【作者】 张本慧；

【导师】 唐元生；

【作者基本信息】 扬州大学 ， 基础数学， 2013， 博士

【摘要】 秘密共享是现代密码学领域的一个重要分支,是信息安全和数据保密中的重要手段,并且在政治、经济、军事、外交中得到了广泛的应用。本文旨在研究秘密信息在分配和重构过程中会出现的各种问题,如没有秘密分发者参与如何共享秘密(联合随机秘密共享)、如何防止欺诈行为(可验证秘密共享)、如何解决参与者动态加入的问题(动态秘密共享)、如何共享多个秘密(多秘密共享)、通信率问题以及如何有效应用秘密共享技术。本文阐述了秘密共享技术的研究背景以及国内外研究现状,重点分析了某些典型方案的构造特点和性能缺陷,并在此基础上构造安全、有效、实用的秘密共享方案,同时,重点研究了秘密共享技术在证书认证方案中的应用。首先,指出了由秘密分发者分发共享份额会影响秘密共享技术的应用,会增加系统的实现成本并降低系统的安全性,所以研究无须秘密分发者参与的联合随机秘密共享方案具有重要意义,根据这类方案的研究现状,基于矢量空间存取结构提出一个联合随机秘密共享方案,并将其推广提出一个联合随机多秘密共享方案。在方案中提出一个基于椭圆曲线密码学(ECC)的验证算法保障方案的安全性,相比基于RSA/DSA密码学的秘密共享方案,本文的方案仅需要有限的存储空间和传输带宽,进一步降低方案的实现成本,使得方案更加具有实际应用价值。由于门限秘密共享仅是矢量空间秘密共享的一种特殊情形,所以相比传统的门限联合随机秘密共享方案,新的方案具有更加广泛的适用性。同时,基于Hermite插值多项式提出一个联合随机秘密共享方案,相比基于Lagrange插值多项式的联合随机秘密共享方案,本文的方案不失为一种新颖的思想。其次,指出了研究可验证秘密共享方案的必要性。在一个秘密共享方案中添加一个验证算法,检测秘密分发者和参与者是否存在欺诈行为以及是否存在外部攻击者的攻击行为,极大保证系统的安全性。我们研究学习了签密技术及其性能,鉴于其同时实现认证加密的功能以及仅需要较少计算和通信成本的特点,将其很好地应用到秘密共享方案中,提出一个矢量空间上的可验证多秘密共享方案,在秘密重构过程中同时实现签名和加密,有效防止欺骗行为的发生,并利用影子信息恢复秘密而不暴露子秘密从而保证了子秘密的安全,参与者可以动态加入而无须改变原先参与者的相关参数。同时,基于Dehkordi和MaShhadi的方案[118]提出两类新的可验证(t,n)-门限多秘密共享方案,新方案保持原有方案的特点：方案建立在非齐次线性递归的理论基础上；方案的安全性是基于椭圆曲线密码学的安全性；子秘密由参与者自己选取并且能够安全共享多个秘密；无须私密信道传输信息。两类新的方案还具有以下特点：能够允许参与者的动态加入而不须改变原先参与者的子秘密的值和所要共享的k个秘密的值；第一类方案可以在公开参数的数目保持不变的情况下,通过构造t-2阶非齐次线性递归使得重构多项式的次数从t+1降低为t-1；第二类方案将所需要共享的多个秘密隐藏在非齐次线性递归的等式中,在重构多项式的次数保持不变的情况下,通过改进原有的验证算法使得当t<n-1时公开参数的数目从2n+k-t+4降低为n+k+5；分析表明,新的方案具有很好的性能。再次,本文研究了如何构造高通信率的秘密共享方案。详细介绍了Wang和Wlong[121]给出的关于(t,n)-门限秘密共享方案通信率的一个上界和下界以及他们给出的一个构造方案,研究发现Wang和Wlong所构造方案[121]的通信率ρ=v/(v+t-l)l并不能被完全证明满足所给出的界。基于Wang和Wong的方案[121],本文提出一个改进的重构算法,剔除原有方案中参与者在恢复秘密时提供的冗余信息,降低总的通信量从而得到一个更高的通信率ρ’=v/(t(v-l+t)+(l-t)),并证明所得到的通信率满足下界且当l=t+v-1时可以达到上界。最后,本文研究了如何有效应用秘密共享技术。将本文提出的矢量空间联合随机秘密共享的思想应用到证书认证方案中,提出一个新的证书认证方案。此方案具有如下特征：利用椭圆曲线密码学技术保障安全性；证书认证机构(CA)由多个服务器组成；只有授权集合中的服务器可以合作为用户生成证书,而非授权集中的服务器却不可以,所以相比传统的解决方案,新方案具有更好的安全性；当一个甚至多个服务器有欺骗行为或者遭受攻击时,这些行为会被立即检测到,同时,只要诚实的服务器或未遭受攻击的服务器的数目满足矢量空间秘密共享的条件,整个系统仍然可以运行。更多还原

【Abstract】 Secret sharing is an important branch of modern cryptography. It is an important tool for the information security and data privacy and has been widely used in politics, economy, military and diplomacy. The purpose of this paper is to study on the various problems appearing in secret distribution and reconstruction process, such as how to share a secret without a trusted dealer(joint random secret sharing), how to prevent cheating(verifiable secret sharing), how to deal with new participants(dynamic secret sharing), how to share multiple secrets(multi-secret sharing), communication rate problem, and the application of secret sharing technology in other related areas. This dissertation reviews the research on secret sharing at home and aboard, analyses the characteristics and defects of some typical schemes, based on which several secure, efficient and practical secret sharing schemes are proposed, in addition, the application of secret sharing technology in certificate authentication scheme is well studied.Firstly, it is pointed out that the secret shares distribution from the trusted dealer to the participants will affect the application of secret sharing technology, raise the implementation cost and degrade the security of the whole system, so it is important to study on the joint random secret sharing scheme without a trusted dealer. According to the research advances of such schemes, a joint random secret sharing scheme based on vector space access structure is presented, and then an extended joint random multi-secret sharing scheme is also proposed. In these two schemes, a verifiable infrastructure based on elliptic curve cryptography (ECC) is used to prevent cheating from participants and outsider attackers. Compared with the secret sharing schemes based on RSA/DSA cryptography, the proposed schemes only need limited memory and communication bandwidth, so they are more valuable in practical applications. Compared with the traditional threshold joint random secret sharing schemes, the proposed schemes have more extensive applicability for the reason that threshold secret sharing is just a special case of vector space secret sharing. Meanwhile, a joint random secret sharing scheme based on the Hermite interpolation polynomial is presented. Compared with the traditional secret sharing schemes based on the Lagrange interpolation polynomial, this new scheme is a novel idea. Secondly, this dissertation points out the necessity of research on verifiable secret sharing scheme. In a verifiable secret sharing scheme, a verification algorithm is used to prevent the cheating from the dealer and participants, and detect the attack from outside attackers, which greatly ensures the security. Signcryption is a new technology, which can realize authentication and encryption simultaneously while its cost is almost equal to that of signature. In view of the good performance of signcryption, it is used to construct a verifiable secret sharing scheme. In such a scheme, the signature and encryption are realized simultaneously in the secret reconstruction process which can prevent cheating efficiently, and the secret shadow is used to recover the secret without disclosing the shares so that the security of shares is improved. When a new participant dynamically joins in the scheme, the old participants do not need to change their parameters. Meanwhile, two new types of (t,n)-threshold verifiable secret sharing schemes based on Dehkordi and Mashhadi’s scheme [118] are proposed in this dissertation. The proposed schemes have the same features as Dehkordi and Mashhadi’s scheme:the schemes are based on non-homogeneous linear recursive; the security is based on the security of elliptic curve cryptography; the secret shares are selected by the participants themselves and multiple secrets can be shared safely; the schemes do not need a private channel. In addition, the proposed schemes have the following characteristics:new participants dynamically join in the scheme without changing the secret shares of old participants and the k shared secrets; in the first type schemes, the number of public parameters remains unchanged while the degree of reconstruction polynomial is reduced from t+1to t-1by constructing non-homogeneous linear recursion of degree t-2; in the second type schemes, the multiple secrets are hidden in the equations of non-homogeneous linear recursive, and the original verification algorithm is modified so that the number of public parameters is reduced from2n+k-t+4to n+k+5when t<n-1with the degree of reconstruction polynomial unchanged; the proposed schemes are shown to have good performance.Thirdly, another purpose of this dissertation is to construct a secret sharing scheme with high communication rate. An upper bound and a lower bound of communication rate for (t,n)-threshold schemes were proposed and testified by Wang and Wong [121], meanwhile an ideal scheme was constructed by them. It is shown that the communication rate ρ=v/(v+t-l)l derived by Wang and Wong cannot prove to meet the bound. Based on Wang and Wong’s scheme [121], an improved reconstruction algorithm is proposed to eliminate the superfluous information provided by participants in the secret recover phase, and a higher communication rate p’=v/(t(v-l+t)+(l-t)) is figured out which proves to meet the lower bound and achieve the upper bound when l=t+v-1.Finally, it is important to take consideration of the application of secret sharing technology in other fields. Based on the vector space joint random secret sharing scheme we proposed, a novel certificate authentication scheme is presented. The proposed scheme has the following features:the security of the new scheme is based on the security of elliptic curve cryptography, so it is more valuable in applications with limited memory and communication bandwidth; the Certification Authority(CA) in our scheme consists of multiple servers; the servers in an authorized subset are necessary to create a certificate while the servers in an unauthorized subset can do nothing, so the scheme is more secure than conventional certificate-based solutions; the dishonest servers and outsider attackers can be easily detected and the whole system can still run as long as the number of honest servers satisfies the condition of vector space secret sharing.更多还原