【作者】 贾晓芸；

【导师】 袁超伟；

【作者基本信息】 北京邮电大学 ， 信号与信息处理， 2008， 博士

【摘要】 计算机和网络技术的发展将人类带入信息化社会,随之而来的是倍受关注的信息安全问题。现代密码学已成为信息安全技术的核心,数字签名技术是现代密码学主要研究的内容之一,它在身份识别和认证、数据完整性、抗抵赖等方面具有其它技术所无法替代的作用,在军事、电子商务和电子政务等领域均有广泛的应用。随着数字签名技术的不断发展,人们对它的实用性提出越来越多的要求,比如,在保证安全的前提下,数字签名占用尽可能少的存储空间,密钥尽可能的短等等,在这方面人们进行了不懈的研究,但依然存在很多问题尚未解决,比如,在保证安全的前提下,如何提高群签名方案的效率,如何设计满足不同需求的群签名方案等。本文针对这些问题进行深入系统地研究,分析了目前方案的效率和某些缺陷,提出满足人们不同需求的特殊签名方案。在这一研究领域,取得如下研究成果:（1）研究了有序多重签名机制,重点分析目前存在的多重签名机制的实现方法及缺陷。由于目前的多重签名协议不外乎采取两种方式:一是每个签名者独立地对同一消息签名,最后的签名就是他们各自签名的聚集,在这种签名中,签名的长度随着签名者的个数成倍增加,验证签名的时间也会成倍地增加,这使得此协议非常不实用;二是所有签名者联合起来生成消息m的签名,即签名者A₁首先对消息m进行签名,并把签名传送给下一个签名者A₂,A₂在对A₁的签名进行签名之前先验证A₁签名的有效性,这样直到最后一个签名者A_n为止,在这种签名中,当签名的算法比较复杂时,会使得签名的效率很低。多重签名本质上是多个人对同一消息的签名,本文分别基于背包公钥密码体制、ElGamal公钥密码体制和椭圆曲线公钥密码体制提出三种有序多重签名方案,此些方案可以成倍地提高有序多重签名方案的效率,有效地抵抗来自内部成员的欺诈行为,及时地维护签名组成员的子秘密,方便地增加或删除签名组成员。（2）基于实际应用,本文提出一种新的签名方案——链式验证签名方案。该方案将验证参与者分为签名验证者和链式验证授权者,签名验证者只有在经过链式验证授权组中每一个成员的依次授权时,才可以验证签名的有效性,而且链式验证授权组中的任何成员（即使所有成员合谋）都不能验证签名的有效性。基于常用的公钥密码体制,如背包公钥密码体制、ElGamal公钥密码体制、椭圆曲线公钥密码体制,设计了三种具体的实现方案。这些方案可以方便地增加或删除链式验证授权者,且当链式验证授权者或签名验证者泄漏子秘密时,可以及时地维护。（3）设计了具有不同权限的门限签名方案。现存的具有不同权限门限签名方案都是把特权集进行分组,然后对消息进行签名的思路,本文开辟了一种新的思想,把这种具有不同权限的门限签名方案推广到更一般的情况。首先,提出一种特殊的有否决权的门限签名方案,该方案利用齐次常系数线性差分方程的结构及其解的结构,给出了具有两种不同签名权限的签名者参与的门限签名协议。然后,考虑到现存的门限签名方案是把特权集进行分组,本文利用权重来衡量不同权限签名者的签名权利,把一般的（t,n）门限签名方案推广到扩展的（t,n）门限签名方案,即组签名权重达到t就可以得到合法签名。（4）重点研究了共享验证签名协议,基于现存协议的某些缺陷,利用具有不同权限的门限签名的思路,给出了具有不同权限的共享验证签名协议。首先提出了一个新的共享验证签名方案,该方案具有一些特殊的特点;其次,给出具有两种不同验证权限的共享验证签名方案,该方案利用齐次常系数线性差分方程的结构及其解的结构,得到了具有两种不同验证权限的验证者参与的共享验证签名协议;最后,利用权重来衡量不同权限验证者的验证权利,把一般的（t,n）共享验证签名方案推广到扩展的（t,n）共享验证签名方案,即组验证权重达到t就可以验证签名的有效性。综上所述,本论文根据面向群体的数字签名的原理和特点,分析发现了现存算法的某些缺陷,并提出一些改进方案。论文结合现有面向群体的数字签名的几种关键技术,系统深入地研究了如何提高有序多重签名的效率、设计了几种具有不同权限的门限签名方案和共享验证签名方案。论文对面向群体的数字签名体制进行了较系统深入的探讨,具有重要的理论探索意义和潜在的应用价值。更多还原

【Abstract】 The rapid development in computer and network technologies brings in tremendous problems for information security. Cryptography is the fundation of information security, digital signature is one of the main research field of cryptography. It is vital in authentication, data integrity, non-repudiation and so on, which has been used widely in military affairs, electronic commerce, electronic government, etc.With the rapid growth of the science and technology, more and more requires are brought forward, such as how to make the signature occupy the less store resource, the secret key as short as it can be under the ensuring security condition and so on. Lots of researchers have done abundant work in this way, but there are many questions that have not been solving, for example, how to improve the efficiency of multi-signature scheme, how to design some special signatures that can meet the user’s special demands, etc. In this dissertation, we give efficiency analysis of some digital signature, and propose some special society-oriented digital signature schemes which can meet the user’s special demands. In this research field, the final research achievements are as following:（1） We study the sequential multi-signature scheme （SMSS）, especially the implementation and defect of the present sequential multi-signature scheme. There are two methods in the present SMSS, one is every signer independently signs for the message, the final signature is their signature gathering. In this scheme, the length of signature will be increased by multiplying with the increasing number of the signers, which makes the scheme is not practical. The other is all signers sign for the message m cooperatively, thus the first signer A₁ signs for m and send it to the second signer A₂, A₂ verify the validity of the signature at first, then signs for the signature of the signer A₁, until the last signer A_n. In this scheme, the efficiency is very low when the signature algorithm is complex. The essence of multi-signature scheme is that some signers sign for a message. The dissertation designs three SMSS based on Knapsack algorithm, discrete logarithm and Elliptic Curve, which is different from existent SMSS, it can possess all properties of existent SMSS when it only need a signature for a message. What’s more, these schemes simplify the procedures among signers, and avoid the cheating by signer efficiently, and conveniently add or delete signer, and reduce the cost of communication.（2） We propose a new digital signature scheme----chain verification digital signature scheme based on the practical application. In this scheme, the verification participators can divide the signature verifier from the chain grantors, the signature verifier cannot verify the validity of the signature until he is authorized by all chain grantors in turn, and any chain grantor （even all chain grantors are collusive） cannot verify the validity of the signature. We respectively design three chain verification digital signature schemes based on Knapsack algorithm, discrete logarithm and Elliptic Curve. What’s more, these signature schemes can conveniently add or delete chain grantor and defend the secret key of the chain grantors and signature verifier.（3） Due to the present threshold signature schemes part different privilege groups, the dissertation extends to the more general situation. At first, the threshold signature scheme with special right is proposed, which realized threshold signature among the signers having two different sign rights by using the structures properties of constant coefficients homogeneous linear difference equation. Then we extend this situation to the more general situation, thus extended （t,n） threshold signature scheme. In the scheme, if sign weight of any subset of all signers is not less than t, the subset can gain the valid signature of the message.（4） Analysis are made on the security threats and system flaws of present shared verification signature schemes, and an improved shared verification signature scheme is proposed, namely a shared verification signature scheme with different verification right. Firstly, a new shared verification signature scheme is proposed which has some special characters. Secondly, we propose the shared verification signature scheme, which realizes shared verification among the verifiers having two different verification rights by structures and solution structures of constant coefficients homogeneous linear difference equation. Finally we extend this situation to the more general situation, thus extended （t,n） shared verification signature scheme. In the scheme, if verification weight of any subset of all verifiers is not less than t, the subset can verify the validity signature of the message.To sum up, the dissertation aims at the characteristic of the society-oriented digital signature scheme and flaws of present scheme, and presents improved schemes that can meet the user’s special demands. By combining several key techniques of the existing the society-oriented digital signature scheme together, the dissertation researches in depth on how to improve the efficiency of the sequential multi-signature scheme, design threshold signature scheme and shared verification signature scheme that have different signing or verifying right. The dissertation researches in depth on the society-oriented digital signature scheme, it is very significative both in theory and practice.更多还原