基于椭圆曲线的无中心匿名双向认证系统设计及实现
|
摘要
信息技术的进一步飞速发展,对信息安全的各项领域提出了更高的要求。计算机硬件、并行计算等方面的发展,使得传统的RSA密码体制受到越来越多的威胁,人们逐渐转向优点众多的椭圆曲线密码体制。同时针对日益复杂的环境变化,人们迫切需要提高对隐私、匿名性等方面的保护。传统单一的有中心秘密保管体制,也逐步转变为分布式、无中心的门限秘密共享体制,以更好的适应高安全、高抗毁力、分散权限等需求。
本文在研究椭圆曲线、无中心门限方案的基础上,提出并构建了一套完整的匿名双向认证系统,实现了其中的关键算法。论文主要研究工作和创新成果如下:
1.在研究现有椭圆曲线无中心门限方案的基础上,设计了匿名双向认证系统的完全无中心初始化门限方案。方案基于椭圆曲线,结合拉各朗日插值算法,采用了完全无中心的门限模式。方案包括系统的初始化、门限签名、签名验证三部分,具有密钥短、运算快、不需可信中心、安全性高等优点。同时提出了无可信中心环境下动态改变门限值和增删成员的方法。此方法不需重新初始化和更换系统原有的秘密,实施起来具有很高的效率和安全性。
2.设计了基于椭圆曲线的匿名双向认证方案,并证明了其正确性,分析了安全性和有效性。方案可以很好的抵抗重放、中间人等各种攻击,且认证不需分布式认证中心参与,实现了匿名性。
3.设计了系统节点之间的加密通信方案,保证了通信的安全性、消息完整性、保密性、时效性和不可抵赖性,采用改进的签名方程,避免了求逆运算,提高了执行效率。
4.实现了匿名双向认证原型系统,并给出了一个具体的应用实例,取得了预期的效果。实验结果验证了方案的可行性、安全性和高效性。
With the information technology closer rapid development, it places higher demand on information security. Computer hardware and parallel computing make more threat to the traditional RSA cryptosystem. As the environment becoming more complicated, we imminently need better protection of privacy and anonymity. The traditional single authentication center no longer meets the requirement. Various schemes based on the elliptic curves, threshold schemes, without trusted party schemes and so on, provide more reliable, more effective means for the protection of information security.
By researching on the elliptic curves and threshold without trusted party, an anonymity mutual authentication system without a trusted party is proposed and designed, the kernel algorithm are proposed and its security proof is given. The main contributes of this dissertation are as follows:
First, propose a (t,n) threshold scheme without a trusted center, and give a dynamic scheme on changing value of threshold. The threshold scheme is based on elliptic curves, has higher security. When changing the value of threshold dynamically, there is no need to re-initialization, and the share secret can be used repeatedly though threshold value changed. This significantly enhances the utilization rate of the secret shares, and makes the scheme more flexibility, efficiently.
Second, propose an anonymity mutual authentication scheme, and give its security proof, analyze its validity and advantages. The scheme can withstand replay attack, man-in-the-middle attack and so on, has properties such as anonymous and authentication without any third party.
Then, propose an encrypted communication scheme between system users, ensure the security of communications, information integrity, confidentiality, timeliness and non-repudiation. By applying a modified elliptic curve signature equation, avoid calculating the inverse elements in the finite field, get a more efficient implementation.
Finally, implement the prototype system. The test results show that our scheme which has feasibility, and is more secure and efficient.
本文在研究椭圆曲线、无中心门限方案的基础上,提出并构建了一套完整的匿名双向认证系统,实现了其中的关键算法。论文主要研究工作和创新成果如下:
1.在研究现有椭圆曲线无中心门限方案的基础上,设计了匿名双向认证系统的完全无中心初始化门限方案。方案基于椭圆曲线,结合拉各朗日插值算法,采用了完全无中心的门限模式。方案包括系统的初始化、门限签名、签名验证三部分,具有密钥短、运算快、不需可信中心、安全性高等优点。同时提出了无可信中心环境下动态改变门限值和增删成员的方法。此方法不需重新初始化和更换系统原有的秘密,实施起来具有很高的效率和安全性。
2.设计了基于椭圆曲线的匿名双向认证方案,并证明了其正确性,分析了安全性和有效性。方案可以很好的抵抗重放、中间人等各种攻击,且认证不需分布式认证中心参与,实现了匿名性。
3.设计了系统节点之间的加密通信方案,保证了通信的安全性、消息完整性、保密性、时效性和不可抵赖性,采用改进的签名方程,避免了求逆运算,提高了执行效率。
4.实现了匿名双向认证原型系统,并给出了一个具体的应用实例,取得了预期的效果。实验结果验证了方案的可行性、安全性和高效性。
With the information technology closer rapid development, it places higher demand on information security. Computer hardware and parallel computing make more threat to the traditional RSA cryptosystem. As the environment becoming more complicated, we imminently need better protection of privacy and anonymity. The traditional single authentication center no longer meets the requirement. Various schemes based on the elliptic curves, threshold schemes, without trusted party schemes and so on, provide more reliable, more effective means for the protection of information security.
By researching on the elliptic curves and threshold without trusted party, an anonymity mutual authentication system without a trusted party is proposed and designed, the kernel algorithm are proposed and its security proof is given. The main contributes of this dissertation are as follows:
First, propose a (t,n) threshold scheme without a trusted center, and give a dynamic scheme on changing value of threshold. The threshold scheme is based on elliptic curves, has higher security. When changing the value of threshold dynamically, there is no need to re-initialization, and the share secret can be used repeatedly though threshold value changed. This significantly enhances the utilization rate of the secret shares, and makes the scheme more flexibility, efficiently.
Second, propose an anonymity mutual authentication scheme, and give its security proof, analyze its validity and advantages. The scheme can withstand replay attack, man-in-the-middle attack and so on, has properties such as anonymous and authentication without any third party.
Then, propose an encrypted communication scheme between system users, ensure the security of communications, information integrity, confidentiality, timeliness and non-repudiation. By applying a modified elliptic curve signature equation, avoid calculating the inverse elements in the finite field, get a more efficient implementation.
Finally, implement the prototype system. The test results show that our scheme which has feasibility, and is more secure and efficient.
引文
[1]杨义先,钮心忻.应用密码学[M].北京:北京邮电大学出版社,2005
[2]Diffie W,Hellman M.New directions in cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654
[3]R.L.Rivest,A Shamir,L.M.Adleman.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of ACM,1978,21(2):120-126
[4]ElGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms[J].Advances in cryptology:Proceedings of CRYPTO' 84,1985:10-18
[5]N.Koblitz.Elliptic curve cryptosystems[J].Mathematics of Computation,1987,48(17):203-209
[6]V.Miller.Uses of elliptic curves in cryptography[J].Advances in cryptology:Proceedings of CRYPTO' 85,1986(218):417-426
[7]G.R.Blakley.Safeguarding Cryptographic Keys[J].National Computer Conference,1979:313-317
[8]A.Shamir.How to Share a Secret[J].Communications of the ACM,1979,22(11):612-613
[9]Kamin E.D,Green J.W,Hellman M.E.On sharing secret systems[J].IEEE Transactions on Information Theory,1983(29):35-41
[10]Benaloh.j,Leichter.J.Generalized secret sharing and monotone functions[J].Advances in Cryptology-CRYPTO' 88,1990:27-35
[11]Y.Frankel,Y.Desmedt,M.Burmester.Non-existence of Homomorphic General Sharing Schemes for Some Key Spaces[J].Advances in Cryptology CRYPTO' 92,1983:549-556
[12]C.Asmuth,J.Bloom.A Modular Approach to Key Safeguarding[J].IEEE Transactions on Information Theory,1983(29):208-210
[13]E.D.Kamin,J.W.Greene,M.E.Hellman.On Secret Sharing Systems[J].IEEE on IT,1983,29(1):231-241
[14]E.E.Brickell,D.M.Davenprot.On the Classification of Ideal Secret Sharing Scheme[J].J.Cryptology,1991,4(2):123-134
[15]曹珍富.关于密钥分享的2次密钥方案.密码学进展-China Crypt'92[M].北京:科学出版社,1992:267-274
[16]P.Feldman.A practical scheme for non-interactive verifiable secret sharing[J].In Proc.28th IEEE Symposium on Foundations of Computer Science(FOCS' 87),IEEE Computer Society,1987:427-437
[17]T.P.Pedersen.Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem[J].PhD Thesis,Aarhus University,Computer Science Department,1992
[18]T.P.Pedersen.Non-interactive and information-theoretic secure verifiable secret sharing[J].In Advances in Cryptology-CRYPTO' 91,Springer Verlag,1991:129-140
[19]Blundo,A.Santis,G.Crescenzo.Multi-Secret Sharing Schemes With Multiple Secrets[J].J.Cryptology,1996(9):233-250
[20]A.Herzberg,S.Jarecki,H.Krawczyk,et al.Proactive secret sharing or:How to cope with perpetual leakage[J].Proe.CRYPTO' 95,Spring Verlag,1995:339-352
[21]HAN Yi-liang,YANG Xiao-yuan,SUN.tun,et al.Verifiable threshold cryptosystems based on elliptic curve[J].Proceedings of the 2003 International Conference on Computer Network and Mobile Computing(ICCNMC' 03),2003(10):334-337
[22]戴元军,杨成.基于椭圆曲线密码体制的(t,n)门限签密方案[J].计算机应用研究,2004(9):142-146
[23]王斌,李建华.无可信中心的(t,n)门限签名方案[J].计算机学报,2003,26(11):1581-1584
[24]张国艳,郑世慧.有效的门限签名算法[J].计算机工程与应用,2007,43(8):15-17
[25]Wang G L,Qing S H.Weaknesses of some threshold group signature schemes[J].Journal of Software,2001,11(10):1326-1332
[26]苑卫国.网络身份认证技术研究与VIKEY身份认证系统的实现[D].西北工业大学,2003:19-21
[27]王继林,伍前红,陈德人,等.匿名技术的研究进展[J].通信学报,2005,26(2):112-118
[28]吴振强.匿名技术的抗攻击性研究[J].陕西师范大学学报(自然科学版),2004,32(1):29-32
[29]邓方民,许春香,张娟.基于ECC的移动通信认证和密钥协商协议[J].计算机应用与软件,2006,23(3):125-126,130
[30]邱慧敏,杨义先,胡正名.一种基于椭圆曲线密码机制的用户认证方案设计[J].计算机工程与应用,2005(3):28-30
[31]张龙军,赵霖,沈钧板.一种基于椭圆曲线密码体制的用户认证方案[J].计算机工程,2001,27(2):7-8,49
[32]穆海冰,张长伦,刘云.移动AdHco网络分布式CA技术研究[J].武汉理工大学学 报,2007,29(4):140-143
[33]章洋,范植翠.移动自组网络中相邻节点问通信的匿名安全[J].第20次全国计算机安全学术交流会,2005(9):75-76
[34]李红,苏水广.密码学的发展研究[J].网络安全技术与应用,2007,4:84-85
[35]Darrel Hankerson,Alfred Menezes,Scott Vanstone.Guide to Elliptic Curve Cryptography[M].New York:Springer-Verlag,2004
[36]祝跃飞,张亚娟.椭圆曲线公钥密码引论[M].北京:科学出版社,2006
[37]Menezes A J,Okamoto T,Vanstone S A.Reducing elliptic curve logarithms to logarithms in a finite field[J].IEEE Transactions on Information Theory,1993,39(5):1639-1646
[38]D.Samfat,R.Molva,N.Asokan.Untraceability in mobile networks[C].Proceedings of the first Annual International Conference on Mobile Computing and Networking,1995,26-36
[39]M.Mitzenmacher.Compressed Bloom Filters[J].IEEE/ACM Transactions on Networking,2002,10(5):604-612
[40]肖明忠,代亚非.Bloom Filter及其应用综述[J].计算机科学,2004,31(4):180-183
[41]刘军龙,王彩芬.基于身份的可截取门限签名方案[J].计算机应用,2006,26(8):1817-1820
[42]苗建,松丁炜.移动自组网椭圆曲线门限签名加密算法安全性分析[J].微电子学与计算机,2006,23(11):96-98
[43]王小英.基于椭圆曲线密码的分布式密钥生成协议与应用[D].西华大学硕士学位论文,2005
[44]彭庆军.基于椭圆曲线的门限数字签名研究[D].华中科技大学.2006
[45]卢明欣,傅晓彤,张宁,肖国镇.无可信中心的秘密共享-多重签名方案[J].华南理工大学学报(自然科学版),2007,35(1):99-101,105
[46]张秋余,张俊敏,余冬梅.一种不需要分配中心的门限签名方案[J].计算机工程与应用,2007,43(16):130-134
[47]樊睿,王彩芬.改进的基于身份无可信中心的代理签名[J].西北师范大学学报(自然科学版),2008,44(2):40-43,56
[48]侯整风,赵香.一种无可信中心的(t,n)门限签名方案[J].计算机技术与应用进展,2007:1572-1575
[49]沈忠华,于秀源.一个无可信中心的有向门限签名方案[J].杭州师范学院学报(自然科学版),2006,5(2):97-98
[50]刘洋宇,侯整风,基于椭圆曲线的门限身份认证方案[J].计算机工程与设计,2005, 26(10):2858-2859
[51]王化群,张力军,赵君喜.基于椭圆曲线的无可信中心(t,n)门限群签名[J].信号处理,2006,22(2):189-192
[52]徐丽娟,徐秋亮,郑志华.基于身份无可信中心的数字签名方案[J].计算机工程与设计,2007,28(23):5607-5609
[53]刘锋,何业锋,程学翰.动态的(t,n)门限多秘密分享方案[J].计算机应用研究,2008,25(1):241-242,245
[54]蓝才会.动态(1,t,n)门限群签名方案[J].计算机技术与发展,2008,18(1):175-177,180
[55]于佳,李国文,郝荣,等.一个实用的门限方案成员加入协议[J].北京邮电大学学报,2006,29(Sup):1-3
[56]米军利,张建.一种改进的动态门限签名方案[J].计算机工程,2007,33(7):158-159,171
[57]杨君辉,戴宗铎,杨栋毅,等.一种椭圆曲线签名方案与基于身份的签名协议[J].软件学报,2000,11(10):1303-1306
[58]M.Brown,D.Hankerson,J.Lopez,et al.Software Implementation of the NIST Elliptic Curves Over Prime Fields[EB/OL].http://www.eng.auburn.edu/users/hamilton/security/pubs/Software_Implementation of the NIST_Ellipfic.pdf
[59]邹惠,王建东,赵洋.一种独立定期更新的(t,n)门限秘密共享方案[J].科学技术与工程,2006,6(13):1929-1931
[2]Diffie W,Hellman M.New directions in cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654
[3]R.L.Rivest,A Shamir,L.M.Adleman.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of ACM,1978,21(2):120-126
[4]ElGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms[J].Advances in cryptology:Proceedings of CRYPTO' 84,1985:10-18
[5]N.Koblitz.Elliptic curve cryptosystems[J].Mathematics of Computation,1987,48(17):203-209
[6]V.Miller.Uses of elliptic curves in cryptography[J].Advances in cryptology:Proceedings of CRYPTO' 85,1986(218):417-426
[7]G.R.Blakley.Safeguarding Cryptographic Keys[J].National Computer Conference,1979:313-317
[8]A.Shamir.How to Share a Secret[J].Communications of the ACM,1979,22(11):612-613
[9]Kamin E.D,Green J.W,Hellman M.E.On sharing secret systems[J].IEEE Transactions on Information Theory,1983(29):35-41
[10]Benaloh.j,Leichter.J.Generalized secret sharing and monotone functions[J].Advances in Cryptology-CRYPTO' 88,1990:27-35
[11]Y.Frankel,Y.Desmedt,M.Burmester.Non-existence of Homomorphic General Sharing Schemes for Some Key Spaces[J].Advances in Cryptology CRYPTO' 92,1983:549-556
[12]C.Asmuth,J.Bloom.A Modular Approach to Key Safeguarding[J].IEEE Transactions on Information Theory,1983(29):208-210
[13]E.D.Kamin,J.W.Greene,M.E.Hellman.On Secret Sharing Systems[J].IEEE on IT,1983,29(1):231-241
[14]E.E.Brickell,D.M.Davenprot.On the Classification of Ideal Secret Sharing Scheme[J].J.Cryptology,1991,4(2):123-134
[15]曹珍富.关于密钥分享的2次密钥方案.密码学进展-China Crypt'92[M].北京:科学出版社,1992:267-274
[16]P.Feldman.A practical scheme for non-interactive verifiable secret sharing[J].In Proc.28th IEEE Symposium on Foundations of Computer Science(FOCS' 87),IEEE Computer Society,1987:427-437
[17]T.P.Pedersen.Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem[J].PhD Thesis,Aarhus University,Computer Science Department,1992
[18]T.P.Pedersen.Non-interactive and information-theoretic secure verifiable secret sharing[J].In Advances in Cryptology-CRYPTO' 91,Springer Verlag,1991:129-140
[19]Blundo,A.Santis,G.Crescenzo.Multi-Secret Sharing Schemes With Multiple Secrets[J].J.Cryptology,1996(9):233-250
[20]A.Herzberg,S.Jarecki,H.Krawczyk,et al.Proactive secret sharing or:How to cope with perpetual leakage[J].Proe.CRYPTO' 95,Spring Verlag,1995:339-352
[21]HAN Yi-liang,YANG Xiao-yuan,SUN.tun,et al.Verifiable threshold cryptosystems based on elliptic curve[J].Proceedings of the 2003 International Conference on Computer Network and Mobile Computing(ICCNMC' 03),2003(10):334-337
[22]戴元军,杨成.基于椭圆曲线密码体制的(t,n)门限签密方案[J].计算机应用研究,2004(9):142-146
[23]王斌,李建华.无可信中心的(t,n)门限签名方案[J].计算机学报,2003,26(11):1581-1584
[24]张国艳,郑世慧.有效的门限签名算法[J].计算机工程与应用,2007,43(8):15-17
[25]Wang G L,Qing S H.Weaknesses of some threshold group signature schemes[J].Journal of Software,2001,11(10):1326-1332
[26]苑卫国.网络身份认证技术研究与VIKEY身份认证系统的实现[D].西北工业大学,2003:19-21
[27]王继林,伍前红,陈德人,等.匿名技术的研究进展[J].通信学报,2005,26(2):112-118
[28]吴振强.匿名技术的抗攻击性研究[J].陕西师范大学学报(自然科学版),2004,32(1):29-32
[29]邓方民,许春香,张娟.基于ECC的移动通信认证和密钥协商协议[J].计算机应用与软件,2006,23(3):125-126,130
[30]邱慧敏,杨义先,胡正名.一种基于椭圆曲线密码机制的用户认证方案设计[J].计算机工程与应用,2005(3):28-30
[31]张龙军,赵霖,沈钧板.一种基于椭圆曲线密码体制的用户认证方案[J].计算机工程,2001,27(2):7-8,49
[32]穆海冰,张长伦,刘云.移动AdHco网络分布式CA技术研究[J].武汉理工大学学 报,2007,29(4):140-143
[33]章洋,范植翠.移动自组网络中相邻节点问通信的匿名安全[J].第20次全国计算机安全学术交流会,2005(9):75-76
[34]李红,苏水广.密码学的发展研究[J].网络安全技术与应用,2007,4:84-85
[35]Darrel Hankerson,Alfred Menezes,Scott Vanstone.Guide to Elliptic Curve Cryptography[M].New York:Springer-Verlag,2004
[36]祝跃飞,张亚娟.椭圆曲线公钥密码引论[M].北京:科学出版社,2006
[37]Menezes A J,Okamoto T,Vanstone S A.Reducing elliptic curve logarithms to logarithms in a finite field[J].IEEE Transactions on Information Theory,1993,39(5):1639-1646
[38]D.Samfat,R.Molva,N.Asokan.Untraceability in mobile networks[C].Proceedings of the first Annual International Conference on Mobile Computing and Networking,1995,26-36
[39]M.Mitzenmacher.Compressed Bloom Filters[J].IEEE/ACM Transactions on Networking,2002,10(5):604-612
[40]肖明忠,代亚非.Bloom Filter及其应用综述[J].计算机科学,2004,31(4):180-183
[41]刘军龙,王彩芬.基于身份的可截取门限签名方案[J].计算机应用,2006,26(8):1817-1820
[42]苗建,松丁炜.移动自组网椭圆曲线门限签名加密算法安全性分析[J].微电子学与计算机,2006,23(11):96-98
[43]王小英.基于椭圆曲线密码的分布式密钥生成协议与应用[D].西华大学硕士学位论文,2005
[44]彭庆军.基于椭圆曲线的门限数字签名研究[D].华中科技大学.2006
[45]卢明欣,傅晓彤,张宁,肖国镇.无可信中心的秘密共享-多重签名方案[J].华南理工大学学报(自然科学版),2007,35(1):99-101,105
[46]张秋余,张俊敏,余冬梅.一种不需要分配中心的门限签名方案[J].计算机工程与应用,2007,43(16):130-134
[47]樊睿,王彩芬.改进的基于身份无可信中心的代理签名[J].西北师范大学学报(自然科学版),2008,44(2):40-43,56
[48]侯整风,赵香.一种无可信中心的(t,n)门限签名方案[J].计算机技术与应用进展,2007:1572-1575
[49]沈忠华,于秀源.一个无可信中心的有向门限签名方案[J].杭州师范学院学报(自然科学版),2006,5(2):97-98
[50]刘洋宇,侯整风,基于椭圆曲线的门限身份认证方案[J].计算机工程与设计,2005, 26(10):2858-2859
[51]王化群,张力军,赵君喜.基于椭圆曲线的无可信中心(t,n)门限群签名[J].信号处理,2006,22(2):189-192
[52]徐丽娟,徐秋亮,郑志华.基于身份无可信中心的数字签名方案[J].计算机工程与设计,2007,28(23):5607-5609
[53]刘锋,何业锋,程学翰.动态的(t,n)门限多秘密分享方案[J].计算机应用研究,2008,25(1):241-242,245
[54]蓝才会.动态(1,t,n)门限群签名方案[J].计算机技术与发展,2008,18(1):175-177,180
[55]于佳,李国文,郝荣,等.一个实用的门限方案成员加入协议[J].北京邮电大学学报,2006,29(Sup):1-3
[56]米军利,张建.一种改进的动态门限签名方案[J].计算机工程,2007,33(7):158-159,171
[57]杨君辉,戴宗铎,杨栋毅,等.一种椭圆曲线签名方案与基于身份的签名协议[J].软件学报,2000,11(10):1303-1306
[58]M.Brown,D.Hankerson,J.Lopez,et al.Software Implementation of the NIST Elliptic Curves Over Prime Fields[EB/OL].http://www.eng.auburn.edu/users/hamilton/security/pubs/Software_Implementation of the NIST_Ellipfic.pdf
[59]邹惠,王建东,赵洋.一种独立定期更新的(t,n)门限秘密共享方案[J].科学技术与工程,2006,6(13):1929-1931