【作者】 杨浩淼；

【导师】 孙世新；

【作者基本信息】 电子科技大学 ， 计算机应用， 2008， 博士

【摘要】 在传统的公钥密码学中,公钥是与身份无关的随机字符串,公钥基础设施(PKI)通过签证中心颁发公钥证书来绑定公钥和身份。而在基于身份密码学(IBC)中,公钥是代表用户身份的任意字符串,可以直接从身份中提取,则证书和公钥目录是不必要的,因此简化了公钥的管理,并由此带来了不需要密钥信道的非交互式通信以及不需要证书校验,节约了计算和通信成本。尽管IBC简化了公钥和证书的管理,相比较传统的PKI有着天然的优势,但是具体的基于身份密码系统在实施中存在一些公开问题,例如缺乏有效的非交互式密钥吊销的完整解决方案,缺乏有效的可验证加密签名方案,这些问题不解决,基于身份密码系统在实践中的应用将受到很大限制。另一方面,双线性映射和基于标准模型的可证明安全是近几年密码学界的研究热点。本文围绕着基于身份密码系统存在的问题和研究热点在以下几个方面进行了研究,并取得了如下一些成果。本文通过前向安全,简单而有效的解决了基于身份密码系统的密钥吊销的难题,分别构造了前向安全的基于身份的签名和加密方案,该签名和加密方案共享系统参数生成、密钥生成和密钥更新,组合起来,可以构建实践的非交互式密钥吊销的基于身份密码系统的完整解决方案。以此系统为基础,可以构建基于身份的PKI以替代传统的基于证书的PKI。和传统PKI相比,基于身份的PKI在密钥的分发和管理方面具有内在的轻便性,可广泛应用于安全的Email系统、Ad-Hoc网络系统等。本文提出了构造可验证加密签名方案的通用方法,并基于Gentry短签名构造了一个有效的可验证加密签名方案,在标准模型下严格证明其安全性。和同类方案相比,该方案构造简单,有较短的公钥尺寸、较低的计算代价以及较紧的安全归约,是一个真正实践的无随机预言机的可验证加密签名方案,能够用于在线合同签署协议以保障公平交换。本文还基于Paterson等的基于身份签名方案,构造了第一个无随机预言机的基于身份的可验证加密签名方案。本文首次对密钥信息部分的逐渐的泄漏过程进行了研究,建立了密钥信息泄漏过程模型,并根据模型较为准确的估计密钥寿命,从而可以设置合适的密钥更新周期,而合适的密钥更新周期将在密钥安全性和更新代价之间取得平衡。本文的密钥泄漏建模和密钥寿命预估的方法可以应用到任何密码系统的秘密密钥。本文给出了适合于非交互式密钥吊销的基于身份密码系统的两个应用:网格用户代理签名和手机短信息加密。前者提高了制造网格的效率和可扩展性,后者集成了嵌入式计算机、移动电子商务以及基于身份密码学技术。两者都体现了它的优良特性和重大实践价值,对基于身份密码系统的实用化具有示范意义。更多还原

【Abstract】 Traditional public key infrastructures (PKI) involve complex construction of certification authorities, consequently requiring expensive communication and computation costs for certificate verification. In 1984, Shamir introduced an innovative concept - identity-based cryptography (IBC), where public keys are straightly derived from users’ identities. Identity-based cryptosystem can simplify certificate management in PKI. However, IBC still has some challenging open problems. One is to design an identity-based cryptosystem which features non-interactive key revocation. Another problem is to design a practical identity-based verifiably encrypted signature scheme without random oracles. It is important to research and solve these problems not only on theory but also on practice. This paper focuses on these problems, proposes some effective schemes, and gets some research results. The main researches in the paper are as follows:The key revocation problem is simply and effectively solved by using the forward-security key-evolving paradigm. Effective forward-secure identity-based signature (FS-IBS) scheme and forward-secure identity-based encryption (FS-IBE) scheme are constructed respectively, and these schemes are provably secure in the random oracle model or in the standard model. FS-IBS and FS-IBE may share the same procedures of system parameters setup, key generation, and key update, since they both use the same key-evolving mechanism. By combining FS-IBS and FS-IBE, A practical complete solution of an identity-based cryptosystem with non-interactive key update property is given. Based on the cryptosystem, the identity-based PKI may be built, which may be considered as an alternative for certificate-based PKI. It offers advantages such as simple key management and key distribution. Applications may include secure email systems, ad-hoc network systems, and so on.This previous work is generalized and a generic construction of verifiably encrypted signatures from short signatures is proposed. Then an efficient verifiably encrypted signature scheme without random oracles is proposed. The scheme is constructed from the recent Gentry signature and can be rigorously proven to be secure in the standard model. The proposed scheme has several advantages over previous such systems - namely, shorter public keys, lower computation overhead, and tighter security reduction, therefore, it is a truly practical verifiably encrypted signature without random oracles, which can be used in online contract signing protocols. Finally, based on the Paterson et al.’s identity-based signature scheme, the identity-based verifiably encrypted signature scheme without random oracles is first constructed by using the ElGamal encryption algorithm.The partial and gradual leakage process of key information is first studied, and is modeled as a compound Poisson process. According to the model, an effective algorithm to estimate key life is proposed. So, the proper key renewal period can be set, which might control trade-off between security and renewal cost in key management. The method of modeling key exposure and estimating key life may be applied to secret keys of any cryptosystem.Two of suitable applications of identity-based cryptosystem with non-interactive key revocation are given. One is a signature scheme for user proxy towards manufacturing grid, and the other is an encryption system for short message service of mobile phones. The former improves the efficiency and scalability of manufacturing grid, and the latter integrates embedded computers, mobile e-commerce, and recent cryptography technologies. Both applications show the excellent performance and practical importance, which give a good demonstration of moving IBC into practice.更多还原