【作者】 龙宇；

【导师】 陈克非；

【作者基本信息】 上海交通大学 ， 计算机系统结构， 2007， 博士

【摘要】 随着计算机网络以及信息技术的飞速发展,为了解决网络系统中的单点故障问题,增强系统抗攻击能力,分布式环境下的安全性越来越受到人们的重视。门限密码体制是解决这类问题的一种最有效和最具潜力的技术。同时,由于分布式环境的复杂性,使得研究工作具有一定的难度和挑战。近几年来,国内外许多学者对于门限密码系统进行了深入研究。然而,就我们所知,对不同公钥密码环境下的门限密码系统的形式化安全性研究尚不够完善。而是否具有形式化的可证安全性,是衡量密码体制是否安全的最重要的标准。因此,开展门限密码体制的形式化研究,不仅对网络安全及信息化建设具有重要意义,而且具有重要的学术价值。本文研究的重点在于通过形式化的方法系统的研究和设计一系列门限密码体制,完善公钥环境下对门限体制的研究。主要研究成果如下:1.从降低密码系统中用户公钥管理代价来考虑,基于身份的门限密码体制的研究非常有意义。然而,目前对基于身份环境下的门限密码体制研究并不充分。因此,我们设计了一系列基于身份的门限解密体制。包括两个可证安全的基于身份的门限解密体制,以及一个能解决基于身份体制下成员动态更新问题的门限解密方案。我们提出的方案在完备的安全模型下具有可证安全性,且特别考虑了分布式环境的灵活性。弥补了已有相关工作中的不足,完善了对基于身份分布式体制的建模及形式化研究。2.无证书密码体制是现代密码学中的一个重要的领域,然而就我们所知,目前仍没有针对无证书环境下分布式系统的专门研究。此外,需要根据分布式环境的特点,尽可能降低通信带宽以及减少分布式运算代价。因此,我们在论文中对无证书门限密码系统进行了形式化定义,提出了一个无证书门限解密体制,以及一个高效的无证书门限密钥封装机制,并在随机预言模型下对方案进行了安全证明。这是针对无证书体制在分布式环境下的首次形式化建模,是将无证书体制与分布式解密相结合的未来工作的基础。3.密钥托管问题是基于身份密码体制的推广瓶颈。但为了平衡用户隐私权和政府对通信的监听权,又需要使用门限密钥托管。目前为止,仍缺乏对门限密钥托管的形式化研究。因此,我们首先提出了一种通用转换,从而解决基于身份密码体制的密钥托管问题。随后,对门限密钥托管进行了形式化定义,并提出了可证安全的具体方案。最后,提出了一个基于圆锥曲线的动态门限密钥托管体制。我们给出的通用方法在一定程度上解决了基于身份的密码体制的应用瓶颈。对门限密钥托管系统所作的安全模型抽象,则是形式化分析门限密钥托管系统安全性的基础。更多还原

【Abstract】 With the rapid development of computer network and information technology, how tosolve the single-point failure in network system and the security problem in distributed sur-roundings has become more and more concerned. The threshold cryptography is one of themost efficient and potential techniques. Meanwhile, the distributed system is far more com-plex than the centralized one, which brings great difficulty and challenge to researchers. Inrecently years, many specialists both at home and abroad have made deep research on thresh-old cryptography. However, as far as we know, the research on threshold cryptography’sformal security is not ideal enough. While, the most important principle in evaluating a cryp-tosystem is whether it can be proved to be secure formally. Therefore, from the viewpointof theory and applications, to research the threshold cryptosystem with formal method is ofgreat importance and plays an important role in network security and academic value.Thereby, our point in this thesis is to study and design threshold cryptography schemessystematically via formalization means,to complete the study on threshold system in publickey setting. Our main achievements are as follows:1. From the point of view of reducing the cost of pubic key management in cryptosys-tem, the study on identity based threshold cryptosystem is significant. However, theresearch on identity based threshold cryptography is insufficient. Thus we design aseries of identity based threshold decryption schemes, including two provable secureidentity based threshold decryption schemes, and a scheme focusing on the dynamicproblem of threshold cryptosystem. Our scheme is provably secure in the full model.Especially, we take the ?exibility of distributed system into consideration. We im-proved the related works and accomplished the modeling and formal study of identitybased distributed cryptosystem.2. Certificateless cryptography is one of the most important topics in modern cryptog-raphy. However, as far as we know, the certificateless threshold cryptography is notyet been studied specifically. Moreover, the bandwidth and the cost of communication need to be minimized in distributed surrounding. Thus, we define the formal model ofcertificateless threshold cryptosystem, and construct a certificateless threshold cryp-tosystem and an efficient certificateless key encapsulation mechanism. We provideprovable security proof in the random oracle model for each of them. We formalizethe study on certificateless cryptosystem in the distributed system for the first time,which lays foundation of the future work.3. Key escrow problem acts as the bottleneck in the application of identity based cryp-tosystem. However, to balance the user’s privacy and the government’s monitoringpower, we need to use the concept of the threshold key escrow. Since the relative studyis established at present, we proposed a generic construction to solve the key escrowproblem in identity based cryptosystem. Then we gave the formal definition of thresh-old key escrow and proposed a fully secure scheme. At last, we designed a dynamicthreshold key escrow system based on conic curve. The general construction solvesthe bottleneck in identity based cryptosystem from some point of view. We abstractedthe security model for threshold key escrow system, and lays foundation for analysingthe threshold key escrow cryptosystem with formalized methods.更多还原