基于椭圆曲线上的数字签名、签密方案的研究
|
摘要
随着信息技术的高速发展和计算机网络技术的广泛应用,信息安全问题显得越来越重要,已经成为国内外计算机和网络应用领域普遍关注的热门研究课题。数字签名作为认证的主要手段,为信息安全提供了重要的技术支撑。
1985年Koblitz和Miler分别提出在椭圆曲线上构造密码系统(EEC)的思想,基于椭圆曲线上的具有签密功能的数字签名方案整合了加密、解密、数字签名三种技术,比单独进行加密、解密、数字签名节省了计算量和通信成本。本文对椭圆曲线上的基于证书和基于身份的数字签名方案进行了深入地研究。主要工作如下:
介绍了椭圆曲线公钥密码系统理论和基于证书和基于身份的数字签名理论。
在基于证书的椭圆曲线上的数字签名和签密方案中,选取了具有代表性的赵的数字签密方案,指出了赵的方案不完全满足数字签密的安全特性。针对赵方案的缺陷,提出了一种理想的数字签密方案,此方案满足消息的机密性、完整性、签名方程的不可伪造、可身份认证、防抵赖、前向安全性、密文的公开验证性,且能抵抗Bob的恶意伪造攻击等8项安全性能。
利用椭圆曲线上双线性对的性质,另辟新径,构造了一个新的签名方案。这种方案可以同时满足公开验证性和前向安全性及其他安全特性,不需要利用双私钥,并把这种签名思想应用到基于身份的门限签密方案中,从而使得基于身份的门限签密方案也同时具有前向安全性和公开验证性且满足其他特性。
通过对基于证书的公钥密码体系与基于身份的公钥密码体系的比较,指出了现有的基于身份的公钥密码体系的优点及存在的问题。利用椭圆曲线上双线性对的性质以及基于椭圆曲线上的CDLP难解问题和双线性对上CDHP难解问题,提出了一个不需要用户公钥证书,也不需要密钥托管的密钥分发新协议,并结合Cha-Cheon签名给出了安全性和性能分析。
With the rapid development of information technique and the large-scale application of network technique, information security is becoming more and more important, and is becoming a generally concerned research topic in domestic and international computer and network application field. As the main means of the authentication, the digital signature has provided an important technique for information security.
In 1985, Koblitz and Miller independently proposed using the group of points on an elliptic curve defined over a finite field to construct cryptosystem, which is elliptic curves cryptosystems(ECC). The signcryption scheme based on elliptic curves combines encryption、decryption> digital signature technology, which needs less communication and computation than encryption、decryptions digital signature separately. In this paper, the certificate-based digital signature scheme and identity-based digital signature scheme are discussed. The main works are as follows:
The public key cryptosystems and the certificate-based digital signature scheme and identity-based digital signature scheme on elliptic curve are introduced.
Among the certificate-based digital signcryption schemes based on elliptic curves , as a example of Zhao's digital signcryption scheme ,the paper describes that Zhao's scheme does not all satisfy secure requirements of digital signcryption schemes .To get over the drawbacks of Zhao's scheme ,the paper proposed an ideal digital signcryption scheme which satisfies the confidentiality、integrality、unforgeability signature、authentications non-repudiations forward security、public verification of ciphers resist Bob's evil forge signature scheme.
The paper proposes a new digital signature scheme based on the properties of bilinear pairing, the scheme satisfies security of digital signcryption simultaneously, such as public verification and forward security, which does not need double private keys. And then, applying this technology to identity-based threshold signcryption scheme, security of scheme is same.
Comparing identity-based cryptosystems with certificate-based cryptosystems, the advantages and inherent drawbacks of existent identity-based cryptosystems are analyzed . And then, a new secure key issuing protocol based on the difficult problem of ellipse (CDLP, CDHP) and the properties of bilinear pairing are proposed, which doesn't require certificates to guarantee the authenticity of public keys and doesn't require key escrow. At last, a security and performance analyses of new Chan-Cheon signature scheme are given.
1985年Koblitz和Miler分别提出在椭圆曲线上构造密码系统(EEC)的思想,基于椭圆曲线上的具有签密功能的数字签名方案整合了加密、解密、数字签名三种技术,比单独进行加密、解密、数字签名节省了计算量和通信成本。本文对椭圆曲线上的基于证书和基于身份的数字签名方案进行了深入地研究。主要工作如下:
介绍了椭圆曲线公钥密码系统理论和基于证书和基于身份的数字签名理论。
在基于证书的椭圆曲线上的数字签名和签密方案中,选取了具有代表性的赵的数字签密方案,指出了赵的方案不完全满足数字签密的安全特性。针对赵方案的缺陷,提出了一种理想的数字签密方案,此方案满足消息的机密性、完整性、签名方程的不可伪造、可身份认证、防抵赖、前向安全性、密文的公开验证性,且能抵抗Bob的恶意伪造攻击等8项安全性能。
利用椭圆曲线上双线性对的性质,另辟新径,构造了一个新的签名方案。这种方案可以同时满足公开验证性和前向安全性及其他安全特性,不需要利用双私钥,并把这种签名思想应用到基于身份的门限签密方案中,从而使得基于身份的门限签密方案也同时具有前向安全性和公开验证性且满足其他特性。
通过对基于证书的公钥密码体系与基于身份的公钥密码体系的比较,指出了现有的基于身份的公钥密码体系的优点及存在的问题。利用椭圆曲线上双线性对的性质以及基于椭圆曲线上的CDLP难解问题和双线性对上CDHP难解问题,提出了一个不需要用户公钥证书,也不需要密钥托管的密钥分发新协议,并结合Cha-Cheon签名给出了安全性和性能分析。
With the rapid development of information technique and the large-scale application of network technique, information security is becoming more and more important, and is becoming a generally concerned research topic in domestic and international computer and network application field. As the main means of the authentication, the digital signature has provided an important technique for information security.
In 1985, Koblitz and Miller independently proposed using the group of points on an elliptic curve defined over a finite field to construct cryptosystem, which is elliptic curves cryptosystems(ECC). The signcryption scheme based on elliptic curves combines encryption、decryption> digital signature technology, which needs less communication and computation than encryption、decryptions digital signature separately. In this paper, the certificate-based digital signature scheme and identity-based digital signature scheme are discussed. The main works are as follows:
The public key cryptosystems and the certificate-based digital signature scheme and identity-based digital signature scheme on elliptic curve are introduced.
Among the certificate-based digital signcryption schemes based on elliptic curves , as a example of Zhao's digital signcryption scheme ,the paper describes that Zhao's scheme does not all satisfy secure requirements of digital signcryption schemes .To get over the drawbacks of Zhao's scheme ,the paper proposed an ideal digital signcryption scheme which satisfies the confidentiality、integrality、unforgeability signature、authentications non-repudiations forward security、public verification of ciphers resist Bob's evil forge signature scheme.
The paper proposes a new digital signature scheme based on the properties of bilinear pairing, the scheme satisfies security of digital signcryption simultaneously, such as public verification and forward security, which does not need double private keys. And then, applying this technology to identity-based threshold signcryption scheme, security of scheme is same.
Comparing identity-based cryptosystems with certificate-based cryptosystems, the advantages and inherent drawbacks of existent identity-based cryptosystems are analyzed . And then, a new secure key issuing protocol based on the difficult problem of ellipse (CDLP, CDHP) and the properties of bilinear pairing are proposed, which doesn't require certificates to guarantee the authenticity of public keys and doesn't require key escrow. At last, a security and performance analyses of new Chan-Cheon signature scheme are given.
引文
[1]V.Miller,C.Neuman,J.I.Schiller,and J.H.Saltzer., Kerberos authentication and authorization system., Project Athena Technical Plan Section E.2.1,1987
[2] N.Koblitz.Elliptic curver cryptosystems.Math.Comp,48(5):203-209,1987
[3] Ren-Junn Hwang , Chih-Hua Lai and Feng-Fu Su. An efficient signcryption scheme with forward secrecy based on elliptic curve. Applied Mathematics and Computation Volume 167, Issue 2,15 August 2005, Pages 870-881
[4]J.C. Cha and J.H. Cheon. An identity-based signature from gap Diffe-Hellman groups Public Key Cryptography-PKC 2003, LNCS 2567, Berlin:Springer-Verlag, 2003:18-30
[5] Diffie W, Hellman M. New Direction in Cryptography. IEEE Tansacalions on Information Theory,1976-11。
[6] Shamir, A Identity-Based Cryptosystems And Signature Schemes, Proceedings of CRYPTO'84, Lecture Notes in Computer Science 196, Springer-Verlag,1984,pp.47-53。
[7] Laih C, Lee J and Harn L. et al. A new scheme for ID-based cryptosystem and signature. INFOCOM '89. Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies. Technology: Emerging or Converging. IEEE. 23-27 Apr 1989, vol.3, 998-1002.
[8] Chang C and Lin C. An ID-based signature scheme based upon Rabin's public key cryptosystem. Proceedings 25th Annual IEEE International Camahan Conference on Security Technology, October 1-3,1991, pp. 139-141.
[9] Agnem G, Mullin R, and Vanstone S. Improved digital signature scheme based on discrete exponentitation. Electron. Lett., 1990, 26(14): 1024-1025.
[10] Harn L,Yang S. ID-based cryptographic schemes for user identificationd, digital signature, and key distribution. IEEE Journal on selected areas in communications,1993, 11(5),757-760.
[11] Nishioka T, Hanaoka G, and Imai H. A new digital signature scheme on ID-based key-sharing infrastructures. Information Security: 2nd International Workshop,ISW'99, LNCS 1729, Springer-Verlag, Berlin, 1999, pp. 259-270.
[12]D.Boneh and M.Franklin.Identity-based encryption from the weil pairing.Advances in Cryptology-CRYPTO 2001,LNCS 2139,Berlin:Springer-Verlag,2001:213-229.
[13]D.Boneh,B.Lynn,and H.Shacham.Short signatures from the weil pairing.Advances in Cryptology-ASIACRYPT 2001,LNCS 2248,Berlin:Springer-Verlag,2001:514-532.
[14]F.Hess.Efficient identity based signature schemes based on pairings.Selected Areas in Cryptography-SAC 2002,LNCS 2595,Berlin:Springer-Verlag,2003:310-324.
[15]X.Cheng,J.Liu,and X.Wang.An identity-based signature and its threshold version.19th International Conference on Advanced Information Networking and Applications-AINA'05,Taipei,Taiwan,2005:973-977.
[16]B.Libert and J.J.Quisquater.A new identity based signcryption schemes from pairings.2003 IEEE Information Theory Workshop,Paris,France,2003:155-158.
[17]S.S.M.Chow,S.M.Yiu,L.C.K.Hui,and K.P.Chow.E?cient forward and provably secure ID-based signcryption scheme with public veriability and public ciphertext authenticity.Information Security and Cryptology-ICISC 2003,LNCS 2971,Berlin:Springer-Verlag,2004:352-369.
[18]Kohnfelder L.Towards a Practical Public Key Cryptosystem[Bachelor's Thesis].MIT,1978.05
[19]Certicom Corp.Current Public-Key Cryptographic Systems.http//www.certicom.com
[20]张龙军,赵霖,沈钧毅.基于有限域的椭圆曲线密码体制的建立研究.小型微型计算机系统.2000,21(10).1039-1041
[21].Menezes A J,Okamoto T,Vanstone S A.Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field[J].IEEE Transactions on Information Theory,1993,39(5):1639-1646.
[22]Mbarreto P S L,Kim H Y,Lynn B,et al.Efficient Algorithms for Pairing-based Cryptosystems[C]. Proceedings of Crypto'02.Springer- Verlag, 2002:354-369.
[23] MohanAtreya. 数字签名.北京:清华大学出版社, 2003.1.
[24] Nyberg K,Rueppel R A.Message recovery for signature schemes based on the discrete logarithm [C].Advances in Cryptology Eurocrypt' 94. Berlin:Spring-Verlag,1994.175-190.
[25] Ze-Mao Zhao,Feng-Yu Liu .Method of constructing elliptic curver authenticated encryption scheme.Applied Mathematics and Computation 168 (2005)146-151.
[26] B.Lee, C.Boyd, E.Dawson, K.Kim, J.Yang, S.Yoo, Secure Key Issuing in ID-based Cryptography, In proceedings of the Second Australian Information Security Workshop AISW2004, ACS conferences in Research and Practice in Information Technology vol32,pp.69-74,2004.
[27] R.Gangishetti ,M.C.Gorantla, M.L.Das, A Saxena and V.P.Gulati ,An Efficient Secure Key Issuing Protocol in ID-Based Cryptosystems ,In Proceeding of the International Conference on Information Technology ,Coding and Computing (ITCC'05), vol 1, IEEE Computer Society, pp.674-678,2005.
[2] N.Koblitz.Elliptic curver cryptosystems.Math.Comp,48(5):203-209,1987
[3] Ren-Junn Hwang , Chih-Hua Lai and Feng-Fu Su. An efficient signcryption scheme with forward secrecy based on elliptic curve. Applied Mathematics and Computation Volume 167, Issue 2,15 August 2005, Pages 870-881
[4]J.C. Cha and J.H. Cheon. An identity-based signature from gap Diffe-Hellman groups Public Key Cryptography-PKC 2003, LNCS 2567, Berlin:Springer-Verlag, 2003:18-30
[5] Diffie W, Hellman M. New Direction in Cryptography. IEEE Tansacalions on Information Theory,1976-11。
[6] Shamir, A Identity-Based Cryptosystems And Signature Schemes, Proceedings of CRYPTO'84, Lecture Notes in Computer Science 196, Springer-Verlag,1984,pp.47-53。
[7] Laih C, Lee J and Harn L. et al. A new scheme for ID-based cryptosystem and signature. INFOCOM '89. Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies. Technology: Emerging or Converging. IEEE. 23-27 Apr 1989, vol.3, 998-1002.
[8] Chang C and Lin C. An ID-based signature scheme based upon Rabin's public key cryptosystem. Proceedings 25th Annual IEEE International Camahan Conference on Security Technology, October 1-3,1991, pp. 139-141.
[9] Agnem G, Mullin R, and Vanstone S. Improved digital signature scheme based on discrete exponentitation. Electron. Lett., 1990, 26(14): 1024-1025.
[10] Harn L,Yang S. ID-based cryptographic schemes for user identificationd, digital signature, and key distribution. IEEE Journal on selected areas in communications,1993, 11(5),757-760.
[11] Nishioka T, Hanaoka G, and Imai H. A new digital signature scheme on ID-based key-sharing infrastructures. Information Security: 2nd International Workshop,ISW'99, LNCS 1729, Springer-Verlag, Berlin, 1999, pp. 259-270.
[12]D.Boneh and M.Franklin.Identity-based encryption from the weil pairing.Advances in Cryptology-CRYPTO 2001,LNCS 2139,Berlin:Springer-Verlag,2001:213-229.
[13]D.Boneh,B.Lynn,and H.Shacham.Short signatures from the weil pairing.Advances in Cryptology-ASIACRYPT 2001,LNCS 2248,Berlin:Springer-Verlag,2001:514-532.
[14]F.Hess.Efficient identity based signature schemes based on pairings.Selected Areas in Cryptography-SAC 2002,LNCS 2595,Berlin:Springer-Verlag,2003:310-324.
[15]X.Cheng,J.Liu,and X.Wang.An identity-based signature and its threshold version.19th International Conference on Advanced Information Networking and Applications-AINA'05,Taipei,Taiwan,2005:973-977.
[16]B.Libert and J.J.Quisquater.A new identity based signcryption schemes from pairings.2003 IEEE Information Theory Workshop,Paris,France,2003:155-158.
[17]S.S.M.Chow,S.M.Yiu,L.C.K.Hui,and K.P.Chow.E?cient forward and provably secure ID-based signcryption scheme with public veriability and public ciphertext authenticity.Information Security and Cryptology-ICISC 2003,LNCS 2971,Berlin:Springer-Verlag,2004:352-369.
[18]Kohnfelder L.Towards a Practical Public Key Cryptosystem[Bachelor's Thesis].MIT,1978.05
[19]Certicom Corp.Current Public-Key Cryptographic Systems.http//www.certicom.com
[20]张龙军,赵霖,沈钧毅.基于有限域的椭圆曲线密码体制的建立研究.小型微型计算机系统.2000,21(10).1039-1041
[21].Menezes A J,Okamoto T,Vanstone S A.Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field[J].IEEE Transactions on Information Theory,1993,39(5):1639-1646.
[22]Mbarreto P S L,Kim H Y,Lynn B,et al.Efficient Algorithms for Pairing-based Cryptosystems[C]. Proceedings of Crypto'02.Springer- Verlag, 2002:354-369.
[23] MohanAtreya. 数字签名.北京:清华大学出版社, 2003.1.
[24] Nyberg K,Rueppel R A.Message recovery for signature schemes based on the discrete logarithm [C].Advances in Cryptology Eurocrypt' 94. Berlin:Spring-Verlag,1994.175-190.
[25] Ze-Mao Zhao,Feng-Yu Liu .Method of constructing elliptic curver authenticated encryption scheme.Applied Mathematics and Computation 168 (2005)146-151.
[26] B.Lee, C.Boyd, E.Dawson, K.Kim, J.Yang, S.Yoo, Secure Key Issuing in ID-based Cryptography, In proceedings of the Second Australian Information Security Workshop AISW2004, ACS conferences in Research and Practice in Information Technology vol32,pp.69-74,2004.
[27] R.Gangishetti ,M.C.Gorantla, M.L.Das, A Saxena and V.P.Gulati ,An Efficient Secure Key Issuing Protocol in ID-Based Cryptosystems ,In Proceeding of the International Conference on Information Technology ,Coding and Computing (ITCC'05), vol 1, IEEE Computer Society, pp.674-678,2005.