【作者】 田壁鸣；

【导师】 何明星；

【作者基本信息】 西华大学 ， 计算机应用技术， 2007， 硕士

【摘要】 通信系统中的安全问题是依靠密码体制来解决的。现代密码体制总是假定算法是公开的，因此密码系统的安全就完全取决于密钥的安全，密钥是密码系统的核心。由于对称加密在效率上的优势，通常需要在通信各方之间共享一个对称会话密钥。一个重要的问题是如何构造有效协议为在通信群组间建立密钥。目前主要存在两种通信群组密钥建立协议，一种是集中式密钥分配协议，另一种是密钥协商协议。单个服务器的集中式密钥分配模式容易造成单点失败，目前较多研究是分布式密钥分配协议。此外，通过不可靠信道进行密钥分配的自愈密钥分配协议也是当前研究热点。密钥协商协议由群组成员共同协商一个基于对称加密体制的群组密钥。秘密共享，即在群成员之间共享秘密信息，一定数量的群成员就能恢复出共享的秘密。秘密共享是密钥分配的基础、是密码学研究的一个重要方向，是保护信息和数据的重要手段。本文主要研究内容是秘密共享，自愈密钥分配协议和分布式密钥分配协议。Hwang和Chwang提出了一个具有新特性的秘密共享协议HCSS(Hwangand Chwang’s Secret Sharing Protocol)，但是该秘密共享协议有很大的存储开销。本文对原协议进行改进，并对改进的协议进行性能分析。改进的协议降低了群管理员的存储开销，但没有降低原协议的安全性。方案允许用户自主选择子密钥，即使在初始密钥分配阶段，也没有群管理员和用户之间必须存在保密信道的要求。在更新系统密钥时，只需群管理员重新进行参数选取和相关的计算，无须更改每个成员的个人密钥，每个成员的个人密钥可以重复使用。应用改进的秘密共享协议到自愈密钥分配协议的设计中，第一次将自愈密钥分配协议的存储复杂度降到一个常数。在系统建立阶段，成员的个人密钥由成员自主选取而不是由群管理员分发，取消了群管理员和群成员之间安全的一对一的安全信道的约束。在扩展个人密钥使用期时，不需要群管理员和群成员之间可靠信道的要求，也不需要增加广播信息的长度，仅需要群管理员更新公告牌上的信息。提出一个具有新特性的自愈密钥分配协议。第一个特性是属于当前会话的大于门限值的群成员联合，能够协助一个新成员加入会话群组，不需要和群管理员的任何交互信息。第二个特性是取消了每组会话数目的规定，相应地，取消了个人密钥存储复杂度和通信复杂度随每组会话数线性增长的约束。此外，只要删除不超过门限值的成员，个人密钥就可以一直使用，不需要更新。基于RSA公钥密码学，结合可验证秘密共享和知识证明给出了一种计算上安全，可以检测欺骗者的会议密钥分配方案。该方案实现简单，用户计算开销少，安全性等价于RSA中的大素数分解问题。更多还原

【Abstract】 The security of communication depends on the cryptosystem. The encryption algorithm is assumed public to the attackers in modern cryptography. The security of cryptosystem lies on the keys’ security entirely. We can say the key is the core of cryptosystem. One common sense goes that the efficiency of symmetric cryptosystem is superior to that of asymmetric cryptosystem, so it is wise to providing symmetric key that can be used to encrypt and decrypt messages the users wish to send each other. A meaningful question to be answered is how to establish the session key efficiently in communication group. There are two kinds of key establishment protocol. The first one is central key distribution protocol and the second one is key agreement protocol. Single Server performs much works in the central key distribution protocol, so it is the first attack target. Research works focus on distributed key distribution protocol in recent years. The protocol of distributing a group key amongst a dynamic group of users over an unreliable network is another hot research topic.Secret sharing, that is, share a secret amongst users in a group, such that only specified subsets of the whole users can later recover the secret. Secret sharing is the foundation of key distribution and important measure to protect information and data.Hwang and Chwang proposed a method to realize a threshold secret sharing (HCSS) protocol with the novel property. However, the storage overhead is rather high. An improved protocol and its performance analysis are given in the paper. The improved scheme kept the properties of the original paper that users can select their personal key by themselves instead of being distributed by group manager at the same time decreased storage overhead greatly. The constraint of secure channel between the group manager and users can be concealed. During the period of rekeying, the work of selecting parameters and related computation is performed by the group manager. The personal key of user can be reused.By introducing the novel secret sharing scheme to the design of self-healing key distribution scheme, an efficient computationally secure self-healing group key distribution protocol is obtained. It is the first time to realize constant length of personal key storage overhead. During the period of system initiation, user selects his personal key by himself instead of being distributed by group manager. That is, the scheme conceals the requirement of a secure channel in setup step. In addition, after a set of sessions have expired, the construction of extending lifetime is much more efficient than those in previous schemes.A self-healing key distribution protocol with novel properties was proposed. The first property is a coalition of users more than threshold can sponsor a user outside the group for one session without any interaction with the group manager. The second property is overcoming the restriction of m sessions, unlike previous works. Consequently, the storager overhead of personal key and communication overhead will not increase with m. Moreover, if less than the threshold users were deleted, the personal key can be used without rekeying.A computationally secure distributed key distribution protocol, based on RSA public key cryptography, combined with verifiable secret sharing scheme and zero-knowledge proof technique, is proposed. The cheater can be detected easily. The protocol is very simple. The computation overhead is small. The security of the protocol equals to decomposing of great prime in RSA.更多还原