【作者】 熊虎；

【导师】 秦志光；

【作者基本信息】 电子科技大学 ， 信息安全， 2009， 博士

【摘要】 面向多方的数字签名不仅在信息安全中扮演着重要的角色,而且在电子商务、电子政务等领域有着广泛的应用。本文的主要目标是研究面向多方的数字签名协议,包括构造或改进、安全性分析、安全性证明和应用协议设计,利用双线性对,二次剩余等技术建立一些适合特殊应用场合的签名方案并探讨其在电子商务中的应用。具体内容涉及到门限签名、环签名、代理签名、代理环签名和电子拍卖协议,主要成果体现在以下几个方面：以公钥认证方法为线索,提出了两个在标准模型下可证安全的门限签名方案：基于身份的门限签名和无证书的门限签名。我们首先给出形式化定义,规范了安全模型,然后描述提出的方案,最后给出其安全性证明。现有方案的安全性要么只给出了简单的安全性分析,要么给出了在随机预言机模型下的安全性证明,对于基于身份的门限签名方案,提出的方案的安全性证明利用了Paterson签名方案的证明技巧,其安全性证明不需要借助随机预言机模型,在标准模型下就可以完成。对于无证书的门限签名方案,根据Wang等人提出的无证书门限签名方案中可模拟性的概念,通过证明基本的基于身份的签名方案是不可伪造的和相应的无证书的门限签名方案是可模拟的,在计算Diffie-Hellman问题是困难的假设下,在标准模型中证明了其不可伪造性。利用二次剩余提出了一个新的基于身份的环签名方案,并在随机预言机模型中给出了安全性证明,在大数因子分解困难的假设下,该方案被证明是安全的。现有的基于身份的环签名方案都是利用双线性对构建的,运行效率较低,与这些利用双线性对构造的方案相比,该方案具有更高的效率。基于环签名及密钥链技术,设计了一个新的密封投标的电子拍卖协议。所给协议具有如下特点：(1)安全性好,能够满足投标者匿名、投标价保密、不可否认性以及不可伪造等密封电子拍卖的所有安全性要求；(2)安全性高、步骤简略。无证书的代理签名方案在保留基于身份的代理签名不需要证书的优点下,成功地解决了基于身份的代理签名方案中的密钥托管问题。本文给出了无证书代理签名的安全定义,并建立了形式化安全模型。与以往的方案不同的是,新方案的安全性得到了形式化的证明,其安全性建立在计算Diffie-Hellman问题是困难的假设下。基于身份的代理环签名近年来受到了密码学和信息安全界的普遍关注,我们首次给出了基于身份的代理环签名方案的形式化定义和安全模型,并利用双线性对提出了一个具体的方案。在随机预言机模型中给出了安全性证明,在计算Diffie-Hellman (CDH)问题是困难的假设下,该方案被证明是安全的。最后,性能分析结果表明我们的方案在效率方面要优于目前存在的其他方案。更多还原

【Abstract】 Multi-party signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. In this thesis, we focus on construct-ing or improving of signature schemes, security analysis, security proof, and designing of applied protocols. Here we construct some multi-party signature suitable for especial re-quirements based on the quadratic residues and bilinear pairings. Our research works are related to the threshold signature, ring signature, proxy signature, proxy ring signature and electronic auction protocols. The main contributions are as follows.The idea of threshold cryptography is to distribute the secret information and compu-tation among multi parties in order to prevent a single point of failure or abuse. Recently, Paterson and Schuldt proposed an Identity-based (ID-based) signature scheme which is provably secure in the absence of random oracles. We propose an ID-based threshold sig-nature scheme and a certificateless threshold signature based on their signature scheme, respectively. Both of the proposed construction are proved secure in the standard model. To the best of our knowledge, previous related schemes could only be proved secure in the random oracle model.We firstly propose an ID-based ring signature scheme based on quadratic residue. The proposed scheme is proven to be existential unforgeable against adaptive chosen message-and-identity attack under the random oracle model, assuming the hardness of factoring. Because the proposed scheme does not need pairing computation, a powerful but computationally expensive primitive, so it is more efficient than those which are con-structed from bilinear pairing. An efficient sealed-bid electronic auction protocol based on the ring signature and encryption key chain had been proposed. The peculiar charac-teristics of our protocol are non-repudiation of bidders but preserving their anonymity and allowing the auctioneer to determine the wining bid without revealing the losing bid. Our protocol has additional characteristics such as public verifiability, unforgeability, correct-ness and fairness.In order to eliminate the use of certificates in traditional proxy signature and the key-escrow problem in identity-based proxy signature, the notion of certificateless proxy signature was introduced. We first present a security model for certificateless proxy sig- nature schemes, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie-Hellman problem in the random oracle with a tight reduction. Identity-based (ID-based) proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. We firstly propose a feasible ID-based proxy ring signature scheme based on bilinear pairings. The proposed scheme is proved to be existential unforgeable against adaptive chosen message-and-identity attack under the random oracle model, assuming the Computational Diffie-Hellman problem is hard to solve. Finally, our scheme turns out to be more efficient than the previously proposed ones.更多还原