Digital signature schemes are often built based on the difficulty of the discrete logarithm problems, of the problem of factor analysis, of the problem of finding the roots modulo of large primes or a combination of the difficult problems mentioned above. In this paper, we use the new difficult problem, which is to find the _{2}). We use the technique of hiding the signer's public key Y, which is the coefficient λ generated by the group nanager, in the process of forming the group signature and representative collective signature to enhance the privacy of all members of the signing collective.

Digital signatures [

Digital signatures is not only used to authenticate a single signer, but it can also support authentication for a collective, or a group, consisting of many different members. These people work together to create a single signature that represents an entire signing group or a group of signatures. Currently, there are many forms of digital signatures and digital signature schemes, in order to meet many different authentication models, which have been researched, published and applied in practice such as: Single digital signatures, group digital signatures [

The group signature is a signature representing a signing group, the signature formation is controlled by the group manager, the group manager's public key is used to verify the validity of the group signature of the signing group. The collective signature is a signature that represents a signing collective, signature formation is done by all members of the collective, the public key is used to check the validity of the collective signature is formed the public key of all members who participated in creating the signature. A collective signature on document M is considered valid when it is formed by the participation of all members of that signing collective. Representative collective signatures is a new form of collective signature, we rely on the advantages of the group signature scheme and the collective signature scheme to develop the representative collective signature scheme.

A representative collective signature [

The problem of finding modulo roots in finite fields is a new difficult problem, introduced by Nikolay A. Moldovyan in [

The key pair of the signer in the case of

In this paper, we use the difficult problem of finding roots modulo in a finite ground field, with a prime modulo

In this part, we use the problem of finding roots modulo in the finite ground field, with modulo p with the structure

Assume there is a collective of

The collective public key used in the verification of the collective signature is calculated by the formula

The process of checking the validity of a collective signature is the same as that of an individual signature [

Includes the following stages:

Each i-

Generate pairs of random numbers

Calculate the value of

Send

A certain signer, or all, in the signing collective does:

Calculate the value

R acts as the general random component of the signing collective with the contribution of the random components

Calculate the value

Send

Each i-th signer goes on to:

Calculate their share signature component

Send

A certain signer, or all, in the signing collective does the final job: Calculate the second component

So the triple value

To check the validity of the signature received with the document M, the verifier performs the following steps:

Calculate the value of the collective public key

Calculate the value of

Calculate the value of

Compare

To prove the correctness of this scheme, we need to prove the existence of the test expression

Conspicuously, the test expression

Indeed:

Thus, the test expression

Assume there is a group of

The group public key used in the verification of the group signature is calculated by the formula

The process of checking the validity of a group signature is the same as that of an individual signature [

Includes the following steps:

The GM does the following:

Calculate the hash value of the document M using the formula:

Calculate mask coefficients

Send

Calculate the first component of the group signature

Each i-

Randomly generate pairs of numbers

Send the

The GM continues to make:

Generates a random value pair

Send the value of

Each signer

Calculate the shared signature component of

Send the value

The GM does the final work:

Check the correctness of the shared signature

If all pairs of numbers

Calculate the third component

So the set of values

To check the validity of the signature received with the document M, the verifier performs the following steps:

Calculate the value of the group public key

Calculate the value of

Calculate the value of

Compare the value of

To prove the correctness of this scheme, we only need to prove the existence of the check expression

Conspicuously, the test expression

We have:

Because of

So the expression

In this section, we use the collective digital signature scheme and the group signature scheme described in Section 2 as the basis schemes to build two types of the proposed collective signature scheme: i) The collective digital signature scheme for many signing groups; and ii) The collective digital signature scheme for many signing groups and many individual signers.

This section uses the two schemes just described above as the basis to build a representative collective signature scheme, the first type: The collective signature for many

This scheme allows the creation of a collective signature on the document M which represents a signing collective with

The input parameters, public keys, and private keys are selected, calculated as the base schemes above. The following are the procedures of the scheme:

Each GM in the signing collective does the following:

Calculate mask coefficients

Calculate the value of the component

Calculate the random component

Send

A certain GM in the singing collective, or all, computes the values of the

and

Each GM in the signing collective continues to do:

Calculate the shared signature

with

Send

A certain GM in the signing collective, or all, does the following:

Check the correctness of the shared signature

If all

So set of values

To check the validity of the signature received with the document M, the verifier performs the following steps:

Calculate the collective public key of the signing collective

Calculate the value of the random component

Calculate the value of

Compare

The precision of this representative collective signature scheme is shown through: i) The existence of a shared signature verification formula

Prove the correctness of the shared signature check formula:

It is easy to see that the formula for checking shared signature

Proof of correctness of the signature check procedure:

Conspicuously, the signature check expression

We have:

Because of

So the expression

From (a) and (b): The correctness of the RCS.01-3 scheme is guaranteed.

This section uses the two schemes just described above as a basis to build a representative collective signature scheme, the second type: The collective signatures for many

This scheme allows the creation of a collective signature on document M that represents a signing collective with m individual signers and

The input parameters, public keys, and private keys are selected, calculated as the base schemes above. The following are the procedures of the scheme:

Includes the following steps:

Each GM in the signing collective does the following:

Generate mask coefficient

(

Calculate the value of the component

Calculate the random parameter

Send

Each individual who signs the j-

Choose 2 random numbers

Send the value

A GM or a certain individual signing in the collective calculates the values of

Each GM in the signing collective continues to do:

Calculate the shared component

with

Send

Each individual signer in the signing collective continues to do:

(the j-^{th}

Calculate the share component

Send

A GM or an individual in the signing collective doing:

Check the validity of each

with

and

If all are satisfied: The third component of the group signature will be calculated according to the formulas:

So the set of values

Calculate the collective public key of the signing collective according to the formula:

Calculate the value of the random parameter

Calculate

Compare

The precision of this representative collective signature scheme is shown through: i) The existence of a formula to check the shared signature

The correctness of the formula to check the shared signature of each group leader:

It is easy to see that the formula for checking shared signature

The correctness of the formula to check the shared signature per signer:

It is easy to see that the formula for checking the shared signature

The correctness of the representative collective signature check procedure:

Conspicuously, the signature check expression

We see:

So the expression

The group signature scheme we described in Section 2.2 has the following security advantages:

As the scheme is based on the properties of the prime modulo root problem in a finite field, it inherits the safety level of this difficult problem. The attack resistance of the GDS-2 scheme is completely similar to the basic scheme described by Nikolay A. Moldovyan in [

The public key of all signers, including the group manager, is “masked” by the mask parameter λ. The attacker will not be able to determine who in the signing group participated in the signing to form the group signature.

The U component of the group signature contains information about all members of a signing group who took part in forming the group signature for this signing group. Consequently, when there is a dispute about the group signature, the group leader will be able to identify the signer easily later and resist the “disclaimer”.

There is no need to exchange or share security values, private keys, or secret keys between members of a signing group or between members of a signing group with the manager. Therefore, the Internet environment is sufficient to implement this scheme. In addition, the scheme is also easy to deploy on top of existing PKI (Public Key Infrastructure) systems [

As shown in the 5th step of the signature generation procedure, a group manager only proceeds when he or she believes or has verified that all signatures participating in creating the collective signature are valid. The operation generates the final component (

The representative collective signature schemes built in this paper use the CDS-2 collective signature scheme and the GDS-2 group signature scheme as the basic scheme, so it also has the advantages of security and resistance to attacks like these schemes.

We evaluate the computational performance of the proposed representative collective signature schemes by calculating the time cost that the scheme takes for the signature generation process (Signature generation procedure) and the need for the signature verification process (Signature verification procedure). The time costs of representative collective signature schemes proposed in this paper are shown in

The scheme | Time for the signature generation | Time for the signature verification |
---|---|---|

RCS.01-3 | ||

RCS.02-3 | ||

Notations:

According to [

Information from

The representative collective signature is a new form of collective digital signature, it was proposed by us in 2019 and has been built on many difficult problems and/or different digital signature standards. The research results of this paper show that the proposed scheme can be built on a customized form of a new difficult problem, the problem of finding roots modulo in a finite ground field, with a two-component private key. This proves that the availability of a representative collective signature scheme is very high.

The signature generation procedure in the proposed representative collective signature scheme shows that it has all the security advantages of the collective signature generation procedure and the group signature generation procedure. This is one of the advantages of the representative collective signature schemes proposed by us.

The basic requirement for multi-signature schemes is to record the information of everyone who participated in creating the signature of the group or the collective. This information is needed for the identification of the signer and against the signer's “disclaimer of responsibility” in the future. The group signature schemes and the representative collective signature schemes built here have met this requirement, the signer information is contained in the first component of the signature, the U component. The algorithm to identify the signer from the information contained in the U has been described in [

The use of the U-component of the representative collective signature is necessary, but this increases the signature size. This is considered a limitation of the proposed scheme. We have proposed and built a two-component representative collective signature scheme, but we can only implement the scheme based on discrete logarithm problems. We are working to build this improved scheme based on the problem of finding roots modulo large primes.

Thus, in this paper, we build a collective signature scheme and a group signature scheme using the single digital signature protocol described in [

The two signature schemes described above can then be used as the basis for building two different types of collective signature schemes: i) The collective digital signature scheme for many signing groups; and ii) The collective digital signature scheme for many signing groups and many individual signers. These two schemes fully inherit the attack resistance of the single signature scheme in [

In this paper, we analyze and evaluate the proposed schemes based on their security benefits and computational performance. In the future, the design of a collective signature scheme will be based on the computational difficulty of finding roots modulo on the elliptic curve.