【作者】 夏祥胜；

【导师】 洪帆；

【作者基本信息】 华中科技大学 ， 信息安全， 2009， 博士

【摘要】 随着网络技术和电子商务的迅猛发展，迫切需要解决网上数据传输安全以及交易双方的身份识别和认证。简单模拟手写签名的普通签名已不能完全满足应用的需要，许多新的应用环境要求数字签名能支持一些特殊的功能，如前向安全数字签名应用于风险控制、代理签名应用于电子支付、门限群签名应用于重要军事命令的签发、重签名应用于网上公文逐级审批以及环签名应用于匿名举报等，它们在现实生活中有着非常广泛的应用前景。研究这些具有特殊性质的数字签名已成为数字签名的主要研究方向。椭圆曲线密码(ECC)具有带宽要求低、密钥和签名长度短以及安全性能高等特点，在带宽受限的无线网络领域有着广泛的应用前景。基于此，提出了一个基于ECC的高效动态门限群签名方案，它不仅具有动态门限签名特性和满足群签名的不可追踪性和匿名性，而且还能抵制联合攻击。另外，当群管理员加入或撤销群成员时，系统参数只作少量改变。对目前几种基于普通离散对数密码体制构造的前向安全代理签名方案进行了安全性分析。发现它们有的其密钥更新算法是对代理签名密钥进行更新的，同时代理签名人的私钥出现在代理签名生成式中，有的其必需因子的幂不含关键参数，从而均不完全满足该文给出的方案具有前向安全性质的必要条件，因而均不具有前向安全性。当代理签名人的私钥泄露后，有的方案不能抵抗任何人的伪造攻击，有的方案甚至还不具备基本的代理签名的性质，原始签名人或任何人不用知晓任何私有信息均可直接实施伪造攻击。针对这些缺陷，提出了一个改进的效率更高的代理签名方案，该方案仅对代理签名人的私钥进行更新，构造的生成函数中其必需因子的幂含有关键参数，分析显示该方案不仅具有前向安全性质，而且还满足强代理签名的所有安全性质。由于双线性对在实现中的高效性和安全性，针对目前基于普通离散对数的前向安全代理签名方案实现速度慢、系统安全性不高的问题，提出了一个基于双线性对的前向安全代理签名新方案，改变了目前难以基于双线性对构造前向安全代理签名方案的局面，其密钥更新算法包含多个密码学难题，改变了现有方案其密钥更新算法大多依赖于模合数平方剩余难题等过于单一的现状，从而新方案更安全，而且更高效，分析显示该方案还满足强代理签名的所有安全性质。将前向安全技术引入有代理的多重数字签名中，提出了一个前向安全的有代理的多重数字签名方案。该方案大量引入了预计算，不仅极大地提高了签名和验证的效率，而且安全、高效、适用。还分析了一种前向安全的多重签名方案，指出该方案当签名人的签名私钥泄露后，容易受到伪造攻击，从而不具备前向安全性。给出了一个改进的前向安全多重签名方案，可简化多重签名的过程，提高了签名效率。采用双线性对技术提出了两个高度安全的无证书结构化多重签名方案和无证书带签名者意向的结构化多重签名方案。在这两个方案中，用户的私钥不再由密钥生成中心KGC单独生成，而是改由用户和KGC联合产生，有效地避免了来自KGC的伪造攻击，从而大大增强了方案的安全性。分析显示两个方案均能抵抗任何人(包括KGC)的伪造攻击和合谋攻击。基于CL-PKC提出了两个安全的无证书环签名方案和无证书环代理签名方案。在这两个方案中，用户的私钥由用户和KGC联合产生，其安全性均高于一般的基于身份的环签名方案。分析显示此两个方案均能抵抗任何(包括KGC)伪造攻击，且都满足签名者的无条件匿名性。无证书环代理签名方案还满足强代理签名的所有安全性质。更多还原

【Abstract】 With the rapid development of computer network and e-commerce, the security problems of data transmission and identification and authentication of both sides involving a business are becoming more and more exigent. The common digital signature scheme can’t meet with the requirements of many new applications to be used widely, since they require that digital signature scheme can support some special purposes and functions such as forward-secure signature applied in risk control,proxy-signature applied in electronic payments, threshold group-signature applied in issuing important military orders, multi-signature applied in reviewing and approving official document step-by-step, ring-signature applied in making a report anonymously, and so on. Therefore, the research on special application-oriented digital signature scheme is becoming an important research direction of digital signature area.The elliptic curve cryptosystem(ECC for short), which has low bandwidth, shorter key length and signature length and similar level of security to other cryptosystem, is very appealing in wireless network.An efficient dynamic threshold-signature scheme based on ECC is proposed, which has not only the characteristics of dynamic threshold-signature but also meets with the requirements of untraceability and anonymity of group-signature, as well as can resist conspired attack. Furthermore, few system parameters are required to be changed as a group manager joins or a group member is removed.By analyzing several present forward secure proxy signature schemes based on discrete logarithm cryptosystem, the paper finds that one of these schemes updates the proxy signature secret key in its algorithm of secret key updating and the proxy signature expression includes the proxy signer’s private key,necessary factor’s exponential function of some of these schemes don’t include crucial parameter,these schemes don’t meet all necessary condition of forward security gived by the paper, so these schemes haven’t the charactistics of forward security. One of them can’t resist forgery attack from anyone as the private key of proxy signers are lost. Some of them haven’t also the basic characteristics of proxy-signature because them can’t resist forgery attack from anyone or original signer even if attackers haven’t known any secret information about the signatures. To solve above secure defects, the paper propose a new modified and high efficient proxy-signature scheme that updates the proxy private key in its algorithm of secret key updating, necessary factor’s exponential function of the scheme includes crucial parameter,Analysis results show the scheme has not only the characteristics of forward security but also all security characteristics of strong proxy signature. Because bilinear pairings has high efficience and security in implement.Realising most of present forward secure proxy signature schemes based on discrete logarithm have low implement speed and system security.A new forward security proxy signature scheme based on bilinear pairs is proposed, the key update algorithm of the scheme was designed based on several cryptology difficult problem,it will change current sitution that it is very difficult to design a forward security proxy signature scheme based on bilinear pairs and the key update algorithm of most of present forward secure signature schemes was designed based on one cryptology difficult problem such as Modulo Composite quadratic Residuosity. Therefore, the scheme is efficient and secure.By introducing the concept of forward security, a new multi-signature scheme with proxy is firstly proposed. The scheme can not only improve largely the efficiency of signature and validation through pre-calculation, but also has the characteristics of high security, high efficiency and high availability. Also, a forward security multi-signature scheme is analyzed. It can’t resist forgery attacks as the secret keys of signers are revealed, and hasn’t the charactistics of forward security. Based on the scheme, an improved forward security multi-signature scheme is proposed, which can reduce the procedures of multi-signature and increase signature efficiency.Based on the bilinear pairs technique, a secure certificateless structured multi-signature scheme and a secure certificateless structured muli-signature scheme with signers’ intentions are proposed. The singers’ secret keys in these two schemes are generated by members and the secret key distribution center jointly, rather than only by the secret key distribution center. They can avoid the forgery attacks from the secret key distribution center, to enhance security degree greatly. Analysis results show the two schemes can resist any forgery attacks and conspired attacks (including KGC).Two secure schemes of certificateless ring-signature and certificateless ring proxy signature based on CL-PKC are proposed. Same as above two muli-signature schemes, the secret keys of singers in these two schemes are also generated by members and secret key distribution center cooperatively, so that their security is higher than the common ring-signature schemes based on identity. Analysis results show the two schemes can resist forgery attacks and conspired attacks (including KGC), and can meet with the requirements of unconditional anonymity of signers. In additional, the ring proxy signature scheme has all security characteristics of strong proxy signature.更多还原