【作者】 周由胜；

【导师】 卿斯汉；

【作者基本信息】 北京邮电大学 ， 密码学， 2011， 博士

【摘要】 计算机和网络等相关技术的发展改变了人们的生活方式,人们只需要点击电脑鼠标即可瞬间完成合同签署、邮件收发、购物等,计算机和网络正逐渐渗透到社会生活的每一个环节中。新技术为人们生活带来便利时,也带来了如个人电脑隐私数据泄露、网上银行系统被攻击等安全问题,如何解决数据的安全保存和传输问题成为社会焦点之一,这些问题归根结底是信息安全所要解决的问题。密码学是信息安全的基石,门限密码是密码学的一个重要分支,它将某种安全权限如签名权限通过一定的方式将其分散到多个群体成员上,只有达到门限数量的成员合作方能有效行使该权限,由此降低或者避免了因个体完全掌握权限导致密钥丢失、权限滥用或该成员被攻击者完全控制等带来的安全风险,从而提升了系统的容错性和安全性。因此,门限密码被广泛应用到数字签名、多方计算等领域。门限密码的概念提出后,引起广大研究人员的强烈兴趣,并已取得了大量研究成果,这为深入研究门限密码奠定了基础,提供了有益借鉴,但现有很多成果中仍然存在一些不足,例如某些门限方案不能抵抗欺骗攻击、缺乏可扩展性、秘密份额不可复用等,这些问题都有待于进一步完善。本文的目的是研究门限密码相关技术,主要内容包括门限秘密共享,群签名,门限签名,门限加密及相关技术等,主要贡献如下：1.对门限秘密共享方案进行了研究。现有门限秘密共享方案无法抵抗分发者或参与者欺骗攻击,而且很多秘密共享方案都是一次性方案,每次只能共享个或多个主秘密,一旦需要利用这些秘密共享方案继续共享秘密时,需要重新为每一个参与者重新分发秘密份额,代价巨大难以在实际中应用。针对这些问题,本文设计了一个可验证秘密共享方案和两个改进的多秘密共享方案,可验证秘密共享方案不仅能检测分发者和参与者的欺骗行为,还能识别欺骗者身份,两个改进的多秘密共享方案具有子秘密可重用和良好的可扩展性。2.对群签名方案进行了研究。数字签名体制尤其是群签名体制是研究门限签名的基础。针对现有很多VES方案中存在认证过程较为复杂的问题,设计了种高效的基于身份的可验证加密签名方案,该方案不需要复杂零知识证明系统,且在随机预言模型中是可证明安全的。群签名的安全性一直是群签名的研究重点,针对传统群签名方案中缺乏前向安全和后向安全保证的问题,设计了效率较高的双向安全群签名方案,为了满足群组签名中消息保密性和签名者匿名性等安全需求,同时考虑到实际应用中需要代理签名等情形,设计了安全的指定验证者的环签名方案和指定验证者代理环签名方案。3.对门限签名方案进行了研究。基于Shamir的门限秘密共享方案和Schnorr签名设计了一种分工式门限签名方案。方案不仅签名生成是门限的,而且签名验证也是门限的,即只有不少于签名门限个数的签名者合作才能生成签名,不少于验证门限个数的验证者合作才能验证签名的有效性。方案还具备可区分签名权限特性,每个签名者只需对文档的某个部分进行签名,而无需对整个文档进行签名,既提高了系统的运行效率,又保证了签名内容的保密性。4.对门限加密方案进行了研究。认证加密方案由于同时将签名和消息融合为一体而减少了传输代价,被用于诸如密钥协商等对通信量较少的应用中,但普通认证加密方案不适用现代分布式系统中。基于一种现有的认证加密方案,设计了一种新的门限认证加密方案,方案满足机密性,不可否认性,不可伪造性等安全性要求。更多还原

【Abstract】 The development of computer and network has been changing lifestyle, people can finish many activities, such as mailing, shopping in a flash, and computer and network are becoming basic tools in our life. Although new technologies are critical to enhance work efficiency, it brings along with many issues such as e-asset are stolen in e-commerce, private data are leaked, and e-banks are attacked. How to solve the security of data storage and transportation is turn into the key factor of development of network based applications, all above problems are the tasks of information security. As the basic of information security, cryptography are the emphasis of many researchers, threshold cryptography is one of the branches of cryptography technology. Some means are taken to distribute some privilege, for example, sign, encryption and authentication, into a group which is consisted with many members in threshold cryptography technology, these privilege can be taken into effect only if more than threshold number members cooperate effectively, then the security risks of key lost or privilege abuse will be lowered or avoided and the security and fault tolerant ability are bettered, so it has been applied to many fields such as digital signature, secure multiparty computation.Since the concept of threshold emerges, it attracts a lot of attentions from researchers, and a lot of research results have been proposed. Although these results are valuable for further study on threshold cryptography and they give lights on design new threshold cryptography scheme, there are some defects remain, such as some of them can not resist cheating, without scalability, shares are unreuseable etc.This dissertation mainly discusses threshold cryptography related technology, for example, threshold secret sharing, threshold encryption, threshold signature; the results of this paper are listed as below.1. Threshold secret sharing schemes were investigated. In many previous secret sharing schemes, the dealer and participants are supposed to be honest, however, this assumption are unreasonable. In addition, most previous secret sharing scheme is one-time secret sharing scheme, that is to say, it can only used to share one master secret one time, the shares of all members need to be redistributed once if a new secret to be shared, this will produce great computation cost inevitably, and it can hardly be put into practice. To eliminate these shortcomings, a verifiable threshold secret sharing scheme and two multi-secret sharing schemes are proposed in the paper, the former scheme not only can detect cheating from the dealer and participants of the scheme, and it can identify the identification of the cheater as well. The newly verifiable secret sharing scheme is more robust than previous code based secret sharing scheme, so that it can resist coalition attack. The shares of the modified schemes are reuseable, and they are scalable.2. Group signature schemes are investigated. Signature is the basis of threshold signature. According to the problem that requires complex authenticating in previous VES schemes, a new efficient id-based verifiably encrypted signature scheme is proposed based on Shim signature scheme, and the new scheme does not use any zero-knowledge proofs to provide verifiability, thus eliminates computation burden from complicated interaction. This scheme is provably secure in the random oracle model. Security is critical to group signature, taking account of lack of bilateral security in previous schemes, a novel bilateral secure group signature scheme is presented. Next, a designated verifier ring signature scheme that follows the idea of previous pairing based ring scheme was presented. To realize confidentiality and anonymity in group signature, and to meet the requirement of proxy signature in group signature, a designated verifier ring signature and a designated verifier ring proxy signature are presented in this paper.3. Threshold signature schemes are investigated. Based on Shamir threshold scheme and Schnorr signature, a novel threshold signature scheme was proposed. The proposed scheme not only has the property of threshold signature generation, but also has the property of threshold signature verification. In other words, at the group signature generation stage, the combiner of group signature can construct a valid signature of the signing group, and no less than k member in the verifying group can cooperate to verify the validity of the signature Furthermore, the scheme in this paper are group oriented signature scheme with distinguished signing authorities, in which the signers do not have to sign the whole documents but only a part of the document. By this, the efficiency of the system is enhanced and the security of system is ensured.4. Threshold encryption schems are investigated. Authenticated encryption schemes are applied into applications whose communication requirement is low, such as key agreement for that it can combine plaintext and signature into one body. However, authenticated signature scheme are unfit to modern distribute system. A novel threshold authenticated encryption scheme is proposed, it meets security requirements such as confidentiality, non-repudiation and non-forgeability.更多还原