【作者】 冯明君；

【导师】 何明星；

【作者基本信息】 西华大学 ， 计算机软件与理论， 2008， 硕士

【摘要】 随着计算机网络的迅速发展,人们希望通过电子设备实现快速、远距离的交易,数字签名应运而生,并开始应用于现实社会中。数字签名已经在信息保密、身份认证、数据完整性、不可否认性以及匿名性等方面发挥了重要作用。代理数字签名作为一种特殊签名体制,可以实现普通数字签名无法解决的代理问题。代理数字签名的这种特殊性使得它可以广泛应用于电子选举、移动通信、移动代理、电子商务等领域。自从1996年Mambo、Usuda和Okamoto首次提出代理签名概念以来,人们已提出了多种代理数字签名方案,如代理多重数字签名方案、门限代理数字签名方案以及盲代理数字签名方案等,代理数字签名的研究取得了丰硕的成果。然而,已提出的大多数代理签名方案的安全性是基于方案本身的抗密码分析能力,而没有考虑密钥的安全性。我们知道,任何人可以通过选用著名的代理签名方案,并选用大的安全参数来保证签名方案的安全性。但是,如果签名密钥被盗,则会导致灾难性的后果。目前最常见的防止密钥泄露的解决方法是采用多个服务器对密钥分布式共享,如门限签名方案。但是,多个服务器的运行成本较高,并且即使采用了分布式多个服务器,可能由于操作系统的安全漏洞,极有可能使窃密者采用同一手段窃取所有分布式密钥。因此,分布式所提供的安全性并没有人们想象中的那么高。前向安全技术是指确保密钥在短期使用时间内是安全的技术,其主要思想是把密钥的使用分成若干时段,所有时段的密钥对应一个不变的公钥,不同时段使用不同的密钥,当前时段密钥的泄漏不影响以前时间段密钥的安全性。前向安全数字签名思想的本质是数字签名的方向控制,即保证密钥丢失时段以前的签名仍是安全有效的,从而使签名密钥泄露后造成的损失尽可能降到最低。论文首先对分布式密钥共享方式的代理签名—门限代理签名做了一定研究,给出了安全性更好、功能更强大的门限代理签名方案,然后对前向和后向安全技术做了一定探索,最后结合前向安全技术,给出了一个具有前向安全的代理签名方案,该方案在保证前向安全的同时,由于是基于椭圆曲线密码体制的,所以方案本身具有更高的安全性,且方案的计算量较ECDSA没有增加。故本文对代理数字签名做了一些有益的尝试和探索。本文第一部分为绪论,首先对代理数字签名的产生背景、现实意义和发展状况进行了介绍,第二部分介绍了一些必要的相关数学和密码知识,第三部分分别介绍了三种基本数字签名方案和基本代理签名协议,并介绍了对数字签名方案的主要攻击方法。最后几部分为本文核心内容,对已提出的代理数字签名方案进行了分析,并提出了新的代理数字签名方案。本文所取得的主要研究成果如下:1对已有的门限代理签名方案中存在的合谋、伪造等攻击进行分析,提出了一种新的基于双线性对的门限代理签名方案,该方案不仅能抵抗合谋攻击和伪造攻击,而且可以根据原始签名人的需要,方便地回收部分代理签名人的签名权。同时,如果部分代理签名人的代理签名密钥泄露,可以方便地更换成新的代理签名密钥。2对一个基于椭圆曲线密码体制的前向安全数字签名方案进行了分析,证明了该方案并不仅不具有前向安全性,而且存在伪造攻击;随后提出了一种全新的基于ECC的前向安全数字签名方案,该方案不仅能真正达到前向安全,而且还具后向安全特点。3结合前向安全技术和代理数字签名特性给出了一种新的基于椭圆曲线的代理数字签名方案,该方案能真正达到前向安全性,而且在计算量上也较一般的椭圆曲线数字签名方案没有增加,这使得代理数字签名应用的安全性和实用性得到了一定的提高。更多还原

【Abstract】 With the rapid development of computer communication networks, it is deeply hoped that people can finish their trading activities quickly in the distance by the means of electronic apparatus. As a result, digital signature came into being which is widely used in E-commerce. Digital signature has been playing a very important role in the fields of information security, identity authentication, proxy digital signature can settle some proxy problems which other normal digital signature scheme cann’t solve. Because of this particularity, proxy digital signature can be widely applied to many fields, such as e-election, mobile communication, mobile agent, e-commerce activities and so on. Since the year of 1996 when Mambo, Usuda and Okamoto firstly advanced the concept of proxy signature, many proxy signature schemes have been proposed, such as proxy multi-signature scheme, threshold proxy signature scheme and proxy blind digital signature scheme. And plentiful achievem ents have been made in the studies of proxy digital signature. However, the security of many proxy signature schemes proposed are based on their anti-cryptanalysis abilities, other than the security of their private key. As we all known, anyone can construct a new and security proxy signature scheme through choosing a famous proxy signature and bigger security parameters, but, once the signature private key was stolen, the disaster result will come. The common method which prevents private key being revealed is to share the private key by many severs, such as threshold signature scheme. However, the cost of such kind of schemes is expensive through many severs sharing the private key, and even if by many severs to share the key, the thief can get all share key by the same method for the security hole of the sever operate system. So the security of the distribution is not the same secure as people think. The technique of forward security is a kind of techniques to keep the private key secure in a short period, whose main idea is that the key revealing of the present period doesn’t effect the security of the keys in previous periods, that means the signatures before the present key is revealed are all secure and effective. So it is of great significance to research secure efficient feasible proxy signature schemes in combining forward security technique. This paper made some meaningful attempts in the fields mentioned above.Chapter1, introduction of the backgrounds in which proxy digital signature e -merged, meaning in reality and development. Chapter2, introduction of some relative mathematics and cryptology. Chapter3, introduction of three classical signature systems, and three basical proxy signature protocols. The following three chapters, the main part of this paper, in this part, the author analyzed several already-proposed signature schemes and raised some new proxy signature schemes. The last part is the conclusions to the paper.The main contribution of this paper are as follows:1. Through the analysis of the exsisted attacks in threshold proxy signature schemes, we propose a new threshold proxy signature based on parings. The new scheme not only can resist conspiracy attack, but also can revoke the proxy signer’s proxy signing capability conveniently, and can change the part proxy signer’s proxy signing key effectively when needs.2. Through the analysis of a forward security digital signature scheme of ECC cryptography scheme, we proved that it has no forward security at all. we proposed a new digital signature scheme based on ECC, which not only has forward security, but also has backward security.3. Through combining forward security characteristic and proxy signature scheme, we proposed another new proxy digital signature scheme with forward security which promotes the security in application of the proxy digital signature.更多还原