【作者】 林兆；

【导师】 曹珍富；

【作者基本信息】 上海交通大学 ， 计算机软件与理论， 2008， 硕士

【摘要】 在现实生活中,数字签名获得了广泛的研究和发展,并成为信息安全体系的重要基础。随着计算机网络、信息技术的飞速发展,人们的日常生活越来越离不开网上电子商务和电子政务,如电子银行、电子购物、和电子投票等。1996年,Jakobsson, Sako和Impagliazzo提出了指定验证者签名,在这种签名体制中只有签名者指定的验证者才能验证签名的有效性。由于这种特殊性质,指定验证者签名得到了高度的重视和深入的研究,具有不同性质的指定验证者签名方案也不断涌现,并且被应用于电子商务和电子政务的各种场合。对于一个安全的指定验证者签名方案来讲,如果能够缩短它的签名长度,那么对于一些带宽受限的应用场合来讲,其意义是不言而喻的。2006年,Huang,Susilo,Mu和Zhang提出了两个短的强指定验证者签名方案,是迄今为止从签名生成和签名长度上来讲是最为有效的。比如他们的方案在签名生成过程中,复杂的计算可以离线完成;当签名所选的哈希函数值域为160比特时,整个签名长度就只有160比特。因此,对于通信带宽受限的应用场合来讲,短指定验证者签名具有其特殊优势。自认证的密码系统最初由Girault在1992年提出。作为一种介于证书密码系统与基于身份密码系统的中间类型,它可以隐式地对公钥进行认证,即不像前者那样需要明确的证书对公钥进行认证;同时又可以避免存在于后者中的密钥托管问题。基于自认证的公钥体制有诸多优点:由于不需要公钥证书,降低了对存储空间的需要;由于不再需要对公钥进行单独认证,减少了计算代价;由于不需要传输公钥证书,降低了通信代价。由于用户自选私钥,具有更高的安全性。因此,在本篇文章中,我们首次将短指定验证者签名与自认证密码系统相结合,从而提出第一个基于自认证密码系统的短指定验证者签名方案。该方案不仅具有Huang等学者提出的短的强指定验证者签名方案的优点,又融入了自认证公钥密码体制的特点,计算代价小、通信传输量少。随着无线网络和移动通信技术的日益普及,研究基于自认证公钥密码系统的指定验证者签名对电子商务和电子政务的建设,尤其是在移动通信网络中的建设有着重要的理论意义和应用价值。最后,本篇文章对所提的方案作了总结与后续工作的展望。更多还原

【Abstract】 In daily life, there is extensive research and development on digital signature, which has become important foundation of information security systems. With the rapid development of network and information technology, electronic commerce and government affairs have become more and more related to everyone, such as electronic bank, electronic shopping and electronic voting. In 1996, Jakobsson, Sako and Impagliazzo proposed the concept of designated verifier signature, in which only the designated verifier can verify the validity of signature. Because of such special property, designated verifier signature has gained intensive attention and deep research. Desginated verifier signature schemes with different feature have sprung up and applied into different scenes in electronic commerce and government affairs.For a secure designated verifier signature scheme, if we could shorten its length, it would be significant. In 2006, Huang, Susilo, Mu and Zhang proposed two short strong designated verifier signature schemes, which are by now the most efficient on signature’s generation and length. For instance, in their schemes, complicated computing can been finished offline and the length of signature is 160 bits when the range of the selected hash function is 160 bits. Hence, short designated verifier signature is particulally usefull in circumstance where bandwidth is limited.Self-certified cryptosystem is firstly propsed by Girault in 1992. As an intermediate type between certificate cryptosystem and id-based cryptosystem, it doesn’t need explicit authentication to public key by certificate and have the key escrow problem. Self-certified cryptosystem has lots of advantages: less storage spaces, computing and communication; more secure since user can select his private key by himself.Therefore, in this thesis, by the first time we combine short designated verifier signature and self-certified cryptosystem and propse the first short designated verifier signature scheme based on self-certified cryptosystem, which not only has the advantage of Huang et al.’s schemes, but also takes in the feature of self-certified cryptosystem.With the popularization of wireless network and mobile communication technology, there will be greater significance in theory and application for electronic commerce and government affairs and especially for the establishment of mobile network to study self-certified short designated verifier signature.Finally, we give some open questions and prospect the further research focus of our scheme.更多还原