【作者】 孙昌霞；

【导师】 马文平；

【作者基本信息】 西安电子科技大学 ， 密码学， 2013， 博士

【摘要】 基于属性的数字签名体制能够细粒度地划分身份特征，其身份被看作是一系列属性特征的集合，只有满足特定属性或某种特定访问控制结构的签名者才可以进行有效的签名。基于属性的数字签名体制因在强调匿名性身份和分布式网络系统方面的应用有着基于身份的密码体制无法比拟的优势，且其应用更为直观、灵活、广泛，而引起学者的广泛关注，目前已成为公钥密码学研究领域的一个热点。本文主要着眼于设计安全可靠、实用的基于属性的签名方案，重点对基于属性签名方案的多属性授权机构、无可信中心授权机构、签名托管/委托及可证明安全等问题展开研究，具体如下：1．采用访问控制结构，设计一个多个属性授权机构的基于属性的签名方案。在方案中，用户的多个属性由不同的授权机构监管，要求多个属性授权机构之间不能互相通信，且由中心属性授权机构（CAA）统一管理。安全分析表明所提方案能够抵抗伪造性攻击和合谋攻击，并同时拥有保护签名者的私密信息和较高的签名效率的优势。2．采用全域属性参数，使用访问结构树对属性进行细粒度划分，设计出一个多个属性授权机构的基于属性签名方案。同时，系统地证明方案的安全性归约为计算Diffie-Hellman问题，若计算Diffie-Hellman问题假设成立，则方案能够抵抗伪造性攻击及抗合谋攻击。3．为解决多个属性授权机构不能互相通信,且需要有一个中心属性授权机构（CAA）来管理的约束，设计了一个不需要可信中心属性授权机构的多个属性授权机构签名方案。方案中，将中心属性授权机构移除，使多个属性授权机构体制的安全性不再受可信中心属性授权机构的约束，从而提高了系统的安全性和实用性，同时给出方案的安全性证明。4．为解决基于属性的签名体制的密钥托管问题，提出不需要可信属性授权机构（AA）的方案。在方案中，由属性授权机构（AA）和用户共同产生签名私钥，从而保证属性授权机构（AA）无法冒充用户签名，能有效保证系统的安全。同时定义相应的安全模型，并证明该方案的安全归约为计算Diffie-Hellman问题。5．为解决基于属性签名体制中签名权利委托的问题，设计一种基于属性的代理签名方案，原始签名者将签名权利委托给具有一组属性特征的代理签名人。经分析表明，所设计的方案满足可区分性、可验证性、强不可伪造性、强可识别性、强不可否认性、抗滥用性及抗合谋攻击的安全性。6．进一步研究基于身份的代理签名体制，设计一种可证明安全的基于属性的代理签名方案。同时，定义了基于属性的代理签名的安全模型，给出方案完整的证明过程，证明该方案的安全归约为计算Diffie-Hellman问题。更多还原

【Abstract】 The attribute-based digital signature system can be fine-grained division identity,and its identity is a set of descriptive attributes. A signer can sign validly when hepossesses some certain attributes, or some specific access control structures. Because ofthe emphasis on application of the anonymity of identity and distributed network system,the attribute-based digital signature system has many advantages compared with theidentity-based cryptography. The attribute-based digital signature scheme also has moreintuitive, flexible and extensive applications, so many scholars pay attention to it, and itis currently a hot research topic in the field of public-key cryptography. The papermainly focuses on the design of a safe, reliable and practical attribute-based signatureschemes, emphasizing on multi-authority attribute-based signature scheme,attribute-based signature scheme without a trusted authority, signature of key escrow,provable security issues and so on.Our works can be summarized mainly as follows:1. A multi-authority attribute-based signature scheme is designed with access controlstructures, where the attributes of users are monitored by different authoritiesrespectively and it is required that these authorities can not communicate with eachother, and be managed by a center attribute authority (CAA). Security analysis shows thatthe proposed scheme is secure against forgery attack and collusion attack, and at thesame time, this scheme has some advantages, such as protecting the signer’s privateinformation, and a higher efficiency in signature.2. A multi-authority attribute-based signature scheme is designed in a large universeusing access structure tree to classify fine-grained attributes. In the meanwhile, thesecurity of the scheme is systematically proved equal to computationalDiffie-Hellman problem. If the assumption of computational Diffie-Hellman problemholds, the scheme is secure against existentially unforgeability attack and collusionattack.3. In order to solve the restriction that multiple attribute authorities can not communicatewith each other and these multiple attribute authorities are managed by a centralattribute authority (CAA), a multi-authority attribute-based signature without a centralauthority is designed. In the scheme, central attribute authority (CAA) is removed,sothat the security of a multi-authority attribute-based signature is no longer subject tothe central attribute authority (CAA).Consequently, the scheme increases the system’ssecurity and applicability. In the meantime, gives the scheme’s security proof in this paper.4. In order to solve the key escrow problem of attribute-based signature scheme, anattribute-based signature scheme without a trusted central attribute authority (AA) isfirstly presented in this paper whose private key is generated by the attribute authority(AA) and the user commonly, thus ensuring that the attribute authority (AA) can notimpersonate the user’s signature and effectively guaranteeing the safety of the system. Inthe meanwhile, the corresponding security model is defined, and the scheme is provedsecure equal to computational Diffie-Hellman problem.5. To solve the delegation of the signing rights in the attributes-based signature scheme,an attribute-based proxy signature scheme is provided in this paper in which theoriginal signer delegates his private key to a proxy signer with some special attributesto sign some message on behalf of the original signer. The proposed scheme isanalyzed and proved that it possesses some security of proxy signature, such asdistinguishability, verifiability, strong unforgeability, strong identifiability, strongundeniability, anti-misuse and anti-collusion attack.6. A provable secure attribute-based proxy signature is devised through further study onattribute-based signature scheme. We firstly give the formal syntax of anattribute-based proxy signature and the formal security model in the random oracle.The scheme is proved to be secure against existential forgery under selectiveattributes and adaptive chosen-message attack. Its security can be reduced to thehardness of the computational Diffie-Hellman problem.更多还原