【作者】 杨木祥；

【导师】 洪帆；

【作者基本信息】 华中科技大学 ， 信息安全， 2007， 博士

【摘要】 Internet极大地改变了人们的工作、生活方式,也改变了政府、企业及其它各类团体的通讯、交流及业务行为的方式。Internet是一个开放的体系,在设计之初并没有考虑安全问题,任何进入网络的数据都面临着被窃取、滥用及篡改等风险,而来自网络的数据则有可能是假冒的、伪造的,而这又可成为数据发送者抵赖的借口。近年来,认证系统随着计算机网络和通信技术的普遍应用而迅速发展起来,它己经成为密码学的一个重要研究方向。数字签名是认证系统的主要内容,它提供了认证性、完整性和不可否认性的重要技术,解决了否认、伪造、篡改及冒充等问题,使得使用电子签名代替传统手写签名或印章可能。随着电子商务、电子政务的快速发展,单个用户的一般数字签名技术已不能完全满足需要,研究面向群组及具有特殊性质的数字签名成为认证理论的一个重要研究方向。同时认证与加密融合系统的出现也是认证系统发展的一个新的方向。面向群组的特殊数字签名在现实生活中有着非常广泛的应用前景。在基于RSA的门限签名体制中,要在其成员参与间共享一组参数,包括公开参数n,e,及要在参与成员间共享的解密密钥d。使得各成员所持有各自的私钥份额,但任何成员都不知道d,且任何少于规定门限值的成员子集都无法恢复d。由可信中心产生这些参数存在效率瓶颈及单点失效的问题,且TC也并非总是可用。因此提出一个由参与者共同计算产生RSA共享密钥的协议。该协议在计算模数N时利用分布式的初始素数筛选协议,降低了寻找两素数乘积的计算复杂度。同时由于采用了基于同态加密体制构造的共享转换协议进行模数N和密钥d的共同计算,避免了使用不经意传输协议,使得协议更加简单而且具有很高的效率。方案中增加了对共享d的验证,因而除具有被动安全性外,还可以防止参与一方进行欺诈。根据应用背景的不同,面向群组的签名往往有不同的特性要求。在MANET中,MANET的自组织性、动态性导致了其网络中某个特定的节点并不总是可用的,称为弱连接性。在这类网络中采用具有在线可信中心(TC)的密码体制会带来效率瓶颈及单点失效的问题。门限签名体制的特点使得它可以用于避免上述问题,因而在此类网络中具有很高的应用价值。另一方面,大规模的移动自主网络通常会组成一个多层次的网络,每个层次的安全需求可能是不同的。为了满足这类需求,提出了一个适合于多级安全MANET的门限-按序多重签名方案。使得一个消息可以被各部门或各级网络间按线性顺序签名,而各部门或各级网络内则可按门限的方式签名。该方案的设计基于一个RSA签名体制的变体和一个按序多重签名方案,具有较高的计算和空间效率,并在随机预言机模型中给出了到RSA难解问题的线性归约。在电子政务或电子商务的应用中,往往需要事务参与者按一定的顺序签名。按线性顺序的签名仅可满足一些简单的应用场合,而许多事务处理流程往往错综复杂,无法用线性顺序进行描述。结构化多重签名技术允许多个签名者以更复杂的顺序进行签名,并且签名的消息和顺序都是可以验证的。为描述这类顺序,引入了一些能表达复杂顺序的概念。串并图就是一种可以描述串行、并行事件混合顺序的图。在此基础上,提出了一种基于DSA的按序多重签名方案。该方案支持顺序灵活性,签名者按一定顺序签名后,验证者同时验证消息与顺序的正确性。安全性方面,该方案可抵抗适应性内部选择消息攻击。方案的签名及验证的时间与同类方案相比更短。大多数基于RSA的多重签名方案仅支持按线性序签名,而由于RSA算法已被全世界广泛采用,因此对结构化RSA多重签名的研究具有重要的意义。为满足在复杂环境中进行RSA多重签名的要求,采用了可表达丰富的顺序关系的签名结构来表示签名的顺序,并提出一个支持以这种结构化顺序签名的RSA多重签名方案。该方案产生签名的计算代价与签名者的数量成正比,所产生的签名大小以及验证所需的计算代价与RSA单签名相同。方案的安全性可以归约到RSA求逆的安全性。签密是一种融保密和认证为一体的新的密码体制。除了保密和认证以外,对于签密系统而言,不可抵赖性也是必不可少的性质,这就要求签密方案可公开验证,而与此同时又带来了新的安全问题。为解决此问题,提出了一个可公开验证的短签密方案,该方案具有强保密性,可抵抗灵活反签密预言机模型中的IND-CCA2攻击,同时具有强不可伪造性,可抵抗强选择消息攻击,并具有公开可验证的性质,给出了标准模型下的安全性证明。更多还原

【Abstract】 The emergence of the Internet changes people’s ways of life and work. It also changes the ways of communication, conservation and transaction of governments, enterprise and other organizations. But Internet is an open system, it is not designed with the security consideration. Anybody including malicious users can access the network, so any data connected to the network are threaten by theft, abuse or tamper. Any data from the network may be personated or forged. Also, dishonest users may deny their behaviors that have happened in fact.With the widely application of the computer networks and communication technologies authentication systems have developed rapidly recent years. It becames one of the most important research directions in cryptography. Digital signature technology the main issue of authentication systems. It provides authentication, integrity and non-repudiation services and can solve the repudiation, forgery, tamper and personation problems and consequently enables e-business, e-government and so on. With the rapidly development of e-business and e-government gernal digital signature technology that the signature is signed by a single user can not satisfy the growing requirement any longer. As a result, the signature technologies in multi-user settings and signature technologies with specificated properties becames important new directions in authentication researches. Group oriented signature with specificated property is a kind of signature in multi-user settings and is widely applicable in real life.We studied the following group oriented signature technologies including group signature, threshold signature, order-specified signature and signcryption in this paper. We analyzed several digital signature schemes and proposed several new digital signature schemes in multi-user settings.In RSA based threshold signature systems, some parameters including the public parameter n and e should be shared among the parties, while the private key d should be shared by the parties. Each party keeps its private share secret and there is not a sub set of the parties less than t can recover the private key d. There are some problems such as efficient bottleneck and single point failure when these parameters generated by the Trusted Center. To deal with these problems, we proposed an efficient two party RSA secret key sharing generation scheme based on a homomorphic encryption, which is semantically secure under the prime residuosity assumption is proposed in this paper. At the stage of computing RSA modulo N, an initial distributed primality test protocol is used to reduce the computation complexity and increase the probability of N being a two-prime product. On the other aspect, the homomorphic encryption based sharing conversion protocols is devised and adopted in multi-party computing modulus N and secret key d. Comparing to any sharing conversion protocols based on oblivious transfer protocol, the homomorphic encryption based sharing conversion protocols are of high performance. Our scheme resists the passive attack and since a method of verifying the sharing was introduced in, the scheme can resists any cheating behaviors too. Security proof, computation complexity and communication complexity analysis are given at last.Threshold signature schemes are useful in MANET because of the mobility and weak connectivity. Meanwhile, order-specified multi-signature schemes are valuable in some multi-level security systems. To meet such kind of requirements, we proposed a secure threshold order-specified multi-signature scheme based on RSA in this paper. The scheme is designed based on a modified threshold RSA signature scheme and an order-specified. It has a certain extent exact security. Proof is given in the random oracle model and the computational and spatial complexity are presented at the end.In multisignature schemes signers can sign either in a linear order or not in any specified order, but neither of them is adequate in some scenarios where require mixture using of orderless and ordered multisignature. Most order-specified multisignatures specified the orders as linear ones. In this paper, we proposed an order-specified multisignature scheme based on DSA secure against active insider attack. To our knowledge, it is the first order-specified multisignature scheme based on DSA signature scheme, in which signers can sign in flexible order represented by series-parallel graphs. In the multisignature scheme verification to both signers and signing order are available. The security of the scheme is proved by reduce to an identification scheme that is proved have some concrete security. The running time of verifying a signature is comparable to previous schemes while the running time of multisignature generation and the space needed is less than those schemes. Most previous multi-signature schemes based on RSA only support signing in a serial order. To meet the need of signing in more complex order, we proposed a structured multi-signature scheme based on RSA. The size of the multi-signature and the multi-signature verification computational cost of are the same as that of single RSA signature scheme and the computational cost of signing is proportion to the increase of signers. The security of the proposed scheme is reduced the complexity of inverting RSA.Signcryption is a new crypto primitive to model a process achieving privacy and authenticity simultaneously. Besides privacy and authenticity, non-repudiation is also a pre-requisite property a signcryption for a signcryption scheme. To achieve the objective, it is required that the signcryption must be publicly verifiable which in turn brings new security troubles. We proposed a publicly verifiable short signcryption scheme which is strong existentially unforgeable under active chosen message attack and is of strong confidentiality under the active chosen cipher-text attack in the flexible unsigncryption oracle. All the security proofs is given standard model without using random oracles.更多还原