【作者】 崔巍；

【导师】 杨义先；

【作者基本信息】 北京邮电大学 ， 密码学， 2009， 博士

【摘要】 随着计算机网络技术的飞速发展,各种网络服务已经渗透到人们生活的各个领域,一方面给人类活动带来了巨大的便利和好处,另一方面又带来了前所未有的威胁。数字签名技术是提供认证性、完整性和不可抵赖性的重要技术,是信息安全的核心技术,也是安全电子商务和安全电子政务的关键技术之一。随着对数字签名研究的不断深入和电子商务、电子政务的快速发展,简单模拟手写签名的普通签名已经不能满足实际应用的需求,研究具有特殊性质的数字签名成为数字签名的主要研究方向。双线性对是近几年发展起来的用来构造数字签名方案的重要工具。利用双线性对构造的数字签名不仅具有高安全性、短密钥和快速实现等优点,还具有更多的用其它方法难以实现的功能。本文受国家重点基础研究发展计划(973计划)(No.2007CB310704)、国家自然科学基金(No.90718001)、高等学校学科创新引智计划项目(No.B08004)、高等学校博士学科点专项科研基金资助课题(No.20070013005)资助,从基于身份的盲签名、代理签名、广义指定验证者签名和基于身份的可验证加密签名等方面对基于双线性对的数字签名方案进行了深入的研究,主要研究成果有:1.对基于身份的盲签名方案进行了研究。提出一个可证安全的基于身份的部分盲签名方案,其安全性是基于q-SDHP困难问题的,在随机预言模型下,证明了其在适应性选择消息及身份攻击下能抵抗存在性伪造,由于使用了较少的配对运算,效率明显高于其它方案。通过将门限签名和盲签名进行结合,提出了一种高效的基于身份的门限盲签名方案,并且对该方案的正确性、不可伪造性和鲁棒性进行了证明。然后,在已提出的部分盲签名方案的基础上给出了一种高效的基于身份的受限部分盲签名方案,证明了该方案具有正确性、部分盲性、限制性和不可伪造性。最后,在提出的基于身份的受限部分盲签名的基础上,构造了一种新的公平离线电子现金系统。通过嵌入与用户身份无关的公共信息,使得管理复杂度大为下降的同时也保护了用户的隐私。2.对代理签名方案进行了研究。Huang等人提出了一种高效的已知签名者的门限代理签名方案(HC方案)。本文指出了HC方案不能够抵抗框架攻击和公钥替换攻击,并给出了一个高效的改进方案,该方案有效的弥补了原有方案的安全缺陷。然后,对Xu等提出的基于身份的门限代理签名方案(XZF方案)进行了安全性分析。在该方案中,攻击者通过公开信道获得合法原始签名人签名的授权证书以及代理签名人生成的有效代理签名后,能够伪造出新的对相同消息的代理签名,而原始签名人变为攻击者自己。为了避免这种攻击,提出了一个有效的新方案,提高了安全性和计算效率。最后,在标准模型下提出了一个新的基于双线性对的代理签名方案,证明了该方案在标准模型下能够抵抗适应性选择消息攻击下的存在性伪造。与已有的方案相比,提出的方案需要较少的系统参数,实现了紧凑的安全归约,并且在密钥生成、标准签名、授权生成、代理签名生成等阶段具有较高的效率。3.对广义指定验证者签名方案进行研究。对Shailaja等学者和Huang等学者分别提出的两种广义指定验证者签名的代理性进行了分析,并给出了代理攻击的方法。基于ZSS短签名方案提出了一种新的抵抗代理攻击的广义指定验证者签名方案,证明了该方案在随机预言模型下能够抵抗伪造攻击和代理攻击并具有不可传递性。由于避免使用低效的MapToPoint函数,并且具有较少的双线性对运算,使得该方案具有较高的效率。4.对基于身份的可验证加密签名方案进行研究。基于身份的可验证加密签名是一种扩展的签名方案,他在构造公平交换中起到非常重要的作用。现有的基于身份的可验证加密签名方案,其安全性都是在随机预言模型下可证安全的。我们基于Paterson的签名方案,利用双线性对首次提出标准模型中可证安全的基于身份的可验证加密签名方案,并在CDH困难问题下证明了该方案具有不可伪造性和模糊性。在这个方案中,通过引入可信第三方保证了用户之间进行公平交换,从而保障了用户的合法权益。更多还原

【Abstract】 With the fast development of the technique of computer network, all kinds of network services have soaked into many aspects of the people’s life. On the one hand, they bring much convenience and benefits to people’s life. On the other hand, they bring an unparalleled threat. Digital signature, which can provide authentication, integrity and non-repudiation is one of the key techniques of information security and plays an important role in E-ecommerce and E-govemance. As the deepening of digital signature research and the rapid development of E-ecommerce and E-governance, the standard signature, which is a simple simulation of handwritten signature, can not meet the practical need any more. Thus, making research on the digital signatures with additional properties becomes a main research direction in digital signatures.Bilinear pairings is a crucial tool for constructing the signatures in recent years. The bilinear Pairing-based signatures not only have the advantages of higher security, shorter key size and faster implementation, but also possess many benefits that can not be easily achieved by using other techniques. This dissertation is jointly supported by National Basic Research Program of China (973 Program) (2007CB310704), National Natural Science Foundation of China (No. 90718001), Programm of Introducing Talents of Discipline to Universities (No. B08004), Specialized Research Fund for the Doctoral Program of Higher Education (No. 20070013005). We focus on the research and design of the pairing-based signatures in following aspects: identity-based blind signature, proxy signature, universal designated verifier signature and identity-based verifiably encrypted signature. The main contributions of this dissertation are as follows:1. We do research on identity based blind signature scheme. A provably secure identity-based partially blind signature scheme is proposed. Assuming the intractability of the q-Strong Diffie-Hellman problem, our scheme is existentially unforgeable against adaptive chosen message and ID attacks in the random oracle model. Because of using less pairing computation, our scheme is highly efficient compared with existing schemes. Combining threshold signature with blind signature, we give an efficient identity-based threshold blind signature and prove that our scheme is correct, non-forgeable and robust. And then, Based on the proposed partially blind signature scheme, we give a new efficient restrictive partially blind signature and prove that the scheme is correct, non-forgeable, restrictiveness and partially blind. At last, Based on the presented ID-based restrictive partially blind signature, a new fair off-line electronic cash system is proposed. By embedding the common information irrelevent to user’s identity, the complexity of management is declined and at the same time, the user’s privacy is protected.2. We do research on proxy signature scheme. Huang et al. proposed an efficient threshold proxy signature with known signers (denoted as HC scheme). We show that the HC scheme is not secure against frame attack and public-key substitute attack and give a new efficient scheme which remedies the security flaws of the existing scheme. And then, the security of identity-based threshold proxy signature proposed by Xu et al. (denoted as XZF scheme) is analyzed. In XZF scheme, based on the proxy signature generated by proxy signers on a message on behalf of an original signer, an attacker can forge a valid threshold proxy signature on the same message which seemed generated by proxy signers on behalf of this attacker himself. To avoid this attack, a new identity-based threshold proxy signature is further proposed, which can resolve the security problem existing in XZF scheme and is more efficient than XZF scheme. At last, a new provably secure signature scheme in the standard model is proposed. The scheme is proved secure against existential forgery in adaptively chosen message attack in the standard model. Compared with existing schemes, the proposed scheme has a tight security reduction and needs less public parameters. It is very efficient in the stage of generating secret key, standard signing, proxy signing and generating delegation.3. We do research on universal designated verifier signature scheme. The delegatability of two universal designated verifier signature schemes presented respectively by Shailaja and Huang is analyzed and delegation attack to the schemes is put forward. Based on the ZSS short signature, an efficient universal designated verifier signature against delegation attack is proposed and the scheme is unforgeable, non-delegatable and non-transferable in the random oracle model. Because of avoiding inefficient MapToPoint function and using less pairing computation, our scheme is highly efficient compared with existing scheme.4. In the end, we do research on identity based verifiably encrypted signature scheme. ID-based verifiably encrypted signature is an extended signature type and plays an important role in constructing fair exchange. To our best knowledge, the security of the existing identity based verifiably encrypted signature schemes are based on the random oracle model. Based on the Paterson’s ID-based signature and bilinear pairing, we propose the first identity based verifiably encrypted signature scheme whose security can be proven in the standard model and prove that our scheme is non-forgeable and opaque based on the difficulty of solving the CDH problem. In this scheme, by introducing a trusted third party, the fair exchange between users is ensured and the legitimate rights and interests of users are protected.更多还原