一种改进的paterson群签名方案研究
|
摘要
当前,信息安全问题日益受到世界各个国家研究机构的重视,大量的人力、物力和财力已经投入到了信息安全问题的研究和解决中。信息安全成为当今信息社会所迫切需要的信息技术之一。数字签名技术是现代密码学主要研究的内容之一,作为保障信息安全的一项重要技术,它用来实现身份认证、数据完整性保护等等,从而保证了通信双方的利益。群签名的概念最早由Chaum和Heyst于1991年提出。一个群签名方案允许群成员以群组的名义对一个消息进行签名,任何人均可以使用群的公钥来验证签名的合法性,但是除了群主管之外的任何人都不能得到签名者的身份信息——匿名性,而且要判断两个群签名是否是同一个群成员签署的也是计算困难的——不可联系性。为了处理可能产生的纠纷,群主管利用自己拥有的秘密信息可以确定给定的群成员的签署者,从而为仲裁提供依据——实现责任的可追究性。
本文对群签名的发展情况进行了总结和分析,尤其对近年来提出的基于ID的群签名方案和基于新提出的困难问题的群签名方案进行了思考,提出了一些可供参考的研究方向。
对几个群签名方案进行分析,如CS97群签名方案,ACJT群签名方案,还同时对群签名的几种变形进行了介绍,如环签名、前向安全的群签名、群盲签名、多级群签名、子群签名以及门限群签名等等。
同时提出一种基于Paterson签名方案的改进签名算法,其特点是在所有成员中有一个权限最高的成员,任何t个人组成的签名小组,如果没有此成员的参加,签名将不被通过。然后,对新方案的安全性进行了讨论,其次设计了一个新式的概念投票系统,最后将此签名方案应用于这个投票系统,将此签名算法应用于本文设计的电子投票系统中,体系出本算法有较高的安全性,并突出此算法一票否决的特点。
At present, more and more national research institutions all over the world pay attention to the information security problems. A lot of people, materials and financial resources have been invested to the study and resolve of information security problems. Information security has become an urgent need to information society. Modern digital signature technology is one of the fields in the information security, as an important protecting technology, which is used to attain authentication, data integrity protection, and so on, and can ensure the interests of both sides of the communication. The concept of group signature was first introduced by Heyst Chaum in 1991. A group signature scheme allows members as a group in the name of a message signature. A person can use the public key to verify the group's signature. Except for the group in charge, no one could get any person's information Signed-Anonymous, and determine whether the two groups signed is from the same one-Not contact, the group in charge uses the informations to verify the ID of the members as to deal with latent disputes and to provide a basis for arbitration.
In this paper, we introduce the development of the group signature. Especially we analysis the signature scheme based on the ID in recent years. Then we study the group signature scheme based on the proposed new difficulties, and propose some new research direction.
After anglicizing several group signature schemes, such as the CS97 group signature scheme, ACJT group signature scheme, we also introduce some transfored group signature schemes, such as the ring signature, the former security group signature, signature-blind, multi-level group signed, the subgroup signature, the threshold group signature, and so on.
At the same time, the paper provides a improved digital signature scheme based on Paterson scheme, the character is in all members there is a people with greatest weight. One group composed with every t member, if he is not in it, the signature will not be passed, and the security of the new scheme is analyzed and discussed. Then a new voting system is designed .Finally, the new scheme is used in the voting system.
本文对群签名的发展情况进行了总结和分析,尤其对近年来提出的基于ID的群签名方案和基于新提出的困难问题的群签名方案进行了思考,提出了一些可供参考的研究方向。
对几个群签名方案进行分析,如CS97群签名方案,ACJT群签名方案,还同时对群签名的几种变形进行了介绍,如环签名、前向安全的群签名、群盲签名、多级群签名、子群签名以及门限群签名等等。
同时提出一种基于Paterson签名方案的改进签名算法,其特点是在所有成员中有一个权限最高的成员,任何t个人组成的签名小组,如果没有此成员的参加,签名将不被通过。然后,对新方案的安全性进行了讨论,其次设计了一个新式的概念投票系统,最后将此签名方案应用于这个投票系统,将此签名算法应用于本文设计的电子投票系统中,体系出本算法有较高的安全性,并突出此算法一票否决的特点。
At present, more and more national research institutions all over the world pay attention to the information security problems. A lot of people, materials and financial resources have been invested to the study and resolve of information security problems. Information security has become an urgent need to information society. Modern digital signature technology is one of the fields in the information security, as an important protecting technology, which is used to attain authentication, data integrity protection, and so on, and can ensure the interests of both sides of the communication. The concept of group signature was first introduced by Heyst Chaum in 1991. A group signature scheme allows members as a group in the name of a message signature. A person can use the public key to verify the group's signature. Except for the group in charge, no one could get any person's information Signed-Anonymous, and determine whether the two groups signed is from the same one-Not contact, the group in charge uses the informations to verify the ID of the members as to deal with latent disputes and to provide a basis for arbitration.
In this paper, we introduce the development of the group signature. Especially we analysis the signature scheme based on the ID in recent years. Then we study the group signature scheme based on the proposed new difficulties, and propose some new research direction.
After anglicizing several group signature schemes, such as the CS97 group signature scheme, ACJT group signature scheme, we also introduce some transfored group signature schemes, such as the ring signature, the former security group signature, signature-blind, multi-level group signed, the subgroup signature, the threshold group signature, and so on.
At the same time, the paper provides a improved digital signature scheme based on Paterson scheme, the character is in all members there is a people with greatest weight. One group composed with every t member, if he is not in it, the signature will not be passed, and the security of the new scheme is analyzed and discussed. Then a new voting system is designed .Finally, the new scheme is used in the voting system.
引文
[1]Camenish J.Efficient and generalized group signatures[J].Proceedings of CRYPTO' 93,LNCS 1233,Springer-Verlag,1993,302-318
[2]Chaum D,Van E H.Group signatures[C].Advances in Cryptology-EUROCRYPT' 91,LNCS 547.Berlin:Springer-Verlag,1991:257-265
[3]Chen L,Pedersen T P.New group signature schemes[M].Advances in Cryptology-EUROCRYT94,Springer-Verlag,1995,950:171-181
[4]Camenish J,Stadler M.Efficient group signature schemes for large groups[C].Kaliski BS,editor,Advances in Cryptology-EUROCRYPT' 97,LNCS 1294.Berlin:Springer-Verlag,1997:410-424
[5]Ateniese G,Camenisch J,Joye M,Tsudik G.A practical and provably secure coalition-resistantgroup signature scheme,LNCS 1880.Springer-Verlag,2000,255-270
[6]Bresson E,Stern J.Efficient revocation in group signature[J].Proc.of the PKC' 01,LNCS 1992.Heidelberg:Springer-Verlag,2001,190-206
[7]Camenisch J.Group signature schemes and payment systems based on the discrete logarithm problem[J].ETH-Series in Information Security an Cryptography,Hartung-Gorre Verlag,Konstanz,1998,2
[8]Shannon C E.Communication Theory of Secrecy System[J].Bell System Technical Journal,1949,28(4):656-715
[9]冯西桥.汪小芬.群签名体制的研究与设计[D].西安电子科技大学硕士学位论文,2006
[10]王娟.基于身份的群签名方案研究[D].西安理工大学硕士学位论文,2007
[11]张键红,伍前红,邹建成,王育民.一种高效的群签名[M].电子学报,2005,33(6):1113-1115
[12]张福泰,张方国,王育民.群签名及其应用[J].通信学报,2001,22(1):77-85
[13]乔汇东.群签名的研究与应用[D].中南大学硕士学位论文,2007
[14]陈晓峰,王育民.基于匿名通讯信道的安全电子投票方案[J].电子学报,2003,31(3):39-93
[15]冯西桥.汪小芬.群签名体制的研究与设计[D].西安电子科技大学硕士学位论文,2006
[16]Song D X.Practical forward secure group signature schemes[J].Proceedings of the 8th ACM Conference on Computer and Communications Security(CCS 2001).New York:ACM Press,2001:225-234
[17]Chaum D.Blind signature for untraceable payments[J].Proc Advances in Cryptology EURO-CRYPT' 82.Brussels,1983,199-203
[18]Lysyanskaya A,Ramzan Z.Group blind signature:A scalable solution to electronic cash[J].Proceedings of Financial Cryptography(FC' 98),LNCS 1465.Springer-Verlag,1998,184-197
[19]施荣华,周玉.一种前向安全的动态子群签名方案.计算机工程与应用 [J],2006,30
[20]罗敏,李漩,施荣华.一类(t,n)门限群签名方案的安全性分析[J].计算机工程与应用,2005,41(5):44-46
[21]Diffie B,Hellman M.New Directions in Cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654
[22]Ateniese G,Camenisch J,M Joye,G Tsudik.A practical and provably secure coalition-resistant group signature scheme[C].Bellare M,editor,Advances in Cryptoloty-Crypto' 2000,LNCS 1880.Berlin:Springer-Verlag,2000:255-270
[23]Giuseppe A,Breno D M.Efficient group signatures without trapdoors[C].Proceedings of ASIACRYPT' 03,LNCS 2894,Berlin:Springer-Verlag,2003:246-268
[24]Boneh D,Franklin M.Identity-based encryption from the weil pairings[C].Kilian J,editor,Advances in Cryptoloty-Crypto' 2001,LNCS 2139.Berlin:Springer-Verlag,2001:213-229
[25]Hess F.Efficient identity based signature schemes based on pairings[C].Selected Areas in Cryptography 9~(th)Annual International Workshop(SAC 2002),LNCS 2595.Berlin:Springer-Verlag,2003:310-324
[26]徐兴中.基于离散对数群签名的电子现金系统的研究[D].湖南大学硕士学位论文,2007
[27]王桂林,卿斯汉.几个门限群签名方案的弱点[J].软件学报2001,11(10):1326-1332
[28]William Stallings著,刘玉珍等译.密码编码学与网络安全—原理与实践(第三版)[M].北京:电子工业出版社,2004,75-77
[29]宋震等,密码学[M].北京:中国水利水电出版社,2002,7
[30]蔡勉,孙兴芳.一种安全的授权群签名方案[J].北京工业大学学报,2006,32(5):431-435
[31]Schneie B.《应用密码学》吴世忠等译[M].机械工业出版社,2000
[32]严亚俊,马文平,王新梅,郭淑霞.基于XTR的盲群签名方案[J].计算机应用研究,2005,22(5):108-109
[33]Anderson R.Two remarks on public key cryptology[EB/OL].http://www.cl.cam.ac.uk/ techreports/ UCAM-CL-TR-549.pdf,1997
[34]Cheng C H,Cheng W M,Wong K F.Security Issues for Electonic Voting Systems[J].COMPUTER ENGINEERING,1999 s1
[35]Kenneth G,Paterson,Jacob C N.Efficient Identity-Based Signatures Secure in the Standard Model[C].ACISP 2006,LNCS 4058,2006,207-222
[36]何业峰.有效的动态群签名方案[J].山东大学学报(理学版),2005,40(4):23-27
[37]徐光宝,张建中.一种基于离散对数的群签名方案[J].计算机工程,2005,31(9):143-144
[38]林松,何德全.改进的基于离散对数的群签名方案[J].计算机工程与应用,2005,41(18):139-143
[39]鞠宏伟,李凤银.基于DSA的群签名方案及其应用[J].信息技术与信息化,2005,(4):79-81,86
[40]冯修玉,施荣华,彭艳.一种零知识证明的群签名方案[J].计算机工程与应用, 2005,41(33):122-123
[41]李凤银,鞠宏伟.一种基于RSA的群签名方案[J].计算机工程与设计,2006,27(16):2955-295
[42]陈少真,李大兴.基于变型DSA的有效群签名[J].计算机工程与设计,2004,25(3):323-326
[43]陈少真,李大兴.基于变型DSA的有效群签名[J].计算机工程与设计,2004,25(3):323-326
[44]钟军,何大可.ACJT群盲签名方案[J].计算机工程,2007,33(1):19-21
[45]柳欣,徐秋亮,尚久庆.基于ACJT方案构造高效多群签名方案[J].通信学报,2005,26(4):38-44
[46]陈泽文,张龙军,王育民,黄继武,黄达人.一种基于中国剩余定理的群签名方案[J].电子学报,2004,32(7):1062-1065
[47]李梦东,杨义先,马春光,蔡满春.由群签名实现的可撤销匿名性的电子现金方案.北京邮电大学学报,2005,28(2):30-33
[48]孙瑾,王尚平,明洋,王铁英.基于动态群签名方案的公平电子货币方案[J].计算机应用研究,2005,22(9):115-118
[49]苏云学,祝跃飞,闫丽萍.一个利用群签名的电子拍卖协议[J].计算机应用,2005,25(1):157-159
[50]费雄伟,李瑛.群签名及其在电子现金中的应用[J].山西科技,2007
[51]彭银桥,甘元驹,陈月峰,彭凌西,邓锐.一种基于Ohta一Okamoto签名的门限群签名方案[J].湛江海洋大学学报,2005,25(4):76-78
[52]王常吉,蒋文保.用限制性群盲签名构造电子现金系统[J].通信学报,2001,22(12):63-69
[53]张串绒,张彤,肖国旗.前向安全可公开验证签密方案[J].计算机工程与应用,2006,42(21):103-105
[54]何业锋.群签名方案的设计与分析[D].西安:陕西师范大学,2004
[55]张兴兰,冯登国.共享的安全群签名方案[J]。计算机工程与设计,2006,27(13):2314-2316
[56]胡斌,施荣华,娄悦.一种改进的基于中国剩余定理的群签名方案[J].计算机工程与应用,2006,42(24):115-117
[57]王凤和,王春晓.一种基于中国剩余定理的群签名方案的攻击及其改进方案[J].电子与信息学报,2007,29(1):182-184
[58]吴秋新,钟鸣,杨义先,胡正名.一个数字签名方案的安全性分析[J].通信学报,2001,22(11):72-76
[59]林婷婷,王晓峰,王尚平,王娟,向新银.限制多方验证者签名[J].计算机工程
[2]Chaum D,Van E H.Group signatures[C].Advances in Cryptology-EUROCRYPT' 91,LNCS 547.Berlin:Springer-Verlag,1991:257-265
[3]Chen L,Pedersen T P.New group signature schemes[M].Advances in Cryptology-EUROCRYT94,Springer-Verlag,1995,950:171-181
[4]Camenish J,Stadler M.Efficient group signature schemes for large groups[C].Kaliski BS,editor,Advances in Cryptology-EUROCRYPT' 97,LNCS 1294.Berlin:Springer-Verlag,1997:410-424
[5]Ateniese G,Camenisch J,Joye M,Tsudik G.A practical and provably secure coalition-resistantgroup signature scheme,LNCS 1880.Springer-Verlag,2000,255-270
[6]Bresson E,Stern J.Efficient revocation in group signature[J].Proc.of the PKC' 01,LNCS 1992.Heidelberg:Springer-Verlag,2001,190-206
[7]Camenisch J.Group signature schemes and payment systems based on the discrete logarithm problem[J].ETH-Series in Information Security an Cryptography,Hartung-Gorre Verlag,Konstanz,1998,2
[8]Shannon C E.Communication Theory of Secrecy System[J].Bell System Technical Journal,1949,28(4):656-715
[9]冯西桥.汪小芬.群签名体制的研究与设计[D].西安电子科技大学硕士学位论文,2006
[10]王娟.基于身份的群签名方案研究[D].西安理工大学硕士学位论文,2007
[11]张键红,伍前红,邹建成,王育民.一种高效的群签名[M].电子学报,2005,33(6):1113-1115
[12]张福泰,张方国,王育民.群签名及其应用[J].通信学报,2001,22(1):77-85
[13]乔汇东.群签名的研究与应用[D].中南大学硕士学位论文,2007
[14]陈晓峰,王育民.基于匿名通讯信道的安全电子投票方案[J].电子学报,2003,31(3):39-93
[15]冯西桥.汪小芬.群签名体制的研究与设计[D].西安电子科技大学硕士学位论文,2006
[16]Song D X.Practical forward secure group signature schemes[J].Proceedings of the 8th ACM Conference on Computer and Communications Security(CCS 2001).New York:ACM Press,2001:225-234
[17]Chaum D.Blind signature for untraceable payments[J].Proc Advances in Cryptology EURO-CRYPT' 82.Brussels,1983,199-203
[18]Lysyanskaya A,Ramzan Z.Group blind signature:A scalable solution to electronic cash[J].Proceedings of Financial Cryptography(FC' 98),LNCS 1465.Springer-Verlag,1998,184-197
[19]施荣华,周玉.一种前向安全的动态子群签名方案.计算机工程与应用 [J],2006,30
[20]罗敏,李漩,施荣华.一类(t,n)门限群签名方案的安全性分析[J].计算机工程与应用,2005,41(5):44-46
[21]Diffie B,Hellman M.New Directions in Cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654
[22]Ateniese G,Camenisch J,M Joye,G Tsudik.A practical and provably secure coalition-resistant group signature scheme[C].Bellare M,editor,Advances in Cryptoloty-Crypto' 2000,LNCS 1880.Berlin:Springer-Verlag,2000:255-270
[23]Giuseppe A,Breno D M.Efficient group signatures without trapdoors[C].Proceedings of ASIACRYPT' 03,LNCS 2894,Berlin:Springer-Verlag,2003:246-268
[24]Boneh D,Franklin M.Identity-based encryption from the weil pairings[C].Kilian J,editor,Advances in Cryptoloty-Crypto' 2001,LNCS 2139.Berlin:Springer-Verlag,2001:213-229
[25]Hess F.Efficient identity based signature schemes based on pairings[C].Selected Areas in Cryptography 9~(th)Annual International Workshop(SAC 2002),LNCS 2595.Berlin:Springer-Verlag,2003:310-324
[26]徐兴中.基于离散对数群签名的电子现金系统的研究[D].湖南大学硕士学位论文,2007
[27]王桂林,卿斯汉.几个门限群签名方案的弱点[J].软件学报2001,11(10):1326-1332
[28]William Stallings著,刘玉珍等译.密码编码学与网络安全—原理与实践(第三版)[M].北京:电子工业出版社,2004,75-77
[29]宋震等,密码学[M].北京:中国水利水电出版社,2002,7
[30]蔡勉,孙兴芳.一种安全的授权群签名方案[J].北京工业大学学报,2006,32(5):431-435
[31]Schneie B.《应用密码学》吴世忠等译[M].机械工业出版社,2000
[32]严亚俊,马文平,王新梅,郭淑霞.基于XTR的盲群签名方案[J].计算机应用研究,2005,22(5):108-109
[33]Anderson R.Two remarks on public key cryptology[EB/OL].http://www.cl.cam.ac.uk/ techreports/ UCAM-CL-TR-549.pdf,1997
[34]Cheng C H,Cheng W M,Wong K F.Security Issues for Electonic Voting Systems[J].COMPUTER ENGINEERING,1999 s1
[35]Kenneth G,Paterson,Jacob C N.Efficient Identity-Based Signatures Secure in the Standard Model[C].ACISP 2006,LNCS 4058,2006,207-222
[36]何业峰.有效的动态群签名方案[J].山东大学学报(理学版),2005,40(4):23-27
[37]徐光宝,张建中.一种基于离散对数的群签名方案[J].计算机工程,2005,31(9):143-144
[38]林松,何德全.改进的基于离散对数的群签名方案[J].计算机工程与应用,2005,41(18):139-143
[39]鞠宏伟,李凤银.基于DSA的群签名方案及其应用[J].信息技术与信息化,2005,(4):79-81,86
[40]冯修玉,施荣华,彭艳.一种零知识证明的群签名方案[J].计算机工程与应用, 2005,41(33):122-123
[41]李凤银,鞠宏伟.一种基于RSA的群签名方案[J].计算机工程与设计,2006,27(16):2955-295
[42]陈少真,李大兴.基于变型DSA的有效群签名[J].计算机工程与设计,2004,25(3):323-326
[43]陈少真,李大兴.基于变型DSA的有效群签名[J].计算机工程与设计,2004,25(3):323-326
[44]钟军,何大可.ACJT群盲签名方案[J].计算机工程,2007,33(1):19-21
[45]柳欣,徐秋亮,尚久庆.基于ACJT方案构造高效多群签名方案[J].通信学报,2005,26(4):38-44
[46]陈泽文,张龙军,王育民,黄继武,黄达人.一种基于中国剩余定理的群签名方案[J].电子学报,2004,32(7):1062-1065
[47]李梦东,杨义先,马春光,蔡满春.由群签名实现的可撤销匿名性的电子现金方案.北京邮电大学学报,2005,28(2):30-33
[48]孙瑾,王尚平,明洋,王铁英.基于动态群签名方案的公平电子货币方案[J].计算机应用研究,2005,22(9):115-118
[49]苏云学,祝跃飞,闫丽萍.一个利用群签名的电子拍卖协议[J].计算机应用,2005,25(1):157-159
[50]费雄伟,李瑛.群签名及其在电子现金中的应用[J].山西科技,2007
[51]彭银桥,甘元驹,陈月峰,彭凌西,邓锐.一种基于Ohta一Okamoto签名的门限群签名方案[J].湛江海洋大学学报,2005,25(4):76-78
[52]王常吉,蒋文保.用限制性群盲签名构造电子现金系统[J].通信学报,2001,22(12):63-69
[53]张串绒,张彤,肖国旗.前向安全可公开验证签密方案[J].计算机工程与应用,2006,42(21):103-105
[54]何业锋.群签名方案的设计与分析[D].西安:陕西师范大学,2004
[55]张兴兰,冯登国.共享的安全群签名方案[J]。计算机工程与设计,2006,27(13):2314-2316
[56]胡斌,施荣华,娄悦.一种改进的基于中国剩余定理的群签名方案[J].计算机工程与应用,2006,42(24):115-117
[57]王凤和,王春晓.一种基于中国剩余定理的群签名方案的攻击及其改进方案[J].电子与信息学报,2007,29(1):182-184
[58]吴秋新,钟鸣,杨义先,胡正名.一个数字签名方案的安全性分析[J].通信学报,2001,22(11):72-76
[59]林婷婷,王晓峰,王尚平,王娟,向新银.限制多方验证者签名[J].计算机工程