pre-assumed signer has signed the document or VC has forged the signature. In digital world, FSGSS is the solution of this problem. In the setting of FSGSS, pre-assumed signer can give the proof of forgery.
So signature process can be stopped. That's why it is also known as FSGSS. Advantage of FSGSS is that if a computationally unbounded adversary forges a signature then proof of forgery shows that ECDLP is solved and so process must be stopped.

░ 6. CONCLUSION
We propose the first FSGSS based on ECDLP, which is more efficient and secure due to use of Elliptic Curves and can be practically used in the situations if there is a need to hide identity of signers who can sign on behalf of Group. Our proposed scheme provides security to the actual signer against computationally unbounded adversary. It can also be used in Block-chain applications. In future, we will define a formal security model and will prove security against "adaptive chosen message attack in random oracle model". In addition, we are planning to propose its implementation/experiments in organizations.