JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES, VOLUME 3, ISSUE 1, JANUARY 2013 6

Blind Signature Scheme Based on the Matrix Conjugation

Maheswara Rao Valluri
ABSTRACT- A blind signature scheme is a cryptographic protocol to obtain a valid signature for a message from a signer, such that signer does not see the message being signed and does not learn any information on the signature being produced. In this paper, we propose a blind signature scheme based on the difficulty of solving conjugate search problem over group of matrices. The security of the proposed scheme relies upon the conjugate search problem in the platform group of matrices. The platform group we suggest here as in [7] is the group of 33 matrices over truncated multivariable polynomial over a ring. KEYWORDS - Blind signature, Conjugates search problem, Truncated Polynomials, and Security

u There are many blind signature schemes have been proposed. Recently, many researchers The concept of blind signature was introduced by David Chaum in 1982 [3]. Blind signatures are proposed a variety of blind signature schemes [9],[10],[14]. The most widely used blind the basic tools in digital cash payment systems signature schemes are: RSA blind signature [5] and electronic voting systems [2]. For schemes [3], ElGamal signature scheme [11], and instance, in digital cash payment systems, using Schnorr Blind signature scheme [6]. RSA blind a blind signature scheme a requester can obtain from a bank a digital coin, that is a token signature scheme security is based on the problem of integer factorization, while ElGamal properly signed by the bank. The goal of blind and Schnorr blind signature schemes are based signature scheme is to enable a requester to on the problem of discrete logarithm. obtain a signature from a signer such that the In 2000, Ko et al [12] proposed a new signer does not learn information about the message it signed and the requester cannot public key cryptosystem on braid groups based on the difficulty of solving conjugate search obtain more than one valid signature after one problem. This enable the author of [10] to interaction with the signer. propose a blind signature scheme based on The blind signature schemes must meet conjugate search problem over braid groups. In the following requirements, namely, correctness, blindness, unforgeability and untraceability [7], an authentication protocol has been proposed using conjugate search problem on [3],[14],[16]: semi group of matrices over a commutative ring. Correctness: the correctness of the signature of a In this paper, we propose a blind signature message signed through the signature scheme scheme based on the difficulty of solving can be checked by anyone using signers public key. conjugate search problem over group of matrices. Blindness: the content of the message should be The rest of the paper is organized as blinded to the signature; the signer of the blind follows: in section 2, we discuss the conjugate signature should not see the content of the search problems over group of matrices. In message. Unforgeability: only the signer can give a valid section 3, we propose a blind signature scheme based on the difficulty of solving conjugate signature for the associated message. search problem over group of matrices. In Untraceability: the signer of the blind signature section 4, we suggest a platform group of 33 is unable to link the message-signature pair even matrices over truncated multivariable when the signature has been revealed to the public. polynomial over a ring. Finally, section 5 describes concluding remarks. Maheswara Rao Valluri is with the School of Mathematical and Computing Sciences, Fiji National University, Fiji

1 INTRODUCTION

Island, P.O.Box:7222.

2 CONJUGATE SEARCH PROBLEMS GROUP OF MATRICES

2013 JICT www.jict.co.uk

OVER

JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES, VOLUME 3, ISSUE 1, JANUARY 2013 7

In this section, we discuss some mathematically complicated problems related to conjugacy. For more information on conjugate search problems, kindly refer to [12]. In a group G of matrices, two matrices Y, Z are conjugate, written Y~Z if Z for X Here X or is called a conjugator. Over a group G of matrices, we can define the following cryptographic problems which are related to conjugacy. - Conjugacy Decision Problem (CDP): Given , find Y and Z are conjugate or not such that -Conjugacy Search Problem (CSP): Given , find X such that Z -Generalized Conjugacy Search Problem (GCSP): Given (Y, Z) , find X such that -Conjugacy Decomposition problem (CDP1): Given (Y, Z) , and S find X1, X2 such that Z = X1YX2. At present, there is no clue to recovering X from and Y on group G of matrices. i.e. there is no existing probabilistic polynomial time algorithm which can solve CSP problem over group G of matrices with non-negligible accuracy with respect to problem scale.

Signing: The signer signs this message, resulting in sign ((blind (m, b), r), where r is signers private key. Unblinding: The requester then unblinds the message using b, results in unblind (sign (blind (m, b), r), b). Signature Verification: Anyone can use the signers public key to verify whether the signature is authentic or not. This concept is widely used in electronic voting systems and electronic payment systems.

3 BLIND SIGNATURE SCHEME

The blind signature scheme is an extension of the digital signature scheme as one of the application of public key cryptosystems. The signer signs the requester's message and knows nothing about it; moreover, no one knows about the correspondence of the message-signature pair except the requester. The blind signature could protect people's privacy in the network transaction and could meet the following requirements, namely, correctness, blindness, unforgeability, and untraceability [3 ], [14], [16].

3.1 The concept of blind signature Scheme: David Chaum was first scholar to propose the concept of the blind signature scheme in 1982[3]. The blind signature scheme is a method, which guarantees the anonymity of the participants. A short illustration of blind signature is described in the following [3]: Blinding: The requester blinds the message m, with a random number b. This results in blind (m, b).

3.2 Proposed Blind Signature Scheme: In this subsection, we propose blind signature in which there are three participants, namely, the requester, the signer and the verifier; and five phases, namely, key generation, blinding, signing, un blinding and verification. The security of the scheme relies on intractability of conjugate search problems over group G of matrices. The details of the proposed scheme are described in the following. Protocol: Let be a cryptographic hash function which maps {0, 1} to the message space G. Key Generation: The signer chooses a 33 matrix and randomly another 33 matrix and then computes , where P is a prime. The signer publishes ) as the public key, keeps as the private key. Blinding: The requester has a message m and wants to have it signed by the signer. First, the requester chooses randomly a matrix and then blinds the value and m {0, 1} with the blind equation . After the blinding, the requester sends T to the signer. Signing: When the signer receives matrix T, the signer computes . The signer then sends matrix to the requester. Unblinding: After receiving from the signer, the requester computes and obtains the message signature (m, S).The requester can then send the message signature pair (m, S) to the verifier. Verification: After receiving the message signature pair (m, S), the verifier can verify the legitimacy of the signature by checking Trace = Trace .

4 SECURITY ANALYSIS
In general, the blind signature should meet the four requirements, namely, correctness,

2013 JICT www.jict.co.uk

JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES, VOLUME 3, ISSUE 1, JANUARY 2013 8

blindness, unforgeability and untraceability. In this section, it examines the requirements of the proposed blind signature scheme.

4.1 Correctness: In the unblinding of our proposed scheme, the requester can derive the signature by computing 4.2 Blindness: Blindness is an important property in a blind signature. It means that the signer can sign a document without knowing what the document contains. In the proposed blind signature scheme, the requester picks a conjugator K to compute the blind message .Thus; the signer could not know the content of the message m in this blind signature scheme. 4.3 Unforgeability: The security of the proposed scheme relies on intractability of the conjuagate search problem over group G. It is hard to find a valid signature S on any message m to pass the verification Trace (S) = Trace 4.4 Untraceability: Untraceability is also an important requirement in the blind signature scheme. The signer is unable to link the signature with message when publishing the message-signature pair (m, S). Since the security of the proposed scheme is based on difficulty of solving the conjugate search problem, no one can forge a valid signature pair S on message m to pass the verification,Trace(S)=Trace

This means that there is an additional parameters d specifying the maximum number of non-zero coefficient in polynomials randomly generated by the requester or the singer. The number of different monomials of degree N in k-variable is M(N, k) = ( . This number grows exponentially in k (assuming that N is greater than k). The number of different collections of d monomials (with non-zero coefficients) of degree < N is more than ( , which grows exponentially in both d and k. If we denote the security parameters by t, we suggest that the number M (N, k) = ( is at least t. At the same, neither N nor k should exceed t. 5.1 Generating matrices: Since the matrices B and do not have to be invertible, they are easy to generate. For efficiency reasons, we require that each entry is a -truncated k- variable polynomial , which is generated the obvious way. Namely, one first chooses random monomials of degree at most N-1, then randomly chooses non-zero coefficients from for these monomials. An invertible matrix A can be generated as a random product of elementary matrices. A square matrix is called elementary, if it differs from the identity matrix by exactly one non-zero element outside the diagonal. This single non- zero element is generated as described in the previous paragraph. Denoted by the elementary matrix that has in the the place, . We noted that multiplying elementary matrices may result in the number of non-zero coefficient in some of the entries growing exponentially in . More precisely, when we multiply by , the result is , and the polynomial is no longer d- spare , but -spare. However, this phenomenon is limited to products of elementary matrices of the form , and the expected maximum length of such matching chain in a product of elementary matrices is . We

5 The Suggested Platform

In this section, we suggest a platform for proposed scheme as in [7], the set G is the group of all 33 matrices over R, the ring of truncated k-variable polynomials over the ring . Truncated (more precisely, N-truncated) k-variable polynomial over are elements of the factor algebras of the algebra of k-variable polynomials over by the ideal generated by all monomials of degree N. In other words, N-truncated k-variable polynomials are expressions of the form , where are elements of , and are variables. To make computation efficient for legitimate parties, we suggest to use spare polynomials as entries in participating matrices.

therefore require that where t is the security parameters. 5.2 Generating an endomorphism: In the proposed scheme, the signer or the requester has to generate a random non-invertible

2013 JICT www.jict.co.uk

JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES, VOLUME 3, ISSUE 1, JANUARY 2013 9

endomorphism

of the group G of matrices

[7]

over N-truncated K-variable polynomial Such an endomorphism is going to be naturally induced by an endomorphism of the group of N-truncated k-variables over . The latter endomorphism can be constructed as follows: , where are random spare N-truncated k-variable polynomials over with zero constant term, which actually depend on ( ) variable only ,i.e., variables are missing, where the parameter is specified in the following subsection. The zero constant term condition is needed for to actually be an endomorphism. i.e., to keep invariant the ideal generated by all monomials of degree N. For efficiency reasons, it makes sense to have the polynomials - spare. 5.3 Key size and key space: The conclusion in this subsection, we point out that the size of a random matrix is our scenario is . The size of an invertible matrix A is roughly (d . The size of the key space for the private key is roughly,

7 Conclusion
In this paper, we have proposed a blind signature scheme based on matrix conjugate search problems over groups. The proposed blind signature scheme can meet the requirements, namely, correctness, blindness, unforgeability, and untraceability. The security of the given scheme depends upon the intractability of the conjugate search problems.

Dima Grigoriev and Vladimir Shpilrain, Authentication from Matrix Conjugation, Groups, Complexity, and Cryptology 1, 199206,2009. [8] E.J.Borowski and J.M.Borwein, The Harper Collins Dictionary of Mathematics, Harper Collins Publishers, New York, 1991. [9] Fuh-Gwo Jeng,Tzen-Long Chem and Tzer-Shyong Chen,An ECC-Based Blind Signature Scheme, Journal of Networks,Vol5,No8, 2010. [10] G.K.Verma,Blind Signature Schemes over Braid groups,http://eprint.iacr.org/2008/027. [11] J.L.Carmenisch,J.M.Piveteau and M.A.Stadler, Blind signature based on the discrete logarithm problemEUROCRYPT94,Perugia,Italy,1994. [12] K.H.Ko,D.H. Choi,M.S.Cho and J.W.Lee, "New signature schemes using conjugacy problem", Cryptographic e-print archive, Report 2002/168, 1.2,3.1,3.3. [13] M.S.Hwang,C.C.Lee and Y.C.Lai,Anuntraceable blind signature scheme, IEICE Trans. Fundam Electron Commun. Comput.Sci.(Inst.Electron Inf. Common.Eng.),vol.E86-A,no.7,pp.1902-1906, 2003. [14] Markus Ruckert,Lattice-based Blind signatures, http://eprint.iacr.org/2008/322. [15] Zuhua Shao, Improved user efficient blind signatures, Electronics Letters, Vol.36, no.16, pp.1372- 1374, 2000. Author: Maheswara Rao Valluri received the M.Sc., M.Phil., Ph.D. from Sri Krishnadevaraya University, Anantapur, A.P., India. Currently he is working as an Assistant Professor, School of Mathematical and Computing Sciences, Fiji National University, Fiji. His field of interest includes Cryptography, and Algebra. He is a member in International Cryptology Research Association (ICRA) and life member in Cryptology Research Society of India (CRSI), Andhra Pradesh Society of Mathematical Sciences (APSMS), and Ramanujan Mathematical Society (RMS), India.

REFERENCES
[1] C.I.Fan, W.K.Chen and Y.S.Yeh,Randomization enhanced chaums blind signature scheme,Computer Communications, vol.23,no.11,pp.1677-1680, 2000. D.Chaum,Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, Vol .24,No:2, PP:84-88,1981. D.Chaum,Blind signatures for untraceable payment, Advances in cryptology CRYPTO 82, Lect. Notes computer Science, (Spring- Verlog),pp.199- 203,1982. D.Chaum, Blind Signature Systems, U.S,.patent 4, 59, 063,1988. D.Chaum, A.Fiat and M. Naor,Untraceable electronic cash, Proc.on Adavnces in Cryptography, Santa Barbara, CA, pp 319-327,1990. David Pointcheval&Jaques Stern,Provably Secure Blind Signature Schemes, Advances in cryptology- Proceeding of ASIACRYPT,96,M.Y.Rhee and K.Kim Eds. Springer-Verlag,LNCS 1163,pages 252-265,1996.

[2]

[3]

[4] [5]

[6]

2013 JICT www.jict.co.uk