基于离散对数的代理签名研究
|
摘要
如今,高度信息化社会对互联网信息安全的要求越来越高。在电子商务、电子投票、电子政务、网上银行等各个领域里,实现网络信息安全的关键技术主要是数字签名技术。这些应用加速了数字签名研究的进程,适用于各种环境中的各具特色的数字签名相继被提出。目前,该领域的研究重点主要在基于对某数字签名安全性的形式化定义上设计出可证安全的数字签名方案。在信息安全领域,密码编码和密码分析可以说是信息安全领域里不变的主题,它们不是静止的,往往一个新的方案提出后不到一年就能被攻破,然后又会有更安全的方案应运而生,密码编码和密码分析之间如此往复,推动着信息安全领域的快速发展。
本文首先简要介绍了改进的方案中所要用到的相关数学知识和密码学概念,对群、环、域、有限域和离散对数做了介绍;也分别简述了具备代表性的代理签名方案、指定验证人签名方案、代理盲签名方案和多级代理签名方案等等。
另外,本文基于对几种特定代理数字签名进行安全性分析的基础上提出了一些相对安全的方案。在这些新方案中,主要创新和研究成果如下:
(1)对黄振杰提出的指定验证人的代理签名方案进行了安全性分析,在该方案的代理签名部分模拟了几种伪造性攻击,指出了该代理签名是不安全的,并改进了原有的签名方程,使得其能有效地抵抗已知的上述攻击;在方案的指定验证人部分,本论文在原方案的基础上改进了指名签名方程和指名验证方程,使得其指定验证人特性得到加强。最后,结合以上两者构造了一个具体的指定验证人的强代理签名方案,并给出了相应的安全性分析。
(2)基于蔡勉提出的代理签名方案,提出了一种将其扩展成多级代理签名方案的方法,并依据该方法给出了一个具体的多级代理签名实例;对现有盲签名方案进行安全性分析的基础上对签名方程进行改进,使得其相比原有方案更高效,且具有强盲性,并将其与之前构造的多级代理签名实例相结合提出了一种多级代理盲签名方案,并给出了相应的安全性分析。
Nowadays, the demand for internet information security becomes more and more important. In the domain of electronic commerce, electronic voting, electronic government, internet bank, and so on, digital signature is the most important technology for the internet information security. Because of the need on digital signature, various signature schemes were proposed according to various domain. The emphasis is on designing a digital signature scheme that could be proved to be secure according to the security of formal definition of the digital signature. The two aspects of cipher encoding and cryptanalysis were steady subjects in the domain of information security. Generally speaking, a new scheme with some kinds of security could be proved to be not safe enough within one year. Then another scheme which is safer than the last one will be proposed in a quite short time. The interaction between cipher encoding and cryptanalysis had accelerated the growth of the security of information.
In this paper, we at first introduced some relevant mathematical knowledge and cryptography concepts which were used in the improved schemes, including the group, the ring, the field, the finite field and the discrete logarithm. And we introduced some cryptography concepts, including proxy signature scheme, nominative signature scheme, proxy blind signature scheme and multi-level signature scheme, etc.
Based on some kinds of proxy digital signature schemes, we proposed several schemes having better security property. In these schemes, the main research results are as follows.
First of all, we analyzed a nominative proxy signature scheme, proposed several forge attacks on the proxy signature part of the scheme. We pointed out that this signature is not secure enough, and then proposed a method of solution. In the nominative signature part, we developed the property of nomination by changing the nominative signature equation and verification equation. Then we proposed a strong nominative proxy signature scheme based on the combination of the two properties.
Secondly, we proposed a thought to extend a proxy signature to multi-level proxy signature scheme based on the existing proxy signature scheme suggested by Cai Mian. We gave a concrete multi-level proxy signature scheme, proposed a blind signature based on the security analysis of two existing blind signature schemes. And we proposed a multi-level proxy blind signature scheme by combining the new scheme with the blind signature, and gave a security analysis of the new scheme.
本文首先简要介绍了改进的方案中所要用到的相关数学知识和密码学概念,对群、环、域、有限域和离散对数做了介绍;也分别简述了具备代表性的代理签名方案、指定验证人签名方案、代理盲签名方案和多级代理签名方案等等。
另外,本文基于对几种特定代理数字签名进行安全性分析的基础上提出了一些相对安全的方案。在这些新方案中,主要创新和研究成果如下:
(1)对黄振杰提出的指定验证人的代理签名方案进行了安全性分析,在该方案的代理签名部分模拟了几种伪造性攻击,指出了该代理签名是不安全的,并改进了原有的签名方程,使得其能有效地抵抗已知的上述攻击;在方案的指定验证人部分,本论文在原方案的基础上改进了指名签名方程和指名验证方程,使得其指定验证人特性得到加强。最后,结合以上两者构造了一个具体的指定验证人的强代理签名方案,并给出了相应的安全性分析。
(2)基于蔡勉提出的代理签名方案,提出了一种将其扩展成多级代理签名方案的方法,并依据该方法给出了一个具体的多级代理签名实例;对现有盲签名方案进行安全性分析的基础上对签名方程进行改进,使得其相比原有方案更高效,且具有强盲性,并将其与之前构造的多级代理签名实例相结合提出了一种多级代理盲签名方案,并给出了相应的安全性分析。
Nowadays, the demand for internet information security becomes more and more important. In the domain of electronic commerce, electronic voting, electronic government, internet bank, and so on, digital signature is the most important technology for the internet information security. Because of the need on digital signature, various signature schemes were proposed according to various domain. The emphasis is on designing a digital signature scheme that could be proved to be secure according to the security of formal definition of the digital signature. The two aspects of cipher encoding and cryptanalysis were steady subjects in the domain of information security. Generally speaking, a new scheme with some kinds of security could be proved to be not safe enough within one year. Then another scheme which is safer than the last one will be proposed in a quite short time. The interaction between cipher encoding and cryptanalysis had accelerated the growth of the security of information.
In this paper, we at first introduced some relevant mathematical knowledge and cryptography concepts which were used in the improved schemes, including the group, the ring, the field, the finite field and the discrete logarithm. And we introduced some cryptography concepts, including proxy signature scheme, nominative signature scheme, proxy blind signature scheme and multi-level signature scheme, etc.
Based on some kinds of proxy digital signature schemes, we proposed several schemes having better security property. In these schemes, the main research results are as follows.
First of all, we analyzed a nominative proxy signature scheme, proposed several forge attacks on the proxy signature part of the scheme. We pointed out that this signature is not secure enough, and then proposed a method of solution. In the nominative signature part, we developed the property of nomination by changing the nominative signature equation and verification equation. Then we proposed a strong nominative proxy signature scheme based on the combination of the two properties.
Secondly, we proposed a thought to extend a proxy signature to multi-level proxy signature scheme based on the existing proxy signature scheme suggested by Cai Mian. We gave a concrete multi-level proxy signature scheme, proposed a blind signature based on the security analysis of two existing blind signature schemes. And we proposed a multi-level proxy blind signature scheme by combining the new scheme with the blind signature, and gave a security analysis of the new scheme.
引文
[1]冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18.
[2] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithm [C].In: Advances In Cryptology-CRYPTO’84, LNCS 196. Berlin: Springer-Verlag, 1985: 10-18.
[3] Chaum D, Roijakkers S. Unconditionally-secure digital signatures[C]. In: Advances in Cryptology-Crypto’90, LNCS 537. Berlin: Springer-Verlag, 1991, 206-214.
[4] Nyberg K, Rueppel R A. Message recovery for signature schemes based on discrete logarithm problem[J]. Designs, Codes and Cryptography, 1996, 7: 61-81.
[5] Camenish J, Stadler M.Efficient Group Signature Schemes for Large Groups[C].In: Advances in Cryptology-Crypto’97, LNCS 1294. Berlin: Springer- Verlag, 1997,741-424.
[6]张福泰,张方国,王育民.群签名及其应用[J].通信学报,2001,22(1):77-85.
[7]张国印,王玲玲,马春光.环签名研究进展[J].通信学报,2007,28(5):110-117.
[8] Rivest R L, Shamir A, Tauman Y. How to leak a secret [C]. In: ASIACRYPT’01. LNCS 2248. Berlin: Springer-Verlag, 2001:552-565.
[9] Mambo M, Usuda K, Okamoto E. Proxy signatures: delegation of the power to sign messages[J]. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 1996, E79-A(9):1338-1354.
[10] Zhang K. Threshold proxy signature schemes[C]. In: Information Security, LNCS 1396. Berlin: Springer-Verlag, 1997, 282-290.
[11] Yi L j, Bai G Q, Xiao G Z. Proxy multi-signature scheme: A new type of proxy signature scheme[J]. Electronics Letters, 2000, 36(6):527-528.
[12]祈明,Harn L.基于离散对数的若干新型代理签名方案[J].电子学报,2000,28(11):111-115.
[13] Lee B, Kim H. Kim K. Strong proxy signature and its application[C]. In: Proceedings of ACISP’01, 2001: 603-608.
[14] Lee B, Kim H. Kim K. Secure mobile agent using strong non-designated proxysignature[C]. In: Proceedings of ACISP’2001, 2001: 474-476.
[15] Shum K, Wei Victor. A strong proxy signature scheme with proxy signer privacy protection [C]. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE’02. 2002, 55-56.
[16]谷利泽,李中献,杨义先.不需要可信第三方的匿名代理签名方案[J].北京邮电大学学报,2005,28(1):48-50.
[17]谷利泽,张胜,杨义先.一种新型的代理签名方案[J].电子与信息学报,2005,27(9):1463-1466.
[18] Boldyreva A. Palacio A. Warinschi B. Secure proxy signature schemes for delegation of signing rights [EB/OL]. http://eprint.iacr.org/2003/096. 2003
[19]李继国,曹珍富,李建中等.代理签名的现状与进展[J].通信学报,2003,24(10):114-124.
[20] Lu E, Hwang M S, Huang C J. A New Proxy Signature Scheme with Revocation [J]. Applied Mathematics and Computation, 2005, 161(3): 799-806.
[21] Seo S H, Shim K A, Lee S H. A Mediated Proxy Signature Scheme with Fast Revocation for Electronic Transactions[C]. In: Proc of Trust Bus 2005, LNCS 3592. Berlin: Springer-Verlag, 2005,216-225.
[22]禹勇,杨波,孙颖等.具有快速撤销功能的代理签名方案[J].西安电子科技大学学报,2007,34(4):638-641.
[23]谢敏.信息安全数学基础[M].西安:西安电子科技大学出版社,2006.
[24]黄振杰,郝艳华,王育民.指名签名与指名代理签名[J].电子与信息学报,2004,26(12):1996-2001.
[25] Kim S J, Park S J, Won D H. Zero-knowledhe nominative signatures[C]. In: Proc. of PragoCrypt’96, International Conference on the Theory and Applications of Cryptology, Prague: 1996: 380-392.
[26] Park H U, Lee I Y. A digital nominative proxy signature scheme for mobile communication [C]. In: ICICS’01. LNCS 2229, Berlin Heidelberg: Springer- Verlag, 2001, 451-455.
[27]赵泽茂.数字签名理论[M].北京:科学出版社,2007,16.
[28] Yi L J, Bai G Q, Xiao G Z. Proxy multi-signature schemes: A new type of proxy signature scheme[J]. Electronics Letters, 2000, 36(6): 527-528.
[29]祈明,Harn L.基于离散对数的若干新型代理签名方案[J].电子学报,2000,28(11):111-115.
[30] Mambo M, Usuda K, Okamoto E. Proxy signature for delegating signing operation[C]. In: 3rd ACM Conference on computer and communication security. New York: 1996, 48-57.
[31] Lee J Y, Cheon J H, Kim S. An analysis of proxy signatures: Is a secure channel necessary?[C]. In: Topics in Cryptology, LNCS 2612,Berlin Heidelberg: Springer -Verlag, 2003, 68-79.
[32] Wang G L, Bao F. Security Analysis of Some Proxy Signatures[C]. In: Information Security and Cryptology. LNCS 2971. Berlin Heidelberg: Springer-Verlag, 2004, 305-319.
[33] Hung Min Sun, Bin Tsan Hsieh. On the Security of Some Proxy Blind Signature Schemes[J]. Journal of Systems and Software, 2005, 74(3): 297-302.
[34]禹勇,许春香,周敏等.对两个提名代理签名方案的密码学分析[J].电子与信息学报,2009,31(5):1218-1220.
[35]梅其祥,何大可.改进的指定接收者签名方案[J].通信学报,2005,26(2):35-44.
[36]曹珍富,李建中,李继国.一个新的具有指定接收者(t,n)门限签名加密方案[J].通信学报,2003,24(5):8-13.
[37] Park H. U, Lee I. Y. A digital nominative proxy signature scheme for mobile communication[C]. In: ICICS’01.LNCS 2229, Berlin Heidelberg: Springer- Verlag, 2001, 451-455.
[38] Camenisch J. Efficient signature generation for smart cards[J]. Journal of Cryptology, 1991, 4(3): 161-174.
[39] Camenisch J, Piveteau J. M. Markus A.Stadler. Blind Signature Based on the Discrete Logarithm Problem[C].In: Advances in Cryptology-EUROCRYPT’94, LNCS 950. Italy: 1995, 428-432.
[40] L. HARN, Cryptanalysis of the blind signatures based on the discrete logarithm problem[J]. Electronics Letters, 1995, 31(14): 1136.
[41]姚亦锋,朱华飞,等.基于二元仿射变换的广义ElGamal型盲签名方案[J].电子学报,2000,28(7):128-129.
[42]曾娜,余敏.广义ElGamal型盲签名方案的强弱性分析[J].计算机工程与应用,2008,44(24):119-121.
[43] Tan Zuowen, Liu Zhuojun, Tang Chunming. A proxy blind signature scheme based on DLP[J]. Journal of Software, 2003, 14(11): 1931-1935.
[44] Wang Shuhong, Wang Guilin. Cryptanalysis of a Proxy Blind Signature Scheme Based on DLP[J]. Journal of Software, 2005, 16(5): 911-915.
[45]夏满民,谷利泽.一种新型的代理盲签名方案[J].北京邮电大学学报,2006,29(3):48-52.
[46]曹正军,刘木兰.数字签名方案中的孤悬因子和冗余数据[J].计算机学报,2006,29(2):249-255.
[47] Harn L, Xu. Design of generalized ElGamal type digital signature schemes based on discrete logarithm[J]. Electronics Letters, 1993, 29(12): 1120-1121.
[48] Camenisch J, Piveteau J, Stadler M. Blind signatures based on discrete logarithm problem[C]. In: EUROCRYPT’94. Berlin: Springer-Verlag, 1995, 209-219.
[49] Lin W D, Jan J K. A security personal learning tools using a proxy blind signature scheme[C]. In: Proceedings of ICCLC. USA: SLCSKSI, 2000, 273-277.
[50] Lai S, Awasthi A K. Proxy blind signature scheme [J]. JFCR Transaction on Cryptology, 2005, 2(1): 5-11.
[51]傅晓丹,卢明欣,肖国镇.对一类基于离散对数的代理盲签名体制的伪造攻击[J].西安电子科技大学学报,2005,32(5):778-780.
[52] Zhao Zemao, Liu Fengyu. Construction of Proxy Blind Signature Scheme Based on Multi-Linear Transform. Journal of Electronics(China), 2004, 21(6): 505-510.
[53]谷利泽,张胜,杨义先.代理盲签名方案及其在电子货币中的应用[J].计算机工程.2005,31(16):11-13.
[54]伊丽江.代理签名体制及其应用研究:[西安电子科技大学博士学位论文].西安,2000.
[55]蔡勉,康莉.一种安全的多级代理签名方案[J].中国科学院研究生院学报,2006,23(5):653-659.
[2] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithm [C].In: Advances In Cryptology-CRYPTO’84, LNCS 196. Berlin: Springer-Verlag, 1985: 10-18.
[3] Chaum D, Roijakkers S. Unconditionally-secure digital signatures[C]. In: Advances in Cryptology-Crypto’90, LNCS 537. Berlin: Springer-Verlag, 1991, 206-214.
[4] Nyberg K, Rueppel R A. Message recovery for signature schemes based on discrete logarithm problem[J]. Designs, Codes and Cryptography, 1996, 7: 61-81.
[5] Camenish J, Stadler M.Efficient Group Signature Schemes for Large Groups[C].In: Advances in Cryptology-Crypto’97, LNCS 1294. Berlin: Springer- Verlag, 1997,741-424.
[6]张福泰,张方国,王育民.群签名及其应用[J].通信学报,2001,22(1):77-85.
[7]张国印,王玲玲,马春光.环签名研究进展[J].通信学报,2007,28(5):110-117.
[8] Rivest R L, Shamir A, Tauman Y. How to leak a secret [C]. In: ASIACRYPT’01. LNCS 2248. Berlin: Springer-Verlag, 2001:552-565.
[9] Mambo M, Usuda K, Okamoto E. Proxy signatures: delegation of the power to sign messages[J]. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 1996, E79-A(9):1338-1354.
[10] Zhang K. Threshold proxy signature schemes[C]. In: Information Security, LNCS 1396. Berlin: Springer-Verlag, 1997, 282-290.
[11] Yi L j, Bai G Q, Xiao G Z. Proxy multi-signature scheme: A new type of proxy signature scheme[J]. Electronics Letters, 2000, 36(6):527-528.
[12]祈明,Harn L.基于离散对数的若干新型代理签名方案[J].电子学报,2000,28(11):111-115.
[13] Lee B, Kim H. Kim K. Strong proxy signature and its application[C]. In: Proceedings of ACISP’01, 2001: 603-608.
[14] Lee B, Kim H. Kim K. Secure mobile agent using strong non-designated proxysignature[C]. In: Proceedings of ACISP’2001, 2001: 474-476.
[15] Shum K, Wei Victor. A strong proxy signature scheme with proxy signer privacy protection [C]. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE’02. 2002, 55-56.
[16]谷利泽,李中献,杨义先.不需要可信第三方的匿名代理签名方案[J].北京邮电大学学报,2005,28(1):48-50.
[17]谷利泽,张胜,杨义先.一种新型的代理签名方案[J].电子与信息学报,2005,27(9):1463-1466.
[18] Boldyreva A. Palacio A. Warinschi B. Secure proxy signature schemes for delegation of signing rights [EB/OL]. http://eprint.iacr.org/2003/096. 2003
[19]李继国,曹珍富,李建中等.代理签名的现状与进展[J].通信学报,2003,24(10):114-124.
[20] Lu E, Hwang M S, Huang C J. A New Proxy Signature Scheme with Revocation [J]. Applied Mathematics and Computation, 2005, 161(3): 799-806.
[21] Seo S H, Shim K A, Lee S H. A Mediated Proxy Signature Scheme with Fast Revocation for Electronic Transactions[C]. In: Proc of Trust Bus 2005, LNCS 3592. Berlin: Springer-Verlag, 2005,216-225.
[22]禹勇,杨波,孙颖等.具有快速撤销功能的代理签名方案[J].西安电子科技大学学报,2007,34(4):638-641.
[23]谢敏.信息安全数学基础[M].西安:西安电子科技大学出版社,2006.
[24]黄振杰,郝艳华,王育民.指名签名与指名代理签名[J].电子与信息学报,2004,26(12):1996-2001.
[25] Kim S J, Park S J, Won D H. Zero-knowledhe nominative signatures[C]. In: Proc. of PragoCrypt’96, International Conference on the Theory and Applications of Cryptology, Prague: 1996: 380-392.
[26] Park H U, Lee I Y. A digital nominative proxy signature scheme for mobile communication [C]. In: ICICS’01. LNCS 2229, Berlin Heidelberg: Springer- Verlag, 2001, 451-455.
[27]赵泽茂.数字签名理论[M].北京:科学出版社,2007,16.
[28] Yi L J, Bai G Q, Xiao G Z. Proxy multi-signature schemes: A new type of proxy signature scheme[J]. Electronics Letters, 2000, 36(6): 527-528.
[29]祈明,Harn L.基于离散对数的若干新型代理签名方案[J].电子学报,2000,28(11):111-115.
[30] Mambo M, Usuda K, Okamoto E. Proxy signature for delegating signing operation[C]. In: 3rd ACM Conference on computer and communication security. New York: 1996, 48-57.
[31] Lee J Y, Cheon J H, Kim S. An analysis of proxy signatures: Is a secure channel necessary?[C]. In: Topics in Cryptology, LNCS 2612,Berlin Heidelberg: Springer -Verlag, 2003, 68-79.
[32] Wang G L, Bao F. Security Analysis of Some Proxy Signatures[C]. In: Information Security and Cryptology. LNCS 2971. Berlin Heidelberg: Springer-Verlag, 2004, 305-319.
[33] Hung Min Sun, Bin Tsan Hsieh. On the Security of Some Proxy Blind Signature Schemes[J]. Journal of Systems and Software, 2005, 74(3): 297-302.
[34]禹勇,许春香,周敏等.对两个提名代理签名方案的密码学分析[J].电子与信息学报,2009,31(5):1218-1220.
[35]梅其祥,何大可.改进的指定接收者签名方案[J].通信学报,2005,26(2):35-44.
[36]曹珍富,李建中,李继国.一个新的具有指定接收者(t,n)门限签名加密方案[J].通信学报,2003,24(5):8-13.
[37] Park H. U, Lee I. Y. A digital nominative proxy signature scheme for mobile communication[C]. In: ICICS’01.LNCS 2229, Berlin Heidelberg: Springer- Verlag, 2001, 451-455.
[38] Camenisch J. Efficient signature generation for smart cards[J]. Journal of Cryptology, 1991, 4(3): 161-174.
[39] Camenisch J, Piveteau J. M. Markus A.Stadler. Blind Signature Based on the Discrete Logarithm Problem[C].In: Advances in Cryptology-EUROCRYPT’94, LNCS 950. Italy: 1995, 428-432.
[40] L. HARN, Cryptanalysis of the blind signatures based on the discrete logarithm problem[J]. Electronics Letters, 1995, 31(14): 1136.
[41]姚亦锋,朱华飞,等.基于二元仿射变换的广义ElGamal型盲签名方案[J].电子学报,2000,28(7):128-129.
[42]曾娜,余敏.广义ElGamal型盲签名方案的强弱性分析[J].计算机工程与应用,2008,44(24):119-121.
[43] Tan Zuowen, Liu Zhuojun, Tang Chunming. A proxy blind signature scheme based on DLP[J]. Journal of Software, 2003, 14(11): 1931-1935.
[44] Wang Shuhong, Wang Guilin. Cryptanalysis of a Proxy Blind Signature Scheme Based on DLP[J]. Journal of Software, 2005, 16(5): 911-915.
[45]夏满民,谷利泽.一种新型的代理盲签名方案[J].北京邮电大学学报,2006,29(3):48-52.
[46]曹正军,刘木兰.数字签名方案中的孤悬因子和冗余数据[J].计算机学报,2006,29(2):249-255.
[47] Harn L, Xu. Design of generalized ElGamal type digital signature schemes based on discrete logarithm[J]. Electronics Letters, 1993, 29(12): 1120-1121.
[48] Camenisch J, Piveteau J, Stadler M. Blind signatures based on discrete logarithm problem[C]. In: EUROCRYPT’94. Berlin: Springer-Verlag, 1995, 209-219.
[49] Lin W D, Jan J K. A security personal learning tools using a proxy blind signature scheme[C]. In: Proceedings of ICCLC. USA: SLCSKSI, 2000, 273-277.
[50] Lai S, Awasthi A K. Proxy blind signature scheme [J]. JFCR Transaction on Cryptology, 2005, 2(1): 5-11.
[51]傅晓丹,卢明欣,肖国镇.对一类基于离散对数的代理盲签名体制的伪造攻击[J].西安电子科技大学学报,2005,32(5):778-780.
[52] Zhao Zemao, Liu Fengyu. Construction of Proxy Blind Signature Scheme Based on Multi-Linear Transform. Journal of Electronics(China), 2004, 21(6): 505-510.
[53]谷利泽,张胜,杨义先.代理盲签名方案及其在电子货币中的应用[J].计算机工程.2005,31(16):11-13.
[54]伊丽江.代理签名体制及其应用研究:[西安电子科技大学博士学位论文].西安,2000.
[55]蔡勉,康莉.一种安全的多级代理签名方案[J].中国科学院研究生院学报,2006,23(5):653-659.