【作者】 禹勇；

【导师】 杨波；

【作者基本信息】 西安电子科技大学 ， 密码学， 2008， 博士

【摘要】 信息安全是信息社会亟需解决的重要问题之一,它已经成为信息科学领域一个重要的新兴学科。数字签名技术可以提供认证性、完整性和不可否认性,是信息安全的核心技术之一,也是安全电子商务的关键技术之一。数字签密能够在一个合理的逻辑步骤内同时完成数字签名和公钥加密两项功能,而其计算量和通信代价都要低于传统的“先签名后加密”,因而它是实现既保密又认证地传输消息的一种理想方法。本文研究了具有特殊应用的几种数字签名和签密方案,主要包括以下几个方面:1.提出了一个在标准模型下可证安全的指定验证人代理签名方案,首先给出了形式化定义,规范了安全模型,然后描述提出的方案,最后给出了其安全性证明。现有方案的安全性要么只给出了简单的安全性分析,要么给出了在随机预言机模型下的安全性证明,提出的方案的安全性证明利用了Waters加密方案的证明技巧,其安全性证明不需要借助随机预言机模型,在标准模型下就可以完成。2.研究了代理方案中代理权的快速撤销问题,提出了三个具有快速撤销功能的代理方案,包括两个代理签名方案和一个代理签密方案。第一个方案基于BLS短签名,利用(2,2)门限思想,引入一个安全中介SEM,其主要作用是监督代理签名人是否按照委托书的规定进行代理签名,检查代理签名人的签名权利是否被撤销。在该方案中,代理签名人只有与SEM合作才能生成有效的签名,使得方案具有快速撤销代理权的功能。第二个方案是在基于身份的代理签名中引入安全中介SEM。首先提出了一个基于身份的(t,n)门限签名并分析了其安全性,在此基础上,构造了一个基于身份的中介代理签名方案,该方案也具备快速撤销代理权的功能。第三个方案是在基于身份的代理签密中引入安全中介SEM,提出了一个基于身份的可快速撤销代理权的代理签密方案,方案的设计基于Libert和Quisquater的签密。3.研究了代理签名中代理签名人的隐私保护问题,将代理签名和环签名相结合,提出了两个代理环签名方案。第一个方案的构造利用了BLS短签名,规范了代理环签名的安全模型并在随机预言机模型下给出了安全性证明。第二个方案的构造利用了Chow的基于身份的环签名算法,在随机预言机模型下利用环签名分叉引理证明了其不可伪造性依赖于CDH问题。与现有方案相比,这两个方案具有更高的计算效率。4.基于Waters加密,提出了一个新的基于身份的签密方案,该方案的安全性证明不需要借助随机预言机模型,在标准模型下证明了其语义安全性和不可伪造性,方案的语义安全性基于判定性双线性Diffie-Hellman问题的困难性,不可伪造性依赖于计算性Diffie-Hellman假设.就我们所知,这是第一个在标准模型下可证安全的基于身份的签密方案。5.研究了基于身份的多接收人的数字签密,提出了一个具体的方案,并在随机预言机模型下证明了其安全性。在该方案中,为n个不同的接收人签密一个消息只需要一次双线性对运算,与现有方案和使用一个签密方案进行n次签密运算相比,提出的方案具有更高的计算效率。更多还原

【Abstract】 Information security is one of the important problems in modern information society and is becoming a new and important subject in information science. Digital signature, which can provide authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a crucial role in electronic commerce. Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overheads than the signature-then-encryption approach. Signcryption provides a good approach to transmit messages when both confidentiality and authenticity are needed. In this thesis, we research several problems of digital signature and signcryption, which consists of the following aspects.1. We propose a new construction of designated verifier proxy signature whose security can be proven without using the random oracle model. Our scheme is inspired by Waters’ Identity-based encryption. We firstly give the formal model of designated verifier proxy signature scheme and formalize its security model before we describe the scheme. Then, we show that the unforgeability of our scheme is based on the hardness of Gap Bilinear Diffie-Hellman problem. To our knowledge, this is the first designated verifier proxy signature scheme that can be proven secure in the standard model.2. We focus on the problem of proxy revocation and propose three proxy schemes with fast revocation, including two proxy signature schemes and one proxy signcryption scheme. The first one is based on the BLS signature scheme. Motivated by the idea of (2,2) threshold, a SEcurity Mediator (SEM) is introduced to examine whether a proxy signer signs messages according to the warrant and to check the revocation of a proxy signer. Moreover, a proxy signer has to cooperate with the SEM to generate a valid proxy signature, which facilitates the effective and fast proxy revocation of the scheme. The SEM is introduced in ID-based proxy signature in our second scheme. We firstly propose an ID-based (t, n) threshold signature scheme and analyze its security, then we construct an ID-based mediated proxy signature scheme using our (t, n) threshold signature. Inspired by Libert and Quisquater’s signcryption scheme, we also propose an ID-based proxy signcryption scheme with fast revocation. It is shown that the proposed schemes satisfy all the security requirements of a secure proxy scheme.3. We research on the problem of proxy signer’s privacy protection. We link proxy signature with ring signature and propose two proxy ring signature schemes. The first scheme is based on the BLS signature. We formalize the security model for the proxy ring signature and prove the security of our scheme in the random oracle model. We employ Chow’s ID-based ring signature algorithm in the second scheme, and prove that the unforgeability of the scheme relies on the CDH problem using the forking lemma for ring signature in the random oracle model. Compared with the existing schemes, the two schemes are more efficient in computation.4. We propose a new ID-based signcryption scheme from Waters’ ID-based encryption. The security proof of this scheme does not rely on the random oracles. We prove its semantic security and the unforgeability in the standard model. Specifically, we prove its semantic security under the hardness of Decisional Bilinear Diffie-Hellman problem and its unforgeability under the Computational Diffie-Hellman assumption. As far as we know, this is the first ID-based signcryption scheme that can be proven secure without random oracles.5. We propose an efficient ID-based signcryption scheme for multiple receivers which needs only one pairing computation to signcrypt a message for n different receivers. This scheme turns out to be more efficient than previous schemes and the approach of re-signcryption a message n times using a corresponding signcryption scheme. Finally, we prove its security in the random oracle model.更多还原