簡易檢索 / 詳目顯示

回結果列表
研究生: 謝濱燦
Hsieh, Bin-Tsan
論文名稱: 適用於複合式環境下可證明安全的代理簽章法
Provably Secure Proxy Signature Schemes for Compound Circumstances
指導教授: 孫宏民
Sun, Hung-Min
曾新穆
Tseng, Shin-Mu
學位類別: 博士
Doctor
系所名稱: 電機資訊學院 - 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2005
畢業學年度: 93
語文別: 英文
論文頁數: 62
中文關鍵詞: 代理簽章可證明安全
外文關鍵詞: identity-based, sroxy signature, provably secure
相關次數: 點閱:77下載:1
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    •   代理簽章是一般數位簽章的一種變化,它能使代理簽章者代理原始簽章者來簽署文件。在許多應用環境中,代理簽章已顯示出其用途。例如:經理可以授權他的秘書代替他來簽署文件,當這個經理正在渡假。代理簽章更可用在電子交易及行動仲介的環境中。
      除了一般的代理簽章,許多帶有特殊性質的代理簽章也相繼被提出,像是只用一次的代理簽章、不可分割的代理簽章、指名的代理簽章等。許多代理簽章已被發現並不安全但是有些則尚未被發現,然而,我們並不知道這些未被發現問題的代理簽章其實際安全性有多高,因為許多並沒有被證明安全。
      近年來,結合雙線性對應特性的橢圓曲線密碼學成為令人關注的領域。在此領域中,以植基於憑證以及植基於身份的密碼方法均被廣泛的討論。橢圓曲線密碼學變成一項非常好的選擇因為它和離散對數難題比起來在相同的安全情況下有較低的金鑰長度。橢圓曲線密碼學也被IEEE P1363公開金鑰標準所採用。許多代理簽章便是設計在結合雙線性對應特性的橢圓曲線密碼學環境下並享有其特性所帶來的便利性。
      在此論文中,我們首先提出一個代理簽章直覺的想法並且提出一個一般的建構方法來實現這個想法。我們並且對於這個方法證明其安全性。更進一步,我們也提出了可證明安全性的代理簽章植基於雙線性對應的橢圓曲線密碼學上。為了能夠提高代理簽章的彈性,我們提出了兩個適用於複合式環境下可證明安全性的代理簽章。其一所應用的複合環境是當原始簽章者使用植基於憑證的金鑰環境而代理簽章者使用植基於身份的金鑰環境。另一個則是剛好相反的,也就是原始簽章者用植基於身份的金鑰環境而代理簽章者使用植基於憑證的金鑰環境。對於上述兩種方法我們均提出安全性證明及效率分析。

      A proxy signature scheme, a variation of ordinary digital signature scheme, enables a proxy signer to sign messages on behalf of the original signer. Proxy signature schemes have been shown to be useful in many applications. For example, a manager can delegate his secretaries to sign documents while he is on vacation. Proxy signature schemes can also be used in electronics transaction and mobile agent environment.
      Besides the ordinary proxy signature schemes, many variations were proposed with special properties, such as one-time proxy signature scheme, atomic proxy signature scheme, nominative proxy signature ... etc. Many proxy signature schemes were found to be insecure but some are not. However, we do not know the exactly security of them since they did not provide security proofs.
    Recently, the elliptic curve cryptography with bilinear mapping becomes an interesting field. In the field, both certificate-based and identity-based cryptographic schemes are widely discussed. The elliptic curve cryptography becomes a good choice because it reduces the computation cost while remaining the same security level compared with the discrete logarithm computation. The elliptic curve cryptography is also adopted as in IEEE P1363 Standard for public-key cryptography. Several proxy signature schemes are designed based on the bilinear mapping, and enjoy the convenience of the property of bilinear mapping.
      In this thesis, we first proposed an intuitive notion of a proxy signature and subsequently proposed a general construction of the intuitive notion. We also proof the security of the security of the proposed proxy signature in random oracle model. More advanced, we proposed a provably secure proxy signature from bilinear mapping and also gave the security proof and performance analysis. To enhance the flexibility of a proxy signature scheme, we also proposed two provably secure proxy signature schemes for compound circumstances. One is for the circumstance that the original signer is in certificate-based key setup while the proxy signer is in identity-based key setup. The other one is for the circumstance counter to the previous one; the original signer is in identity-based key setup while the proxy signer is in certificate-based key setup. Both of them were also given the security proof and performance analysis.

    1 Introduction 1  1.1 Proxy Signature Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1  1.2 Elliptic Curve and BilinearMapping . . . . . . . . . . . . . . . . . . . . . . . . 2  1.3 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3  1.4 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Preliminary 5  2.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5  2.2 Proof Idea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3 RelatedWorks 12  3.1 The Boneh-Lynn-Shacham Signature and Its Security . . . . . . . . . . . . . . 12   3.1.1 Construction of the Boneh-Lynn-Shacham Signature Scheme . . . . . . 12   3.1.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13  3.2 Hess’s Identity-based Signature Scheme . . . . . . . . . . . . . . . . . . . . . . 15  3.3 Review of Some Proxy Signature Schemes for Simplex Circumstance . . . . . . 16   3.3.1 Zhang-KimProxy Signature Scheme . . . . . . . . . . . . . . . . . . . . 16   3.3.2 Zhang-Safavi-Naini-Lin Proxy Signature Scheme . . . . . . . . . . . . . 17   3.3.3 Zhang-Safavi-Naini-Susilo Proxy Signature Scheme . . . . . . . . . . . . 19   3.3.4 Comparison among the Proxy Signature Schemes . . . . . . . . . . . . . 20 4 Intuitive Notion and General Construction of a Proxy Signature Scheme 21  4.1 Security andModeling of a Proxy Signature Scheme . . . . . . . . . . . . . . . 21   4.1.1 Security Requirements of a Proxy Signature Scheme . . . . . . . . . . . 22  4.2 An Intuitive Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23   4.2.1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24  4.3 General Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24   4.3.1 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27   4.3.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28   4.3.3 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5 A Provably Secure Proxy Signature Scheme from Bilinear Mapping 31  5.1 Proxy Signature Scheme fromBilinearMapping . . . . . . . . . . . . . . . . . . 31  5.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34  5.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36  5.4 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 6 Two Provably Secure Proxy Signature Schemes for Compound Circumstances 38  6.1 Provably Secure Proxy Signature Scheme with orderly Combining B.-L.-S. and Hess’s Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38   6.1.1 Construction of the Proxy Signature Scheme . . . . . . . . . . . . . . . 38   6.1.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42   6.1.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44   6.1.4 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45  6.2 Provably Secure Proxy Signature Scheme with orderly Combining Hess’s Signature and B.-L.-S. Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46   6.2.1 Construction of the Proxy Signature Scheme . . . . . . . . . . . . . . . 46   6.2.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50   6.2.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51   6.2.4 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 7 Conclusion 54 Bibliography 56

    [1] M. Al-Ibrahim and A. Cerny, “Proxy and threshold one-time signatures,”ACNS 2003, LNCS 2846, pp. 123-136, 2003.
    [2] P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott, "Efficient algorithms for Pairingbased cryptosystems", Proc. Crypto ’02, Santa Barbara, CA, USA, pp. 354-369, August 2002.
    [3] D. Boneh, B. Lynn, H. Shacham. Short Signatures from the Weil Pairing. In Proceedings of Asiacrypt 2001.
    [4] M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols,” Proc. of the First ACM Conference on Computer and Communications Security, pp. 62—73, November 1993.
    [5] M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,”Advances in Cryptology EUROCRYPT’98, LNCS 1403, Springer-Verlag, pp.127-144, 1998.
    [6] A. Boldyreva, A. Palacio and B. Warinschi, “Secure proxy signature schemes for delegation of signing rights,”Preprint available at http://eprint.iacr.org/2003/096/.
    [7] D. Boneh, “The decision Diffie-Hellman problem,” Proc. of Third Algorithmic Number Theory Symposium, pp. 48—63, 1998.
    [8] D. Chaum and H. van Antwerpen, "Undeniable signatures", Advances in Cryptology-CRYPTO ’89 Proceedings, Springer-Verlag, pp. 212-216, 1990.
    [9] D. Chaum, "Zero-knowledge undeniable signatures", Advances in Cryptology-
    EUROCRYPT ’90 Proceedings, Springer-Verlag, pp. 458-464, 1991.
    [10] R. Canetti, O. Goldreich and S. Halevi, “The random oracle methodology, revisited,”Proc. of the 30th Annual ACM Symposium on Theory of Computing, pp. 209—218, 1998.
    [11] J.C. Cha and J.H. Cheon, “An identity-based signature from gap Diffie-Hellman groups,”Public Key Cryptography - PKC 2003, LNCS 2139, pp. 18-30, Springer Verlag, 2003.
    [12] D. Chaum, "Blind signatures for untraceable payments", Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, pp. 199-203, 1983.
    [13] I. Damgard and M. Koprowski, "Practical threshold RSA signatures without a trusted dealer," Advances in Cryptology EUROCRYPT’01, LNCS 2045, Springer-Verlag, pp. 152-165, 2001.
    [14] Y. Desmedt and Y. Frankel, “Threshold cryptosystems,” in Advances in Cryptography-Crypto’89, LNCS 435, pp. 307-315, 1989.
    [15] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, Vol. 22, No. 6, pp. 644—654, 1976.
    [16] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithm,”IEEE Transactions on Information Theory, pp. 469—472, 1985.
    [17] P.A. Fouque and J. Stern, "Fully distributed threshold RSA under standard assumptions,"Advances in Cryptology ASIACRYPT’01, LNCS 2248, Springer-Verlag, pp. 310—330, 2001.
    [18] E. Fujisaki and T. Okamoto, “Statistical zero knowledge protocols to prove modular polynomial relations,”Advances in Cryptology CRYPTO’97, LNCS 1294, Springer-Verlag, pp. 16—30, 1997.
    [19] S. Goldwasser, S. Micali and C. Rackoff, “The knowledge complexity of interactive proof systems,” SIAM Journal on Computing, Vol. 18, No. 1, pp. 186—208, February 1989.
    [20] L.C. Guillou and J.J. Quisquater, “A "paradoxical" identity-based signature scheme resulting from zero-knowledge,”Advances in Cryptology- Crypto 1988, LNCS, Springer-Verlag, pp. 216-231, 1988.
    [21] L. Harn, "New digital signature scheme based on discrete logarithm", Electronics Letters, Vol. 30, No. 5, pp. 396-398, 1994.
    [22] F. Hess, “Efficient identity based signature schemes based on pairings,”SAC 2002, LNCS 2595, pp. 310-324, Springer-Verlag, 2002.
    [23] H. Petersen and P. Horster, "Self-certified keys - concepts and applications," pp. 102-116, Chapman &Hall, 1997.
    [24] J. Herranz and G. Saez, “Verifiable secret sharing for general access structures, with application to fully distributed proxy signatures,”In Financial Cryptography (FC’03) , LNCS 2742, pp. 286-302, Springer-Verlag, 2003.
    [25] J. Herranz and G. Saez, “Revisiting fully distributed proxy signature schemes,”Preprint available at http://eprint.iacr.org/2003/197/.
    [26] C.L. Hsu, T.S. Wu, and T.C. Wu, “Improvement of threshold proxy signature
    scheme,”Applied Mathematics and Computation, Vol. 136, pp. 315-321, 2003.
    [27] M.S. Hwang, J.L. Lu, I.C. Lin, “A Practical (t,n) Threshold Proxy SignatureScheme Based on the RSA Cryptosystem,”IEEE Trans. Knowledge and Data Engineering, Vol. 15, Np. 6, pp. 1552-1560, 2003.
    [28] G. Itkis and L. Reyzin, “Foreward-secure signatures with optimal signing and verifying,” Advances in Cryptology- Crypto 2001, LNCS, Springer-Verlag, pp. 332-354, 2001.
    [29] P. Kotzanikolaous, M. Burmcster, and V. Chrisskopoulos, "Secure transactions with mobile agents in hostile environments", Proc. ACISP, LNCS 1841, pp. 289-297, 2000.
    [30] S. J. Kim, S. J. Park and D. H. Won, "Nominative signatures", Proc. ICEIC’95, pp. II-68-II-71, 1995.
    [31] S. Kim, S. Park and D. Won, “Proxy signatures, revisited,”ICICS’97, LNCS 1334, Springer-Verlag, pp. 223-232, 1997.
    [32] J.Y. Lee, J. H. Cheon, and S. Kim, “An analysis of proxy signatures: Is a secure channel necessary?,” In CT-RSA’03, LNCS 2612, pp. 68-79, Springer-Verlag, 2003.
    [33] N.Y. Lee, T. Hwang, and C.H. Wang, “On Zhang’s nonrepudiable proxy signature schemes,” In ACISP ’98, LNCS, pp. 415-422, 1999.
    [34] B. Lee, H. Kim, and K. Kim, “Strong proxy signature and its applications,” In Proceedings of SCIS, 2001.
    [35] B. Lee, H. Kim and K. Kim, "Secure mobile agent using strong non-designated proxy signature", Proc. of ACISP, LNCS 2119, Springer-Verlag, pp. 474-486, 2001.
    [36] M. Mambo, K. Usuda, and E. Okamoto, “Proxy Signatures: Delegation of the Power to Sign Message,” IEICE Trans. Fundamentals, Vol. E79-A, No. 9, pp. 1338-1353, Sep. 1996.
    [37] M. Mambo, K. Usuda, and E. Okamoto, “Proxy Signatures for Delegation Signing Operation,” Proc. Third ACM Conf. on Computer and Communications Security, pp. 48-57, 1996.
    [38] S. Micali, C. Racko and R. H. Sloan, “The notion of security for probabilistic cryptosystems,” SIAM Journal on Computing, Vol. 17, No. 2, pp. 412—426, April 1988.
    [39] T. Okamoto, M. Tada, and E. Okamoto, “Extended proxy signatures for smart
    cards,”ISW ’99, LNCS 1729, pp. 247-258, 1999.
    [40] H.-U. Park and I.-Y. Lee, "A digital nominative proxy signature scheme for mobile communication", ICICS 2001, LNCS 2229, pp. 451-455, 2001.
    [41] D. Pointcheval and J. Stern, “Security proofs for signature schemes,” in Advances in Cryptography-EUROCRYPT’96, LNCS 1070, pp. 387-398, 1996.
    [42] R. L. Rivest, A. Shamir and L. Adleman, “A method of obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp. 120—126, February 1978.
    [43] S.-H. Seo, S.-H. Lee," New Nominative Proxy Signature Scheme for Mobile Communication," Proceedings of SPI(Security and protection of Information) 2003, ISBN: 80-85960-50-8, pp.149-154 April, 2003.
    [44] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” in Advances in Cryptography-Crypto’84, pp. 47-53, 1984.
    [45] Z. Shao, “Proxy signature schemes based on factoring,”Information Processing Letters, No. 85, pp. 137-143, 2003.
    [46] V. Shoup, "Practical threshold signatures," Advances in Cryptology EUROCRYPT’00, LNCS 1807, Springer-Verlag, pp. 207-220, 2000.
    [47] K. Shum and Victor K. Wei, "A strong proxy signature scheme with proxy signer privacy protection", Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE’02), pp. 55-56, 2002.
    [48] H.M. Sun and B.T. Hsieh, “Remarks on two nonrepudiable proxy signature scheme,” Proc. of Ninth National Conference on Information Security, pp. 241-246, 1999.
    [49] H.M. Sun, “An efficient nonrepudiable threshold proxy signature scheme with known signers,”Computer Comm., Vol. 22, No. 8, pp. 717-722, 1999.
    [50] H.M. Sun, “On the design of time-stamped proxy signatures with traceable receivers,”In IEE Proceedings - Computers and Digital Techniques, Vol. 147, No. 6, pp. 462-466, Nov. 2000.
    [51] H.-M. Sun, "On proxy (multi-) signature schemes", Proceedings of the 2000 ICS: Workshop on Cryptology and Information Security, pp. 65-72, 2000.
    [52] H.M. Sun and B.T. Hsieh, “On the security of some proxy signature
    schemes,”http://eprint.iacr.org/2003/068.
    [53] H.M. Sun, N.Y. Lee, and T. Hwang, “Threshold proxy signatures,”IEE Proceedings-Computers and Digital Techniques, Vol. 146, No. 5, pp. 259-263, 1999.
    [54] H.M. Sun, C.T. Yang, and B.T. Hsieh, “On the Security of a Threshold Proxy Signature Scheme Based on the RSA Cryptosystem,” Information Security Conference, 2004.
    [55] H. Tanaka, “A Realization Scheme for the ID-based Cryptosystem,” in Advances in Cryptography-Crypto’87, pp. 341-349, 1987.
    [56] S. Tsuji and T. Itoh, “An ID-Based Cryptosystem based on Discrete Logarithm Problem,” IEEE Journal on Selected Areas in Communication, vol. 7, no. 4, pp. 467-473, 1989.
    [57] V. Varadharajan, P. Allen, and S. Black, “An analysis of the proxy problem in distributed systems,” Proc. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 255-275, 1991.
    [58] H. Wang and J. Pieprzyk, “Efficient one-time proxy signatures,” in Advances in Cryptography-ASIACRYPT 2003, LNCS 2894, pp. 507-522, 2003.
    [59] J. Xu and Z. Zhang and D. Feng, "ID-Based Proxy Signature Using Bilinear Pairings", Cryptology ePrint Archive, Report 2004/206.
    [60] S.M. Yen, "Design and Computation of Public Key Cryptosystems," Ph.D. thesis, Department of Electrical Engineering, National Cheng Kung University, 1994.
    [61] S.-M. Yen, C.-P. Hung, and Y.-Y. Lee, "Remarks on some proxy signature schemes", Proceedings of the 2000 ICS: Workshop on Cryptology and Information Security, pp.
    54-59, 2000.
    [62] L. Yi, G. Bai, and G. Xiao, “Proxy multi-signature scheme: A new type of proxy signature scheme,” Electroincs Letters, Vol. 36, No. 6, pp. 527-528, 2000.
    [63] K. Zhang, "Threshold proxy signature schemes", 1997 Information Security Workshop, pp. 191-197, 1997.
    [64] F. Zhang and K. Kim, "Efficient ID-Based Blind Signature and Proxy Signature from Bilinear Pairings", ACISP’03, July 9-11,Wollongong, Australia, LNCS 2727, pp. 312-323, Springer-Verlag, 2003.
    [65] F. Zhang and R. Safavi-Naini and C.-Y. Lin, "New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairing", Cryptology ePrint Archive, Report 2003/104.
    [66] F. Zhang, R. Safavi-Naini and W. Susilo, "An Efficient Signature Scheme from Bilinear Pairings and Its Applications", PKC 2004, Singapore. LNCS 2947, pp.277-290, Springer-Verlag, 2004.

    下載圖示 校內:2006-01-26公開
    校外:2006-01-26公開
    QR CODE