【作者】 陆海军；

【导师】 谢琪；

【作者基本信息】 杭州师范大学 ， 计算机应用技术， 2012， 硕士

【摘要】 本文首先介绍了聚合签名和聚合签密技术,然后简单介绍了相关的数学知识和密码学原理,最后对基于身份聚合签名、无证书聚合签名和无证书聚合签密进行了较深入的研究。主要成果有：1、指出了一个基于身份聚合签名方案无法抵抗伪造攻击,当攻击者得到某个成员的签名后,就可以对任意的消息产生有效的签名。提出的改进方案弥补了其中的安全缺陷,在随机预言模型下证明新方案的安全性。2、针对无证书密码体制可以解决基于证书公钥密码体制的公钥认证问题和基于身份公钥密码体制的密钥托管问题,构造了无证书聚合签名的可证明安全模型,并提出了一个具体的签名长度与人数无关的聚合签名方案。基于计算性Diffie-Hellman难题,在随机预言机模型下,证明了新方案能够抵抗适应性选择身份和消息的存在性伪造攻击。3、构造了n个用户对n个不同消息生成聚合签密的可证明安全模型,设计了基于双线性对的无证书聚合签密方案。在随机预言机模型下,基于双线性Diffie-Hellamn难题和计算性Diffie-Hellamn难题,证明方案满足适应性选择消息攻击下的不可伪造性和适应性选择密文攻击下的保密性。更多还原

【Abstract】 In this dissertation, we firstly make a description about aggretage signature, aggregate signcryption and its security. Then, we reviewed the related mathematical knowledge. At last, we mainly research on ID-based aggregate signature, certificateless aggregante signature and certicateless aggregate signcryption. The main contributions are as follows:1. We show that an ID-based aggregate signature scheme can’t resist the forgery attack, because an attacker can generate a valid signature for any message if he has ever obtained a signature. Then, an improved scheme to overcome their weakness is proposed, and it is provably secure in random oracle model.2. Aggregate signature allows n different users to sign n different messages; the major challenge of designing this signature is how to achieve both security and efficiency. Certificateless cryptosystem can solve the key escrow of ID-based cryptosystem and the public key authentication of certification-based cryptosystem. A formal model of certificateless aggregate signature is proposed. Then propose a concrete certificateless aggregate signature, which the length of the signature is independent of the signers. Based on the hardness of computational Diffie-Hellman problem, the proposed scheme is secure against existential forgery under adaptive chosen identities and messages in random oracle model.3. A formal model of certificateless aggregate signcryption is proposed, which allows n different users to signcrypt n different messages. Then we propose a concrete certificateless aggregate signcryption scheme. Based on the Bilinear Diffie-Hellman Problem and Computational Diffie-Hellam Problem, the proposed scheme captures existential unforgeability against chosen message attacks (EUF-CMA) and indistinguishability of encryptions under adaptively chosen ciphertext attacks (IND-CCA2) in the random oracle model.更多还原