【作者】 黄振杰；

【导师】 王育民；

【作者基本信息】 西安电子科技大学 ， 密码学， 2005， 博士

【摘要】 信息安全是信息社会急需解决的最重要问题之一, 它已成为信息科学领域的一个重要的新兴学科. 数字签名技术是提供认证性、完整性和不可否认性的重要技术, 因而是信息安全的核心技术之一, 是安全电子商务和安全电子政务的关键技术之一. 随着对数字签名研究的不断深入, 随着电子商务、电子政务的快速发展, 简单模拟手写签名的一般数字签名已不能完全满足需要, 研究具有特殊性质的数字签名成为数字签名的主要研究方向. 本文主要讨论基于身份的签名、(部分)盲签名、不可传递签名、群签名等4种具有特殊性质的数字签名, 也涉及了多重签名. 本文的主要成果有: 1. 从验证方程入手较全面地讨论了基于双线性对的基于身份的数字签名方案的构造方法, 构造出14 个基于双线性对的基于身份的签名方案, 然后对它们进行效率上的优化, 得到在效率上和签名长度都有显著改进的7 个高效方案和7 个Schnorr 型方案. 讨论了这3 类方案的安全性, 证明了其中12 个方案在随机预言机模型下抗适应性选择消息存在伪造攻击和身份攻击. 2. 从盲化函数的代数形式入手给出盲化函数的构造方法, 完整地解决了基于离散对数数字签名的盲化问题, 对可盲化的情况给出统一的最一般的盲化方案, 对不可盲化的情况证明其不可盲化. 我们的一般盲化方案引入了3 个参数, 这3 个参数中只要有2 个是独立随机的就可以保证盲性, 现有的所有基于离散对数数字签名的盲化方案都只有2 个随机参数, 它们都可以由我们的盲化方法得到. 我们还证明ElGamal 签名和DSA 签名方案都是不可盲化的, 从而否定性地解决了长期没有解决的这两个方案的盲化问题. 3. 讨论基于身份数字签名的一般性盲化方法, 给出本文所提出的基于双线性对的基于身份签名方案的盲化方案, 得到70 多个基于身份的盲签名方案, 效率分析表明其中有40 多个方案都比目前仅有的2 个基于双线性对的基于身份的盲签名方案高效, 其中最优方案的计算量还不到已有方案的一半. 4. 提出一个基于双线性对的基于身份的部分盲签名方案, 并证明其在CDHP困难性假设下是不可伪造的(非并行攻击下). 5. 对一个指名签名方案和一个指名代理签名方案进行分析, 指出这两个方案都不具有指名性质. 将指名签名的概念扩展成可转换指名签名, 给出其正式定义, 并提出2 个可转换指名签名方案, 还基于本文的指名签名方案提出可转换指名代理签名方案. 6. 提出可转换不可传递部分盲签名的概念, 并给出一个(非并行攻击下)可证更多还原

【Abstract】 Information security is one of the most important problems in modern information society and becomes a new important subject in the information science. Digital signature, which can prove authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a very important role in E-commerce and E-governance. As the deepening of digital signature research and the rapid development of E-commerce and E-governance, the standard signature, which is a simple simulacrum of handwritten signature, can not still meet the need in practice, thus making research on the digital signatures with additional properties becomes a main research direction in digital signature. In this thesis, we discuss some digital signatures with additional properties, including identity-based (simply ID-based) signature, (partially) blind signature, untransferable signature, group signature and multi-signature. The main contributions are as follows. We discuss the construct method of ID-based signatures from bilinear pairings by detailed analyzing their verification equations, thus propose fourteen ID-based signature schemes. After optimizing those schemes in efficiency, we present seven efficient ID-based signature schemes and seven Schnorr-type ID-based signature schemes with a distinct improvement both in computation efficiency and in the length of signatures. We also discuss the security of the proposed schemes and prove twelve schemes can against existential forgery on adaptively chosen message and ID attack under the random oracle model. We present a general method to construct blinding functions of discrete-logarithm-based (simply DL-based ) blind signature schemes by analyzing the algebraic form of blinding function, thus solve the problem of blinding DL-based signature schemes completely. We give a general blinding technique for the blindable schemes to obtain their corresponding blind signature schemes while give a proof for the case of unblindable. All DL-based blind signature schemes available can be obtained by our general blinding technique. We discuss the general blinding technique for ID-based signatures from bilinear pairings and propose more than seventy ID-based blind signature schemes. Efficiency analysis shows that more than forty of our schemes are more efficient than two available ID-based blind signature from bilinear pairings schemes. We also propose an ID-based partially blind signature from bilinear pairings scheme and prove it can against existential forgery on adaptively chosen message and ID attack under the random oracle model (non parallel attack). We show that a nominative signature and a nominative proxy signature are not nominative. Then we extend the concept of nominative signature to the convertible nominative signature, in which the nominee can convert given nominative signatures into universally verifiable signatures. We give a formal definition for it and propose two convertible nominative signature schemes and a convertible nominative proxy signature scheme based on our nominative signature scheme. We introduce a new concept of convertible untransferable partially blind signature, in which only the designated verifier(s) can verify and confirm the validity of given signatures and convert given signatures into universally verifiable signatures, along with a formal definition for it and a provably secure scheme that implements it. The proposed scheme has an advantage that it can issue convertible undeniable partially blind signatures, convertible directed partially blind signatures, convertible designated confirmer partially blind signatures, convertible nominative partially blind signatures, and universally verifiable partially blind signatures using the same signature issuing protocol. We also propose a convertible user designating confirmer partially blind signature scheme, a convertible undeniable partially blind signature scheme, a convertible directed partially blind signature scheme, and a convertible nominative partially blind signature scheme. We improve the Camenisch’s group signature scheme by improving the 1-out-of-n signature of knowledge used in the scheme. As a result, the lengths of the signatures of the improvement is about a half that of the original. Then we show that a member deletion scheme of group signature cannot delete any group member and propose a forward-secure member deletion scheme using the Public-Key State List and the Trusted Timestamp. Thus the improper view that Certificate Revocation List approach is unsuitable for group signatures is corrected. We also introduce a new concept of the authorized group signature and propose an authorized group signature scheme to implement it. We propose a multi-signature scheme, which allows mixture use of DL and RSA-type keys. Based on the proposed multi-signature scheme, we propose an anonymous threshold subliminal channel scheme, in which the subliminal message sender is indistinguishable.更多还原