基于无证书公钥体制的代理重签名研究
|
摘要
代理重签名是一类特殊的数字签名,通过一个代理者可以将Alice的签名转换为Bob在同一个消息上的签名。并且代理者在转换过程中不能得到Alice或者Bob的签名密钥。由于代理重签名拥有特殊的转换功能,其在简化证书管理、身份匿名、特殊路径证明和数字版权管理系统等方面有广泛的应用前景。
针对目前代理重签名存在密钥托管及证书管理的复杂度问题。A1-Riyami和Perterson提出的无证书的公钥密码体制,密钥生成中心无法获得任何用户的私钥,从而解决了密钥托管和证书管理复杂度问题,效率比传统的PKI的公钥密码体制高,安全性比基于身份的公钥密码体制强。因此,本文运用双线性对的技术以及Waters提出的标准模型签名的框架,提出了无证书代理重签名方案,并在标准模型下证明了该方案的安全性。在标准模型下该方案在假设NGBDH问题和Many-DH问题中,能抵抗适应性选择消息攻击的存在伪造性。无证书代理重签名方案可以应用于移动设备、无线传感器网络等需要低带宽和低处理能力的环境条件下。
针对代理者在转换签名过程中可以获得签名者消息的缺陷,基于盲签名机制,通过改进本文提出的无证书代理重签名方案,提出了无证书盲代理重签名方案,并在标准模型下证明了方案的安全性。在标准模型下该方案在假设NGBDH问题和Many-DH问题中,能抵抗适应性选择消息攻击的存在伪造性。
Proxy re-signature is a special kind of digital signature,allows a semi-trustedproxy with some informationto transform a delegatee's signature into a delegator'ssignature on the same message. The proxy, however, cannot generate arbitrarysignatures on behalf of either the delegatee or the delegator. Due to thetransformation function,proxy re-signature schemes are very useful and can beapplied in many applications, including simplifying certificate management,providing a proof for a path that has been taken,constructing a Digital RightsManagement (DRM) interoperable system.
Existence of the complexity of the problem of key escrow and certificatemanagement for proxy re-signature,a new type of public key cryptosystem calledCertificateless Public Key Cryptography was introduced by AI-Riyami andPaterson.In Certificateless Public Key Cryptography,the Key Generation Center cannot get access to any user's private key. The Certificateless Public KeyCryptography to solve the complex problem of key escrow and certificatemanagement, more efficient than traditional PKI public key cryptography system,security identity-based public key cryptosystem. The certificateless proxyre-signatures scheme based on standard model is proposed using of bilinear mappingtechnology and standard model framework proposed by Waters,finally,the securityof the scheme is proven.Under the standard model, it proves that it is provablesecure against adaptive chosen message attack under the hardness assumptions ofNGBDH problem and Many-DH problem. Therefore, the certificate public keycryptosystem can be applied to environmental conditions that require low bandwidthand low processing capacity of mobile devices, wireless sensor networks.
Defect of the proxy in the process of conversion signature signer can get themessage, using the proposed certificateless proxy re-signature scheme, weproposed certificateless blind proxy re-signatures extended using the idea of blindsignature, and in the standard model to prove that the scheme security. Under thestandard model,it proves that it is provable secure against adaptive chosen messageattack under the hardness assumptions of NGBDH problem and Many-DH problem.
针对目前代理重签名存在密钥托管及证书管理的复杂度问题。A1-Riyami和Perterson提出的无证书的公钥密码体制,密钥生成中心无法获得任何用户的私钥,从而解决了密钥托管和证书管理复杂度问题,效率比传统的PKI的公钥密码体制高,安全性比基于身份的公钥密码体制强。因此,本文运用双线性对的技术以及Waters提出的标准模型签名的框架,提出了无证书代理重签名方案,并在标准模型下证明了该方案的安全性。在标准模型下该方案在假设NGBDH问题和Many-DH问题中,能抵抗适应性选择消息攻击的存在伪造性。无证书代理重签名方案可以应用于移动设备、无线传感器网络等需要低带宽和低处理能力的环境条件下。
针对代理者在转换签名过程中可以获得签名者消息的缺陷,基于盲签名机制,通过改进本文提出的无证书代理重签名方案,提出了无证书盲代理重签名方案,并在标准模型下证明了方案的安全性。在标准模型下该方案在假设NGBDH问题和Many-DH问题中,能抵抗适应性选择消息攻击的存在伪造性。
Proxy re-signature is a special kind of digital signature,allows a semi-trustedproxy with some informationto transform a delegatee's signature into a delegator'ssignature on the same message. The proxy, however, cannot generate arbitrarysignatures on behalf of either the delegatee or the delegator. Due to thetransformation function,proxy re-signature schemes are very useful and can beapplied in many applications, including simplifying certificate management,providing a proof for a path that has been taken,constructing a Digital RightsManagement (DRM) interoperable system.
Existence of the complexity of the problem of key escrow and certificatemanagement for proxy re-signature,a new type of public key cryptosystem calledCertificateless Public Key Cryptography was introduced by AI-Riyami andPaterson.In Certificateless Public Key Cryptography,the Key Generation Center cannot get access to any user's private key. The Certificateless Public KeyCryptography to solve the complex problem of key escrow and certificatemanagement, more efficient than traditional PKI public key cryptography system,security identity-based public key cryptosystem. The certificateless proxyre-signatures scheme based on standard model is proposed using of bilinear mappingtechnology and standard model framework proposed by Waters,finally,the securityof the scheme is proven.Under the standard model, it proves that it is provablesecure against adaptive chosen message attack under the hardness assumptions ofNGBDH problem and Many-DH problem. Therefore, the certificate public keycryptosystem can be applied to environmental conditions that require low bandwidthand low processing capacity of mobile devices, wireless sensor networks.
Defect of the proxy in the process of conversion signature signer can get themessage, using the proposed certificateless proxy re-signature scheme, weproposed certificateless blind proxy re-signatures extended using the idea of blindsignature, and in the standard model to prove that the scheme security. Under thestandard model,it proves that it is provable secure against adaptive chosen messageattack under the hardness assumptions of NGBDH problem and Many-DH problem.
引文
[1] Diffie W, Hellman M. New Directions in Cryptography[J]. IEEE Transactionson Information Theory.1976,22(6):644-654.
[2] Shamir A. Identity-based Cryptosystems and Signature Schemes[C].Proceedings of CRYPTO’84,1985,48-53.
[3] Girault M. Self-Certified Public Keys[C]. Proceedings of Eurocrypt’91,Brighton UK,1991,490-497.
[4] AL-Riyami S, Paterson K. Certificateless Public KeyCryptography[C].Proceedings of ASIACRYPT’03,2003,552-565.
[5] Blaze M,Bleumer G, Strauss M. Divertible Protocols and Atomic ProxyCryptography[C]. Proceedings of EUROCRYPT’98, Berlin, Heidelberg:Springer-Verlag,1998,127144.
[6] Ateniese G,Hohenberger S. Proxy Re-signatures: New definitions,Algorithmsand Applications[C]. Proceedings of ACM Conference on Computer andCommunications Security,New York:ACM,2005,310-319.
[7]冯登国.可证明安全性理论与方法研究[J].软件学报,2005,16(10):1743-1756.
[8] M.Bellare, E Rogaway.Random Oralces Are Practical:A Paradigm forDesigning Efficient Protocols[C]. Proceedings of the1st ACM Conf.onComputer and Communications Security, New York: ACM Press,1993,6267.
[9] M.Bellare,A.Boldyreva, A.Palacio.A Separation between the RandomOracle Model and the Standard Model for a Hybrid EncrpytionProblem[J]. Cryptology ePrint Archive2003.
[10] Canetti R, Go1dreich O, Halevi S. The Random Oracle Methodology.Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing.New York,USA:ACM Press,1998,209-218.
[11] J.B.Nielsen.Separating Random Oracle Proofs from Complexity TheoreticProofs:The Noncommitting Encryption Case[C].Proceedings of CRYPTO’02,2002,111-126.
[12] D. Boneh, M. Franklin. Identity-Based Encryption from the WeilPairing.Proceedings of Crypto’01,2001,229-231.
[13] D. Boneh, M. Franklin. Identity-Based Encryption from the WeilPairing[J].SIAM Journal of Cornputing,2003,32(3):586-615.
[14]王继林,伍前红等译.现代密码学理论与实践[M].北京:电子工业出版社,2004.
[15]赵泽茂.数字签名理论[M].北京:科学出版社,2007.
[16] WATERS B. Efficient Identity-based Encryption Without RandomOracles[C].Proceeding of EUROCRYPT’05,Berlin:Springer,2005,114-127.
[17] Paterson KG and Schuldt J. Efficient identity-based signatures secures in thestandard model[C]. Proceeding of ACISP’06,Melbourne,Australia,2006,207-222.
[18] Shao Jun,Chao Zhenfu,Wang Licheng,et al. Proxy Re-signature SchemesWithout Random Oracles[C].Proceedings of the cryptology8th InternationalConfernece on Progress in Cryptology,Berlin:Springer,2008,450-455.
[19] Sherman C, Raphael P. Proxy Re-signatures in the Standard Model[C].Proceedings of the11th International Conference on Information Security,Taibei,2008,260-276.
[20] Benoit L and Damien V. Multi-use Unidirectional Proxy Re-signatures [C].Proceedings of the15th ACM Conferenceon Computer and CommunicationsSecurity,Alexandria,2008,511-520.
[21] Kiate K,Ikkwon Y,Secogan L. Remark on shao et al'.s bidirectional proxyre-signature scheme in indocrypt'07[J].International Journal of NetworkSecurity,2009,9(1):8-11.
[22] Shao J,Feng M,Zhu B,et al.. The Security Model of Unidirectional ProxyRe-Signature with Private Re-Signature Key[C]. Proceedings of the15thAustralasian Conference on Information Security and Privacy, Sydney,Australia,2010,216-232.
[23]洪璇,陈克非等.简单的通用可组合代理重签名方案[J].软件学报,2010,21(8):2079-2088.
[24] Canetti R,Hohenberger S. Chosen-Ciphertext Secure Proxy Re-encryption[C].Proceedings of the ACM CCS2007.ACM Press,2007,185-194.
[25]孙超亮,曹珍富,梁晓辉.门限代理重签名方案[J].计算机工程,2009,35(4):128-130.
[26]邓宇乔,杜明辉,尤再来等.一种基于标准模型的盲代理重签名方案[J].电子与信息学报,2010,32(5):1219-1223.
[27] Yang Xiaodong,Wang Caifen. Threshold Proxy Re-signature Schemes in theStandard Model[J]. Chinese Journal of Electronics,2010,19(2):345-350.
[28]杨小东,王彩芬.高效的在线/离线代理重签名方案[J].电子与信息学报,2011,33(12):2916-2921.
[29]张玉磊,杨小东,王彩芬.基于身份的双向门限代理重签名方案[J].计算机应用,2011,31(01):127-128.
[30]邓宇乔.一种前向安全的代理重签名方案[J].计算机工程,2011,38(02):144-145.
[31]张福泰,孙银霞,张磊等.无证书公钥密码体制研究[J].软件学报2011,22(6):1316-1332.
[32] Huang X,Susilo W,Mu Y,et al.On the security of certificatelesssignature schemes from Asiacrypt2003[C].Proceedings of CANS’05,Berlin:Springer-Verlag,2005,13-25.
[33] Zhang Z,Wong D S,Xu J,et al.Certificateless public-key signature:Security model and efficient construction[C].Proceedings of ACNS’06,Berlin:Springer-Verlag,2006,293-308.
[34] Hu B C,Wong D S,Zhang Z,et al.Certificateless signature:A new securitymodel and an improved generic construction[J].Designs, Codes andCryptography,2007,42(2):109-126.
[35] Au M H,Chen J,Liu J K,et al.Malicious KGC attacks in certificatelesscryptography[C].Proceedings of ASIACCS’07,NewYork:ACM,2007:302-311.
[36] Liu J K,Au M H,Susilo W.Self-generated-certificate public key cryptographyand certificateless signature/encryption scheme in the standard mode[C].Proceedings of the ACM ASIACCS’07,New York:ACM Press,2007,273-283.
[37] Huang Q,Wong D S.Generic certificateless encryption in the standardmodel[C]. Proceedings of IWSEC’07,Berlin:Springer-Verlag,2007,278-292.
[38] Xiong Hu, Qin Zhiguang, Li Fagen.An improved certificateless signaturescheme secure in the standard model[J].Fundamenta Imformaticae,2008,88(1):193-206.
[39]王化群,徐名海,郭显久.几种无证书数字签名方案的安全性分析及改进[J].通信学报,2008,29(5):88-92.
[40]农强,郝艳华,吴顺祥.三类无证书签名方案的缺陷及改进[J].计算机工程,2009,35(16):140-142.
[41]王旭,钱雪忠.一个标准模型下可证明安全的无证书签名方案[J].计算机工程与应用,2008,44(11):129-132.
[42]胡国政,韩兰胜,夏祥胜.对标准模型下无证书签名方案的安全性分析[J].计算机工程与应用,2011,47(11):11-14.
[43] Chaum D, Blind signatures for untraceable payments[C], Proceedings ofCRYPTO’82, Heidelberg: Springer-Verlag,1983,199-203.
[2] Shamir A. Identity-based Cryptosystems and Signature Schemes[C].Proceedings of CRYPTO’84,1985,48-53.
[3] Girault M. Self-Certified Public Keys[C]. Proceedings of Eurocrypt’91,Brighton UK,1991,490-497.
[4] AL-Riyami S, Paterson K. Certificateless Public KeyCryptography[C].Proceedings of ASIACRYPT’03,2003,552-565.
[5] Blaze M,Bleumer G, Strauss M. Divertible Protocols and Atomic ProxyCryptography[C]. Proceedings of EUROCRYPT’98, Berlin, Heidelberg:Springer-Verlag,1998,127144.
[6] Ateniese G,Hohenberger S. Proxy Re-signatures: New definitions,Algorithmsand Applications[C]. Proceedings of ACM Conference on Computer andCommunications Security,New York:ACM,2005,310-319.
[7]冯登国.可证明安全性理论与方法研究[J].软件学报,2005,16(10):1743-1756.
[8] M.Bellare, E Rogaway.Random Oralces Are Practical:A Paradigm forDesigning Efficient Protocols[C]. Proceedings of the1st ACM Conf.onComputer and Communications Security, New York: ACM Press,1993,6267.
[9] M.Bellare,A.Boldyreva, A.Palacio.A Separation between the RandomOracle Model and the Standard Model for a Hybrid EncrpytionProblem[J]. Cryptology ePrint Archive2003.
[10] Canetti R, Go1dreich O, Halevi S. The Random Oracle Methodology.Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing.New York,USA:ACM Press,1998,209-218.
[11] J.B.Nielsen.Separating Random Oracle Proofs from Complexity TheoreticProofs:The Noncommitting Encryption Case[C].Proceedings of CRYPTO’02,2002,111-126.
[12] D. Boneh, M. Franklin. Identity-Based Encryption from the WeilPairing.Proceedings of Crypto’01,2001,229-231.
[13] D. Boneh, M. Franklin. Identity-Based Encryption from the WeilPairing[J].SIAM Journal of Cornputing,2003,32(3):586-615.
[14]王继林,伍前红等译.现代密码学理论与实践[M].北京:电子工业出版社,2004.
[15]赵泽茂.数字签名理论[M].北京:科学出版社,2007.
[16] WATERS B. Efficient Identity-based Encryption Without RandomOracles[C].Proceeding of EUROCRYPT’05,Berlin:Springer,2005,114-127.
[17] Paterson KG and Schuldt J. Efficient identity-based signatures secures in thestandard model[C]. Proceeding of ACISP’06,Melbourne,Australia,2006,207-222.
[18] Shao Jun,Chao Zhenfu,Wang Licheng,et al. Proxy Re-signature SchemesWithout Random Oracles[C].Proceedings of the cryptology8th InternationalConfernece on Progress in Cryptology,Berlin:Springer,2008,450-455.
[19] Sherman C, Raphael P. Proxy Re-signatures in the Standard Model[C].Proceedings of the11th International Conference on Information Security,Taibei,2008,260-276.
[20] Benoit L and Damien V. Multi-use Unidirectional Proxy Re-signatures [C].Proceedings of the15th ACM Conferenceon Computer and CommunicationsSecurity,Alexandria,2008,511-520.
[21] Kiate K,Ikkwon Y,Secogan L. Remark on shao et al'.s bidirectional proxyre-signature scheme in indocrypt'07[J].International Journal of NetworkSecurity,2009,9(1):8-11.
[22] Shao J,Feng M,Zhu B,et al.. The Security Model of Unidirectional ProxyRe-Signature with Private Re-Signature Key[C]. Proceedings of the15thAustralasian Conference on Information Security and Privacy, Sydney,Australia,2010,216-232.
[23]洪璇,陈克非等.简单的通用可组合代理重签名方案[J].软件学报,2010,21(8):2079-2088.
[24] Canetti R,Hohenberger S. Chosen-Ciphertext Secure Proxy Re-encryption[C].Proceedings of the ACM CCS2007.ACM Press,2007,185-194.
[25]孙超亮,曹珍富,梁晓辉.门限代理重签名方案[J].计算机工程,2009,35(4):128-130.
[26]邓宇乔,杜明辉,尤再来等.一种基于标准模型的盲代理重签名方案[J].电子与信息学报,2010,32(5):1219-1223.
[27] Yang Xiaodong,Wang Caifen. Threshold Proxy Re-signature Schemes in theStandard Model[J]. Chinese Journal of Electronics,2010,19(2):345-350.
[28]杨小东,王彩芬.高效的在线/离线代理重签名方案[J].电子与信息学报,2011,33(12):2916-2921.
[29]张玉磊,杨小东,王彩芬.基于身份的双向门限代理重签名方案[J].计算机应用,2011,31(01):127-128.
[30]邓宇乔.一种前向安全的代理重签名方案[J].计算机工程,2011,38(02):144-145.
[31]张福泰,孙银霞,张磊等.无证书公钥密码体制研究[J].软件学报2011,22(6):1316-1332.
[32] Huang X,Susilo W,Mu Y,et al.On the security of certificatelesssignature schemes from Asiacrypt2003[C].Proceedings of CANS’05,Berlin:Springer-Verlag,2005,13-25.
[33] Zhang Z,Wong D S,Xu J,et al.Certificateless public-key signature:Security model and efficient construction[C].Proceedings of ACNS’06,Berlin:Springer-Verlag,2006,293-308.
[34] Hu B C,Wong D S,Zhang Z,et al.Certificateless signature:A new securitymodel and an improved generic construction[J].Designs, Codes andCryptography,2007,42(2):109-126.
[35] Au M H,Chen J,Liu J K,et al.Malicious KGC attacks in certificatelesscryptography[C].Proceedings of ASIACCS’07,NewYork:ACM,2007:302-311.
[36] Liu J K,Au M H,Susilo W.Self-generated-certificate public key cryptographyand certificateless signature/encryption scheme in the standard mode[C].Proceedings of the ACM ASIACCS’07,New York:ACM Press,2007,273-283.
[37] Huang Q,Wong D S.Generic certificateless encryption in the standardmodel[C]. Proceedings of IWSEC’07,Berlin:Springer-Verlag,2007,278-292.
[38] Xiong Hu, Qin Zhiguang, Li Fagen.An improved certificateless signaturescheme secure in the standard model[J].Fundamenta Imformaticae,2008,88(1):193-206.
[39]王化群,徐名海,郭显久.几种无证书数字签名方案的安全性分析及改进[J].通信学报,2008,29(5):88-92.
[40]农强,郝艳华,吴顺祥.三类无证书签名方案的缺陷及改进[J].计算机工程,2009,35(16):140-142.
[41]王旭,钱雪忠.一个标准模型下可证明安全的无证书签名方案[J].计算机工程与应用,2008,44(11):129-132.
[42]胡国政,韩兰胜,夏祥胜.对标准模型下无证书签名方案的安全性分析[J].计算机工程与应用,2011,47(11):11-14.
[43] Chaum D, Blind signatures for untraceable payments[C], Proceedings ofCRYPTO’82, Heidelberg: Springer-Verlag,1983,199-203.