【作者】 苏万力；

【导师】 王育民；

【作者基本信息】 西安电子科技大学 ， 信息安全， 2009， 博士

【摘要】 数字签名是提供认证性、完整性和不可否认性的重要技术,是信息安全的核心技术之一,是安全电子商务和电子政务的关键技术。随着对数字签名研究的不断深入,同时也由于电子商务、电子政务的快速发展,简单的一般数字签名已不能满足需要,因此研究具有特殊性质或特殊功能的数字签名成为数字签名的一个主要研究方向。本文主要研究了无证书数字签名、无证书盲签名和部分盲签名、基于身份签名、基于身份聚合签名、具有中介的基于身份签名。主要研究成果如下:1基于双线性对设计了一个在随机预言机模型下有效的无证书签名方案,其安全性基于计算Diffie-Hellman(CDH)困难问题、离散对数困难问题假设,该方案的签名过程只需要群上的两个乘运算和一个哈希运算,验证过程只需要三个双线性对运算、两个哈希运算,分析结果表明运算效率明显提高。2首次提出了无证书盲签名方案,使得签名方案既无对证书的需求又无密钥托管的弊端,同时又具有盲签名的特性,给出了算法模型并对其安全性给予了证明。3将部分盲签名和无证书密码结合,首次提出了无证书部分盲签名,给出了算法模型,利用双线性对设计了一个具体的方案并对其安全性给予了证明。4分析了一类改进的无证书签名方案的安全性,指出了它们存在公钥替换攻击,并提出了改进措施。5针对基于身份密码体制中用户身份的吊销问题,提出了一种新的具有中介的基于身份签名方案。该方案不同于传统的方案,而是重新考查了用户注册过程中的安全性。在新方案中,用户注册时,密钥生成中心(KGC)只为用户生成公共信息,对已吊销的用户或只是注册而不进行任何操作的用户,KGC不提前生成部分密钥和中介的私钥,不提前为它们发送私钥。新方案的性能分析结果表明:减少了计算量,节省了存储和带宽,降低了提前传送密钥带来的风险,提高了系统的安全性,并证明了该方案在随机预言机模型下是安全的。6分析了程相国等人提出的一种m-挠群上基于身份的聚合签名方案,证明了原方案是不安全的,存在伪造性攻击。构造了一种具体的攻击方法,攻击者通过适当选择聚合签名过程中的相关参数,可以伪造一组签名,使得它们的聚合签名能够通过聚合签名验证,从而达到伪造攻击的目的。更多还原

【Abstract】 Digital signature, which can prove authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a very important role in E-commerce and E-government. As the deepening of digital signature research and the rapid development of E-commerce and E- government, the standard signature, which is a simple simulacrum of handwritten signature, can not meet the need in practice, thus making research on the digital signatures with additional properties becomes a main research direction in digital signature.In the thesis, we discuss some digital signatures with additional properties, including certificateless signature, certificateless blind signature, certificateless partially blind signature, ID-based signature, ID-based mediated signature, ID-based aggregate signature. The main contributions are as follows:1. An efficient certificateless signature scheme from bilinear pairing is proposed. The security of the scheme is based on the intractability of the Computational Diffie-Hellman(CDH)、discrete logarithm problem (DLP). The proposed scheme is existential unforgeable in the random oracle model. The sign algorithm requires two scalar multiplications and one hash operation. The verify algorithm requires three pairing operations and two hash operations. The approach is effective to improve efficiency greatly.2. We study blind signature in certificateless cryptography, one with neither certificate nor key-escrow. The notion and construction of the certificateless blind signature scheme are first proposed. Security proof of the scheme is given. Analyses show that our scheme can enhance security.3. The certificateless partially blind signature scheme is proposed, with detail framework and security proofs. The scheme is shown to enhance security and efficiency.4. Analyses of two certificateless signature schemes improved by Cao et al. and Wang et al. are geven. The results show that their modification scheme is insecure against key replacement attack. The attack methods were presented. We then proposed a modification of their scheme and show its security.5. An efficient identity-based mediated signature scheme is proposed from bilinear pairing. The key generation centre does not issue new private keys for revoked identities and semi-trusted mediator (SEM) in advance. The private key will not be sent back to the user and SEM. Analysis shows that the proposed scheme reduces computation cost and bandwidth, and enhances security. The scheme is existential unforgeable in the random oracle model based on the intractability of the discrete logarithm problem.6. Aggregate signatures are useful in real world for reducing the size of signatures and the operation of signature verification. Cheng et al. presented an ID-based aggregate signature scheme from m-torsion groups and proved its security in the random oracle. However, we show that the original scheme is vulnerable to the inside attacks. One concrete attack method against the original scheme is given. An adversary can forge an aggregate signature by choosing appropriate parameters and make it pass verification.更多还原