门限RSA签名方案的设计和实现
|
摘要
随着现代通信技术和计算机技术的迅速发展,尤其是互联网的迅猛发展,网络安全成为与互联网的生存和发展密切相关的技术。虽然现代密码学中的对称密码体制、公钥密码体制、数字签名和密钥交换技术起到了保障安全的作用,但这些算法都将数据的安全性简单的归于一个规模很小的单一密钥。一旦该密钥泄漏,整个系统就将崩溃,使得所有用此密钥加密的文件会被破解,而攻击者可利用此密钥肆意的签署任何文件,势必给密钥所有者造成非常严重的后果。因此如何在现有的密码体制和数字签名体制的基础上,构建一个更好的方案保护和管理密钥,是决定现实中系统的安全性的关键。
随后密码学上出现了一批优秀的密钥管理技术。如在1993年美国提出的密钥托管理论和技术,国际化标准组织制定的X.509标准和麻省理工学院开发的Kerboros协议等。之后又出现了一种分割秘密的技术,即秘密共享技术。自1979年,Shamir提出了这种技术以来,秘密共享和门限的理论技术得到了极大的发展和应用。
数字签名作为一种保障信息安全的技术,保证了信息的完整性、不可伪造性、不可否认性。将数字签名技术和秘密共享技术相结合便形成了门限签名技术,门限签名技术是普通数字签名技术的一个推广,而(t,n)门限签名是指:一个由n个成员所组成的群中任意t个成员可以产生门限签名。
本文的研究内容是门限RSA签名方案的设计与实现。首先分析了当前门限RSA签名技术的研究背景和国内外的研究现状。在介绍了基本的密码学基础知识后,本文介绍了著名的Shoup门限RSA签名方案,然后重点介绍了一种基于新型秘密共享方法的高效门限RSA签名方案,在效率上进行了分析,并根据该方案的特点和量化分析结果,构造了一个具有分布式可信中心的门限签名系统,大大提高了子密钥分发的效率。本文还构造了“一种基于RSA的面向群的门限签名方案”可以实现多个独立的群之间联合进行门限签名。最后本文在选取的门限RSA签名方案的理论基础上,加上部分签名协议,采用OpenSSL开源代码库和VS2005集成开发环境,设计和实现了一个具有可信中心的门限RSA签名软件系统。
With rapid development of the modern Information & Communications Technology and computer technology, especially the development of the internet, network security becomes a hotspot in IT filed to keep the survival and development of the internet. Although modern cryptography provides symmetric-key block ciphers, public-key encryption, digital signature and key exchange technology to guarantee the information safety, all those algorithms' safety only relies on a small scale key. Once the key is leaked, the whole system would collapse and lead to the encrypted files decrypted and maliciously sign illegal files with the key by hackers which results in serious consequences. So it becomes a key problem how to build a better security protection scheme and key management system by making use of the cryptography algorithm in practice.
Then there are many outstanding key management technologies, such as the theory of secret trusteeship raised by American in 1993, X.509 standard established by International Organization of Standardization and Kerberos Protocol etc. Since 1979, Shamir presents the theory of secret sharing and threshold scheme, which promotes the development and practical application of this theory.
Digital signature as an information safety technology plays an important role in protecting the integrity of the data, undeniability and verifiability of information. Combining the digital signature with the secret sharing technology leads to the birth of the threshold signature technology. And the (t, n) threshold signature means that only t or more participators can produce the signature.
First, the thesis analyses the research background of threshold RSA signature technology and the evolvement of the theory in the world. After introducing basic knowledge of the cryptology, this thesis introduces the famous threshold RSA signature the Shoup's scheme, and summarizes the general problems in existing schemes. Then focus on introducing "A New RSA Threshold Group Signature Scheme Based on Modified Shamir's Secret Sharing Solution", analyzing them in respect of efficiency, and design a distributed trusted center based on the this scheme and the quantitative analysis result, improving the efficiency of distributing sub-kyes process. Then this thesis introduces "A Threshold Signature Scheme for Multiple Groups based on RSA" scheme used to provide the threshold signature function for multiple independent groups. Finally, this thesis introduces the threshold RSA signature system with a trusted center based on the the chosen scheme and the robust and efficient sharing of RSA functions, which designed and developed by the author with the OpenSSL library and VS2005 Integrated Development Environment.
随后密码学上出现了一批优秀的密钥管理技术。如在1993年美国提出的密钥托管理论和技术,国际化标准组织制定的X.509标准和麻省理工学院开发的Kerboros协议等。之后又出现了一种分割秘密的技术,即秘密共享技术。自1979年,Shamir提出了这种技术以来,秘密共享和门限的理论技术得到了极大的发展和应用。
数字签名作为一种保障信息安全的技术,保证了信息的完整性、不可伪造性、不可否认性。将数字签名技术和秘密共享技术相结合便形成了门限签名技术,门限签名技术是普通数字签名技术的一个推广,而(t,n)门限签名是指:一个由n个成员所组成的群中任意t个成员可以产生门限签名。
本文的研究内容是门限RSA签名方案的设计与实现。首先分析了当前门限RSA签名技术的研究背景和国内外的研究现状。在介绍了基本的密码学基础知识后,本文介绍了著名的Shoup门限RSA签名方案,然后重点介绍了一种基于新型秘密共享方法的高效门限RSA签名方案,在效率上进行了分析,并根据该方案的特点和量化分析结果,构造了一个具有分布式可信中心的门限签名系统,大大提高了子密钥分发的效率。本文还构造了“一种基于RSA的面向群的门限签名方案”可以实现多个独立的群之间联合进行门限签名。最后本文在选取的门限RSA签名方案的理论基础上,加上部分签名协议,采用OpenSSL开源代码库和VS2005集成开发环境,设计和实现了一个具有可信中心的门限RSA签名软件系统。
With rapid development of the modern Information & Communications Technology and computer technology, especially the development of the internet, network security becomes a hotspot in IT filed to keep the survival and development of the internet. Although modern cryptography provides symmetric-key block ciphers, public-key encryption, digital signature and key exchange technology to guarantee the information safety, all those algorithms' safety only relies on a small scale key. Once the key is leaked, the whole system would collapse and lead to the encrypted files decrypted and maliciously sign illegal files with the key by hackers which results in serious consequences. So it becomes a key problem how to build a better security protection scheme and key management system by making use of the cryptography algorithm in practice.
Then there are many outstanding key management technologies, such as the theory of secret trusteeship raised by American in 1993, X.509 standard established by International Organization of Standardization and Kerberos Protocol etc. Since 1979, Shamir presents the theory of secret sharing and threshold scheme, which promotes the development and practical application of this theory.
Digital signature as an information safety technology plays an important role in protecting the integrity of the data, undeniability and verifiability of information. Combining the digital signature with the secret sharing technology leads to the birth of the threshold signature technology. And the (t, n) threshold signature means that only t or more participators can produce the signature.
First, the thesis analyses the research background of threshold RSA signature technology and the evolvement of the theory in the world. After introducing basic knowledge of the cryptology, this thesis introduces the famous threshold RSA signature the Shoup's scheme, and summarizes the general problems in existing schemes. Then focus on introducing "A New RSA Threshold Group Signature Scheme Based on Modified Shamir's Secret Sharing Solution", analyzing them in respect of efficiency, and design a distributed trusted center based on the this scheme and the quantitative analysis result, improving the efficiency of distributing sub-kyes process. Then this thesis introduces "A Threshold Signature Scheme for Multiple Groups based on RSA" scheme used to provide the threshold signature function for multiple independent groups. Finally, this thesis introduces the threshold RSA signature system with a trusted center based on the the chosen scheme and the robust and efficient sharing of RSA functions, which designed and developed by the author with the OpenSSL library and VS2005 Integrated Development Environment.
引文
[1]冯登国,吴文玲.分组密码的设计与分析.清华大学出版社,2002.9.
[2]王育民,何大可.保密学--基础与应用.西安电子科技大学出版社,1990.
[3]Bruce Schneier.应用密码学:协议、算法与C语言程序.吴世忠等译.机械工业出版社,2001.1.
[4]卢开澄.计算机密码学--计算机网络中的数据保密与安全(第二版).清华大学出版社,1998.
[5]William Stallings.密码编码学与网络安全:原理与实践(第二版).杨明,胥光辉,齐望东等译.电子工业出版社,2001.
[6]V.Shoup.Practical threshold signatures.IBM Research Report RZ 3121,April 1999.A revised version of this paper appears in Proc.Eurocrypt'2000.
[7]Y.Desmedt,Y.Frankel.Shared Generation of Authenticators and Signatures.In:J.Feigenbaum ed.,Advances in Cryptology- Crypto' 91 Proceedings(LNCS 576).Berlin:Springer Verlag,1992:475-469.
[8]Y.Desmedt.Society and Group Oriented Cryptography:A New Concept.In:C.Pomerance ed,,Advances in Cryptology- Crypto'87 Proceedings(LNCS 293).Berlin:Springer-Verlag,1988:120-127.
[9]R.Gennaro,S.Jarecki,H.Krawczyk,T.Rabin.Robust and Efficient Sharing of RSA Functions.In:N.Koblitz ed.,Advances in Cryptology -Crypto' 96Proceedings(LNCS 1109).Berlin:Springer-Verlag,1996:157-172.
[10]C.T.Wang,C.H.Lin,C.C.Chang.Threshold Signature Schemes with Traceable Signers in Group Communications.Computer Communications.1998,21(8):771-776.
[11]冯登国.基于离散对数问题的(t,n)门限数字签名方案.密码与信息.1997,6(1):11-13.
[12]Wang Gui-lin,Qing Si-han.A Threshold Undeniable Signature Scheme Without a Trusted Party.Journal of Software.2002,13(9):1757-1764.
[13]王斌,李建华.无可信中心的(t,n)门限签名方案.计算机学报.2003,26(11):1581-1584.
[14]徐秋亮.改进门限RSA数字签名体制.计算机学报.2000,23(5):449-453.
[15]王贵林,卿斯汉,王明生.Shoup门限RSA签名方案的改进.计算机研究 与发展.2002,39(9):1046-1050.
[16]张文芳,何大可,王小敏,郑宇.基于新型密钥共享方法的高效RSA门限签名方案.电子与信息学报.2005,27(11):1745-1749.
[17]王贵林,王明生,卿斯汉,冯登国.一个简单而安全的门限RSA签名方案.中国科学院研究生院学报.2001,18(2):124-129.
[18]Q.L.Xiu,T.S.C.An Efficient Threshold RSA Digitalsignature Scheme.Applied Mathematics and Computation,2005,166(1):25-34.
[19]W.Diffie,M.Hellman.New Directions in Cryptography.IEEE Transactions on Information Theory.1976,22(6):644-654.
[20]R.Rivest,A.Shamir,and L.Adleman.A method for Obtaining Digital Signatures and Public Key Crypto System.Communications of the ACM.1978,21(2):120-126.
[21]RSA Laboratories."PKCS#1 v2.1:RSA Cryptography Standard".2002.Available on line at http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/index.html
[22]ElGamal.Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithm,IEEE Transactions on Information Theory.1985,31(7):469-472.
[23]SECG."SEC1:Elliptic Curve Cryptography".Standards for Efficient Cryptography Group,2000.Available on line at http://www.secg.org/secg_docs.htm.
[24]Chaum D,Van Heyst E.Group signatures.In:D.W.Davies ed.,Advances in Cryptology-Eurocrypt'91 Proceedings(LNCS 547).Berlin:Springer-Verlag,1991:257-265.
[25]张福泰,张方国,王育民.群签名及其应用[J].通信学报.2001,22(1):77-85.
[26]Chen L,Pedersen T.On the efficiency of group signatures providing information-theoretic anonymity.In:L.Guillouand and J.J.Jacques eds.,Advances in Cryptology-Eurocrypt'95 Proceedings(LNCS 921).Berlin:Springer- Verlag,1995:39-49.
[27]Chen L,Pedersen T.New group signature schemes.In:A.D.Santis ed.,Advances in Cryptology-Eurocrypt'94 Proceedings(LNCS 950).Berlin:Springer-Verlag,1995:171-181.
[28]Camenish J.Efficient and generalized group signatures.In:W.Fumy ed.,Advances in Cryptology-Eurocrypt' 97.Berlin:Springer-Verlag,1997: 465-479.
[29]Camenish J,Stadler M.Efficient group signatures for large groups.In:B.Kaliski ed.,Advances in Cryptology-Crypto'97(LNCS 1294).Berlin:Springer-Verlag,1997:410-424.
[30]王贵林,卿斯汉.几个门限群签名方案的弱点.软件学报,2002,11(10):1362-1332.
[31]C.Boyd.Digital Multisignatures.Cryptography and Coding.1989:241-246.
[32]Y.Frankel.A Practical Protocol for Large Group Oriented Networks.In:J.J.Quisquater and J.Vandewalle eds.,Advances in Cryptology -Eurocrypt'89Proceedings(LNCS 434).Berlin:Springer-Verlag,1990:56-61.
[33]Boneh D,Franklin M.Efficient generation of shared RSA keys.Journal of the ACM.2001,48(4):702-722.
[34]M.Ben-Or,S.Goldwasser,A.Wigderson.Completeness theorems for non-cryptographic fault tolerant distributed computation.Proceedings of the twentieth annual ACM symposium on Theory of computing.Chicago,Illinois,United States.1988:1-10.
[35]J.Benaloh(Cohen).Secret sharing homomorphisms:keeping shares of a secret secret.In:A.M.Odlyzko ed.,Advances in Cryptology- Crypto'86Proceedings(LNCS 263).Berlin:Springer-Verlag,1987:251-260.
[36]A.Shamir.How to Share a Secret.Communications of the ACM.1979,22(11):612-613.
[37]D.Chaum,T.P.Pedersen.Transferred Cash Grows in Size.Advances in Cryptology-Eurocrypt'92 Proceedings(LNCS 658).Berlin:Springer-Verlag,1993.390-407.
[38]D.Chaum,and T.P.Pedersen.Wallet Databases With Observers.In:E.F.Brickell ed.,Advances in Cryptology-Crypto'92 Proceedings(LNCS 740).Berlin:Springer-Verlag,1993.89-105.
[39]张文芳,门限签名方案的设计与分析,西南交通大学博士论文,2006年.
[40]SSL 3.0 Specification.http://wp.netscape.com/eng/ss13/.
[41]RFC2246:The TLS Protocol(Version 1.0).http://www.faqs.rfcs/rf -cfc2246.html.
[42]Wagner D,Schneier B.Analysis of the SSL 3.0 Protocol.The Second Usenix Workshop on Electronic Commerce Proceedings,Usenix Press,1996, 11:29-44.
[43]Eric Rescorla著.SSL与TLS.崔凯译.中国电力出版社,2002.
[44]OpenSSL源程序及文档.Available on line at http://www.openssl.Org.
[45]王志海.OpenSSL与网络信息安全--基础、结构和指令.http://www.openssl.cn.
[46]Stephen Thomas.SSL and TLS Essentials Securing the Web.John Wiley&Sons,Inc.2000.
[47]Pravir Chandra,Matt Messier,John Vieqa.Network Security with OpenSSL.O'Reilly.
[48]David J.Kruglinski著.Visual C++技术内幕(第四版).潘爱民等译.清华大学出版社.2002.
[49]陈坚.实用Visual C++编程大全.西安电子科技大学出版社.2000.
[50]熊歆斌.Visual C++程序设计.清华大学出版社.2002.
[2]王育民,何大可.保密学--基础与应用.西安电子科技大学出版社,1990.
[3]Bruce Schneier.应用密码学:协议、算法与C语言程序.吴世忠等译.机械工业出版社,2001.1.
[4]卢开澄.计算机密码学--计算机网络中的数据保密与安全(第二版).清华大学出版社,1998.
[5]William Stallings.密码编码学与网络安全:原理与实践(第二版).杨明,胥光辉,齐望东等译.电子工业出版社,2001.
[6]V.Shoup.Practical threshold signatures.IBM Research Report RZ 3121,April 1999.A revised version of this paper appears in Proc.Eurocrypt'2000.
[7]Y.Desmedt,Y.Frankel.Shared Generation of Authenticators and Signatures.In:J.Feigenbaum ed.,Advances in Cryptology- Crypto' 91 Proceedings(LNCS 576).Berlin:Springer Verlag,1992:475-469.
[8]Y.Desmedt.Society and Group Oriented Cryptography:A New Concept.In:C.Pomerance ed,,Advances in Cryptology- Crypto'87 Proceedings(LNCS 293).Berlin:Springer-Verlag,1988:120-127.
[9]R.Gennaro,S.Jarecki,H.Krawczyk,T.Rabin.Robust and Efficient Sharing of RSA Functions.In:N.Koblitz ed.,Advances in Cryptology -Crypto' 96Proceedings(LNCS 1109).Berlin:Springer-Verlag,1996:157-172.
[10]C.T.Wang,C.H.Lin,C.C.Chang.Threshold Signature Schemes with Traceable Signers in Group Communications.Computer Communications.1998,21(8):771-776.
[11]冯登国.基于离散对数问题的(t,n)门限数字签名方案.密码与信息.1997,6(1):11-13.
[12]Wang Gui-lin,Qing Si-han.A Threshold Undeniable Signature Scheme Without a Trusted Party.Journal of Software.2002,13(9):1757-1764.
[13]王斌,李建华.无可信中心的(t,n)门限签名方案.计算机学报.2003,26(11):1581-1584.
[14]徐秋亮.改进门限RSA数字签名体制.计算机学报.2000,23(5):449-453.
[15]王贵林,卿斯汉,王明生.Shoup门限RSA签名方案的改进.计算机研究 与发展.2002,39(9):1046-1050.
[16]张文芳,何大可,王小敏,郑宇.基于新型密钥共享方法的高效RSA门限签名方案.电子与信息学报.2005,27(11):1745-1749.
[17]王贵林,王明生,卿斯汉,冯登国.一个简单而安全的门限RSA签名方案.中国科学院研究生院学报.2001,18(2):124-129.
[18]Q.L.Xiu,T.S.C.An Efficient Threshold RSA Digitalsignature Scheme.Applied Mathematics and Computation,2005,166(1):25-34.
[19]W.Diffie,M.Hellman.New Directions in Cryptography.IEEE Transactions on Information Theory.1976,22(6):644-654.
[20]R.Rivest,A.Shamir,and L.Adleman.A method for Obtaining Digital Signatures and Public Key Crypto System.Communications of the ACM.1978,21(2):120-126.
[21]RSA Laboratories."PKCS#1 v2.1:RSA Cryptography Standard".2002.Available on line at http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/index.html
[22]ElGamal.Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithm,IEEE Transactions on Information Theory.1985,31(7):469-472.
[23]SECG."SEC1:Elliptic Curve Cryptography".Standards for Efficient Cryptography Group,2000.Available on line at http://www.secg.org/secg_docs.htm.
[24]Chaum D,Van Heyst E.Group signatures.In:D.W.Davies ed.,Advances in Cryptology-Eurocrypt'91 Proceedings(LNCS 547).Berlin:Springer-Verlag,1991:257-265.
[25]张福泰,张方国,王育民.群签名及其应用[J].通信学报.2001,22(1):77-85.
[26]Chen L,Pedersen T.On the efficiency of group signatures providing information-theoretic anonymity.In:L.Guillouand and J.J.Jacques eds.,Advances in Cryptology-Eurocrypt'95 Proceedings(LNCS 921).Berlin:Springer- Verlag,1995:39-49.
[27]Chen L,Pedersen T.New group signature schemes.In:A.D.Santis ed.,Advances in Cryptology-Eurocrypt'94 Proceedings(LNCS 950).Berlin:Springer-Verlag,1995:171-181.
[28]Camenish J.Efficient and generalized group signatures.In:W.Fumy ed.,Advances in Cryptology-Eurocrypt' 97.Berlin:Springer-Verlag,1997: 465-479.
[29]Camenish J,Stadler M.Efficient group signatures for large groups.In:B.Kaliski ed.,Advances in Cryptology-Crypto'97(LNCS 1294).Berlin:Springer-Verlag,1997:410-424.
[30]王贵林,卿斯汉.几个门限群签名方案的弱点.软件学报,2002,11(10):1362-1332.
[31]C.Boyd.Digital Multisignatures.Cryptography and Coding.1989:241-246.
[32]Y.Frankel.A Practical Protocol for Large Group Oriented Networks.In:J.J.Quisquater and J.Vandewalle eds.,Advances in Cryptology -Eurocrypt'89Proceedings(LNCS 434).Berlin:Springer-Verlag,1990:56-61.
[33]Boneh D,Franklin M.Efficient generation of shared RSA keys.Journal of the ACM.2001,48(4):702-722.
[34]M.Ben-Or,S.Goldwasser,A.Wigderson.Completeness theorems for non-cryptographic fault tolerant distributed computation.Proceedings of the twentieth annual ACM symposium on Theory of computing.Chicago,Illinois,United States.1988:1-10.
[35]J.Benaloh(Cohen).Secret sharing homomorphisms:keeping shares of a secret secret.In:A.M.Odlyzko ed.,Advances in Cryptology- Crypto'86Proceedings(LNCS 263).Berlin:Springer-Verlag,1987:251-260.
[36]A.Shamir.How to Share a Secret.Communications of the ACM.1979,22(11):612-613.
[37]D.Chaum,T.P.Pedersen.Transferred Cash Grows in Size.Advances in Cryptology-Eurocrypt'92 Proceedings(LNCS 658).Berlin:Springer-Verlag,1993.390-407.
[38]D.Chaum,and T.P.Pedersen.Wallet Databases With Observers.In:E.F.Brickell ed.,Advances in Cryptology-Crypto'92 Proceedings(LNCS 740).Berlin:Springer-Verlag,1993.89-105.
[39]张文芳,门限签名方案的设计与分析,西南交通大学博士论文,2006年.
[40]SSL 3.0 Specification.http://wp.netscape.com/eng/ss13/.
[41]RFC2246:The TLS Protocol(Version 1.0).http://www.faqs.rfcs/rf -cfc2246.html.
[42]Wagner D,Schneier B.Analysis of the SSL 3.0 Protocol.The Second Usenix Workshop on Electronic Commerce Proceedings,Usenix Press,1996, 11:29-44.
[43]Eric Rescorla著.SSL与TLS.崔凯译.中国电力出版社,2002.
[44]OpenSSL源程序及文档.Available on line at http://www.openssl.Org.
[45]王志海.OpenSSL与网络信息安全--基础、结构和指令.http://www.openssl.cn.
[46]Stephen Thomas.SSL and TLS Essentials Securing the Web.John Wiley&Sons,Inc.2000.
[47]Pravir Chandra,Matt Messier,John Vieqa.Network Security with OpenSSL.O'Reilly.
[48]David J.Kruglinski著.Visual C++技术内幕(第四版).潘爱民等译.清华大学出版社.2002.
[49]陈坚.实用Visual C++编程大全.西安电子科技大学出版社.2000.
[50]熊歆斌.Visual C++程序设计.清华大学出版社.2002.