匿名代理签名的研究
|
摘要
随着网络发展和信息系统的广泛使用,电子政务、电子商务甚至日常生活都要求对数字文件进行各种处理。数字签名作为手写签名在数字文件中的合法对应物必将被广泛应用。1996年Mambo,Usudu和Okamoto首先提出并系统阐述了代理签名的概念,在原始签名人与代理签名人具有法律效力的协议之下,代理签名人可代替原始签名人对文件进行签署。代理签名作为一种特殊的数字签名,在电子商务、电子选举、移动代理等方面有着重要应用,但是存在代理者身份保护、签名内容保密等匿名性问题,国内外学者围绕代理签名的匿名性问题展开了广泛研究。
通过分析现有匿名代理签名方案的不足和漏洞,给出了三个改进方案。改进方案克服了原有方案中的缺陷,具有更高的安全性。另外,结合椭圆曲线密钥短、安全强度高的特性,给出了一个基于椭圆曲线密码的匿名代理签名方案,该方案较之基于离散对数问题的签名方案具有更高的安全性。
需可信第三方的匿名代理签名方案和无可信第三方的匿名代理签名方案都是基于代理者身份保护的匿名代理签名方案,并都存在一定的不足或漏洞,比如原始签名者的伪造攻击、公钥替换攻击等。针对无可信第三方的匿名代理签名方案的不足,给出了一种安全性更高的改进方案,该方案能克服上述攻击漏洞,满足基于代理者身份保护的匿名代理签名的安全性要求。
签名内容保密的匿名代理签名方案存在指定接收者的伪造攻击和代理者的权限滥用缺陷,给出的两个改进匿名代理签名方案能克服上述攻击漏洞,并证明了满足基于签名内容保密的匿名代理签名的安全性要求。
With the development of networks and the wide application of information system, there are increasing demands on processing various digital documents in systems of E-Government and E-Commerce. Being a legal replacement for handwritten signatures, digital signature is sure to be more extensively used in the coming years. In 1996, Mambo, Usudu and Okamoto firstly proposed and systematically expounded the concept of proxy signature. If the original signer and the proxy signer have the protocal with the law efficacity, the proxy signer may substitute the original signer to sign the file. As a special digital signature, proxy signature has many important applications in E-commerce, E-elections and mobile agents etc. But there exist some anonymous problems, such as the protection of proxy signer’s privacy and the confidentiality of content and so on, which arouse extensive research.
After analyzing the flaws and loopholes in the existing proxy signature schemes, we propose three improved schemes, which have higher security and overcome the existing shortcomings in the original schemes. In addition, we propose a anonymous proxy signature based on the elliptic curve crypotosystem, which has the characters of high security and less length of key. Compared with the schemes based on the discrete logarithm problem, the scheme has higher security.
The anonymous proxy signature scheme with a credible third party and the anonymous proxy signature scheme without a credible third party are both the anonymous proxy signature schemes based on the protection of proxy signer’s privacy and both have certain shortcomings and loopholes, such as original signer’s forgery attacks and original signer’s public key substitution attacks and so on. Against the defects of the anonymous proxy signature scheme without a credible third party, we present an improved scheme with higher security, which eliminates the above attacks and satisfies the safety requirements of the anonymous proxy signature based on the protection of proxy signer’s privacy.
The anonymous proxy signature scheme based on the confidentiality of content possesses the defects of designated recipient’s forgery attacks and abuse of authority by the proxy signer. The two improved anonymous proxy schemes can overcome the above flaws and satisfy the safety requirements of the anonymous proxy signature based on the confidentiality of content.
通过分析现有匿名代理签名方案的不足和漏洞,给出了三个改进方案。改进方案克服了原有方案中的缺陷,具有更高的安全性。另外,结合椭圆曲线密钥短、安全强度高的特性,给出了一个基于椭圆曲线密码的匿名代理签名方案,该方案较之基于离散对数问题的签名方案具有更高的安全性。
需可信第三方的匿名代理签名方案和无可信第三方的匿名代理签名方案都是基于代理者身份保护的匿名代理签名方案,并都存在一定的不足或漏洞,比如原始签名者的伪造攻击、公钥替换攻击等。针对无可信第三方的匿名代理签名方案的不足,给出了一种安全性更高的改进方案,该方案能克服上述攻击漏洞,满足基于代理者身份保护的匿名代理签名的安全性要求。
签名内容保密的匿名代理签名方案存在指定接收者的伪造攻击和代理者的权限滥用缺陷,给出的两个改进匿名代理签名方案能克服上述攻击漏洞,并证明了满足基于签名内容保密的匿名代理签名的安全性要求。
With the development of networks and the wide application of information system, there are increasing demands on processing various digital documents in systems of E-Government and E-Commerce. Being a legal replacement for handwritten signatures, digital signature is sure to be more extensively used in the coming years. In 1996, Mambo, Usudu and Okamoto firstly proposed and systematically expounded the concept of proxy signature. If the original signer and the proxy signer have the protocal with the law efficacity, the proxy signer may substitute the original signer to sign the file. As a special digital signature, proxy signature has many important applications in E-commerce, E-elections and mobile agents etc. But there exist some anonymous problems, such as the protection of proxy signer’s privacy and the confidentiality of content and so on, which arouse extensive research.
After analyzing the flaws and loopholes in the existing proxy signature schemes, we propose three improved schemes, which have higher security and overcome the existing shortcomings in the original schemes. In addition, we propose a anonymous proxy signature based on the elliptic curve crypotosystem, which has the characters of high security and less length of key. Compared with the schemes based on the discrete logarithm problem, the scheme has higher security.
The anonymous proxy signature scheme with a credible third party and the anonymous proxy signature scheme without a credible third party are both the anonymous proxy signature schemes based on the protection of proxy signer’s privacy and both have certain shortcomings and loopholes, such as original signer’s forgery attacks and original signer’s public key substitution attacks and so on. Against the defects of the anonymous proxy signature scheme without a credible third party, we present an improved scheme with higher security, which eliminates the above attacks and satisfies the safety requirements of the anonymous proxy signature based on the protection of proxy signer’s privacy.
The anonymous proxy signature scheme based on the confidentiality of content possesses the defects of designated recipient’s forgery attacks and abuse of authority by the proxy signer. The two improved anonymous proxy schemes can overcome the above flaws and satisfy the safety requirements of the anonymous proxy signature based on the confidentiality of content.
引文
[1]王育民,刘建伟.通信网的安全一理论与技术.西安:西安电子科技大学出版社, 1999. 29~33
[2] M.Hellman, W.Diffie. New Directions in Cryptography. IEEE Transaction on Information Theory, 1976, 22(6): 644~654
[3] David Pointcheval, Jacques. Stern Security Arguments for Digital Signatures and Bli- nd Signatures. Journal of Cryptology, 2000, 13(3): 361~396
[4] F.Zhang, K.Kim. ID-based Blind Signature and Ring Signature from Pairings. Proceedings of Asiacrypt 2002. Berlin:Spring-Verlag, 2002. 533~547
[5] M.Jakobsson, K.Sako, R.Impagliazzo. Designated Verifier Proofs and Their Applic- ations. Adv in Cryptology-Eurocrypt’96. Berlin:Spring-Verlag, 1996. 143~154
[6] David Chaum, Hans Van Antwerpen. Undeniable signatures. Crypto'89. Berlin:Spri- ng-Verlag, 1990. 212~217
[7] D.Chaum, I.B.Damgard, J.Boyar et al. Convertible undeniable signatures. Crypto'90. Berlin:Spring-Verlag, 1991. 189~205
[8] D.Chaum, H.Antwerpen. Undeniable signatures. Cryptology'89. Berlin:Spring-Verl- ag, 1991. 212~216
[9] Digital signature standard. http://csrc.nist.gov/cryptval/dss.htm, 2004
[10] Soviet Encryption Algorithm. http://www.vipul.net/gost/, 2004
[11] Korean cryptography standards. http://dosan.skku.ac.kr, 2004
[12] P.Allen, S.Black, V.Varadharajan. An analysis of the proxy problem in distributed s- ystems. Proc. IEEE Computer Society Symp. On Research in Security and Privacy, 1991, 8(1): 255~275
[13] E.Okamoto, K.Usuda, M.Mambo. Proxy signature: Delegation of the Power to Sign Messages. EICE Trans.Fundamentals, 1996, 79(9): 1338~1353
[14] E.Okamoto, K.Usuda, M.Mambo. Proxy signatures for delegating signing operation Proc.3rd ACM Conference on Computer and Communications Security. 1996. 48~57
[15] A.S.Tanenbaum, Bakker, M.Steen. A law-abiding peer-to peer network for free- software distribution. IEEE International Symposium on Network Computing and Applications. Cambridge:IEEE, 2001. 60~67
[16] B.Lee, H.Kim, K.Kim. Secure Mobile Agent Using Strong Non-Designated Proxy S- ignature. Proc of ACISP2001. Berlin: Springer-Verlag, 2001. 474~486
[17] B.Lee, H.Kim, J.Baek et al. Secret computation with secrets for mobile agent using one-time proxy signature. In Cryptography and Information Security 2001, 2001, 14(3): 307~312
[18] Guilin Wang. Designated-verifier Proxy Signatures for E-Commerce. 2004. http://e- print.iacr.org12004 /096
[19] K.Shum, V.Wei. A Strong Proxy Signature Scheme with Proxy Signer Privacy Prote- tion. Proc WETICE’02. NewYork:IEEE, 2002. 55~56
[20] K.Zhang. Threshold proxy signature schemes. Information Security Workshop 97. Japan:ACM, 1997. 191~197
[21] E.J.L.Lu, L.C.Lin, M.S.Hwang. A Practical (t, n) Threshold Proxy Signature Schme Based on the RSA Cryptosystem. IEEE Trans. Knowledge and Data Engineering, 2003, 15(6): 1552~1560
[22] Feng Bao, Guilin Wang, Jianying Zhou. Comments on a Threshold Proxy Signature Scheme Based on the RSA Cryptosystem. IEEE Transactions on Knowledge and D- ata Engineering, 2004, 16(10): 1309~1311
[23] Hwang SJ, Shi Chi-Hwai. A Simple Multi-Proxy Signature Scheme. Proceedings of the Tenth National Conference on Information Security. Taiwan:ROC. 2000. 134~138
[24]白国强,肖国镇,伊丽江.代理多重签名:一类新的代理签名方案.电子学报, 2001, 29(4): 569~570
[25] D.Chaum. Blind Signatures for Untraceable Payments. Advances in Crypto’82. New-York: Springer-Verlag, 1982. 199~203
[26]谷利泽,李中献,杨义先.不需要可信任方的匿名代理签名方案.北京邮电大学学报, 2005, 28(1): 48~50
[27] Dong.J.X, Dai.J.Z, Yang.X.H. A privacy-protecting proxy signature scheme and itsapplication. Proceedings of the 42nd annual Southeast regional conference. Alabama:ACM, 2004. 203~206
[28] Adleman.L, Revist.R.L, Shamir.A. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21(2): 120~126
[29] ElGamal.T. A Public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, 31(4): 469~472
[30]洪帆,崔国华,付小青.信息安全概论.武汉:华中科技大学出版社, 2005. 89-91
[31]冯登国.密码工程.北京:清华大学出版社, 2001. 152~155
[32] Koblitz.N. Elliptic curve cryptosystems. Mathematic of Computation, 1987, 48(177): 203 ~209
[33] Miller.V. Use of elliptic curves in cryptography. Proceedings of CRYPTO’85. Berlin:Springer-Verlag, 1985. 410~424
[34]陈晓峰,王育民,张方国.椭圆曲线离散对数的攻击现状.西安电子科技大学学报, 2002, 29(3): 398~401
[35]冯登国,卿斯汉.信息安全—核心理论与实践.北京:国防工业出版社,2000. 65~66
[36]孙伟,杨义先,纽芯忻.现代密码新理论.北京:科学出版社, 2002. 35~36
[37] National Institute of Standards and Technology. Digital Signature Standard. NIST FIPS PUB 186, Washington:Department of Commerce, NITS, 1994. 116~123
[38] Nyberg.K, Rueppel.R.A. Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem. Eurocrypt 94. Berlin:Spring-Verlag, 1994. 182~193
[39]伊丽江.代理签名体制及其应用研究[博士学位论文].西安:西安电子科技大学, 2000.
[40] B.Lee, H.Kim, K.Kim. Strong Proxy Signature and its application. Proc of SCIS 2001, 2001, 11(1): 603~608
[41]曹珍富,李继国,张亦辰.代理签名的现状与进展.通信学报, 2003, 10(01): 148 ~150
[42] C.PSchnorr. Efficient identification and signatures for smart cards. Advances in cryptology-crypto’89, 1990, 1(435): 239~252
[43] H.Petersen, P.Horster. Self-certified keys-concepts and applications. Chapman& Hall,1997, 21(7): 102~116
[44]柯召,孙琦.数论讲义.北京:高等教育出版社, 2001. 75~76
[45] T.ElGamal. A subexponential algrithm for computing discrete logarithms over GF( p 2). IEEE Trans, Information Theory, 1985, 31(5): 473~481
[46]廖大春,卢桂章,辛运炜.单向散列函数的原理、实现和在密码学中的应用.计算机应用研究, 2002, 1(2): 25~27
[47] Bin-Tsan Hsieh, Hung-Min Sun. Cryptanalysis of a strong proxy signature scheme with proxy signer privacy protection. IEEE 2003. NewYork:IEEE, 2003. 474~476
[48]付蓉,柳菊霞,苏靖枫等.匿名代理签名方案的研究与改进.信息安全与通讯保密, 2006, 3(16): 75~77
[49] Camenisch.L.J, Piveteau.M.J, Stadler.A.M. Blind signatures based on the discrete logarithm problem. Advances in Cryptology’92. Berlin:Spring-Verlag,1995. 428~432
[2] M.Hellman, W.Diffie. New Directions in Cryptography. IEEE Transaction on Information Theory, 1976, 22(6): 644~654
[3] David Pointcheval, Jacques. Stern Security Arguments for Digital Signatures and Bli- nd Signatures. Journal of Cryptology, 2000, 13(3): 361~396
[4] F.Zhang, K.Kim. ID-based Blind Signature and Ring Signature from Pairings. Proceedings of Asiacrypt 2002. Berlin:Spring-Verlag, 2002. 533~547
[5] M.Jakobsson, K.Sako, R.Impagliazzo. Designated Verifier Proofs and Their Applic- ations. Adv in Cryptology-Eurocrypt’96. Berlin:Spring-Verlag, 1996. 143~154
[6] David Chaum, Hans Van Antwerpen. Undeniable signatures. Crypto'89. Berlin:Spri- ng-Verlag, 1990. 212~217
[7] D.Chaum, I.B.Damgard, J.Boyar et al. Convertible undeniable signatures. Crypto'90. Berlin:Spring-Verlag, 1991. 189~205
[8] D.Chaum, H.Antwerpen. Undeniable signatures. Cryptology'89. Berlin:Spring-Verl- ag, 1991. 212~216
[9] Digital signature standard. http://csrc.nist.gov/cryptval/dss.htm, 2004
[10] Soviet Encryption Algorithm. http://www.vipul.net/gost/, 2004
[11] Korean cryptography standards. http://dosan.skku.ac.kr, 2004
[12] P.Allen, S.Black, V.Varadharajan. An analysis of the proxy problem in distributed s- ystems. Proc. IEEE Computer Society Symp. On Research in Security and Privacy, 1991, 8(1): 255~275
[13] E.Okamoto, K.Usuda, M.Mambo. Proxy signature: Delegation of the Power to Sign Messages. EICE Trans.Fundamentals, 1996, 79(9): 1338~1353
[14] E.Okamoto, K.Usuda, M.Mambo. Proxy signatures for delegating signing operation Proc.3rd ACM Conference on Computer and Communications Security. 1996. 48~57
[15] A.S.Tanenbaum, Bakker, M.Steen. A law-abiding peer-to peer network for free- software distribution. IEEE International Symposium on Network Computing and Applications. Cambridge:IEEE, 2001. 60~67
[16] B.Lee, H.Kim, K.Kim. Secure Mobile Agent Using Strong Non-Designated Proxy S- ignature. Proc of ACISP2001. Berlin: Springer-Verlag, 2001. 474~486
[17] B.Lee, H.Kim, J.Baek et al. Secret computation with secrets for mobile agent using one-time proxy signature. In Cryptography and Information Security 2001, 2001, 14(3): 307~312
[18] Guilin Wang. Designated-verifier Proxy Signatures for E-Commerce. 2004. http://e- print.iacr.org12004 /096
[19] K.Shum, V.Wei. A Strong Proxy Signature Scheme with Proxy Signer Privacy Prote- tion. Proc WETICE’02. NewYork:IEEE, 2002. 55~56
[20] K.Zhang. Threshold proxy signature schemes. Information Security Workshop 97. Japan:ACM, 1997. 191~197
[21] E.J.L.Lu, L.C.Lin, M.S.Hwang. A Practical (t, n) Threshold Proxy Signature Schme Based on the RSA Cryptosystem. IEEE Trans. Knowledge and Data Engineering, 2003, 15(6): 1552~1560
[22] Feng Bao, Guilin Wang, Jianying Zhou. Comments on a Threshold Proxy Signature Scheme Based on the RSA Cryptosystem. IEEE Transactions on Knowledge and D- ata Engineering, 2004, 16(10): 1309~1311
[23] Hwang SJ, Shi Chi-Hwai. A Simple Multi-Proxy Signature Scheme. Proceedings of the Tenth National Conference on Information Security. Taiwan:ROC. 2000. 134~138
[24]白国强,肖国镇,伊丽江.代理多重签名:一类新的代理签名方案.电子学报, 2001, 29(4): 569~570
[25] D.Chaum. Blind Signatures for Untraceable Payments. Advances in Crypto’82. New-York: Springer-Verlag, 1982. 199~203
[26]谷利泽,李中献,杨义先.不需要可信任方的匿名代理签名方案.北京邮电大学学报, 2005, 28(1): 48~50
[27] Dong.J.X, Dai.J.Z, Yang.X.H. A privacy-protecting proxy signature scheme and itsapplication. Proceedings of the 42nd annual Southeast regional conference. Alabama:ACM, 2004. 203~206
[28] Adleman.L, Revist.R.L, Shamir.A. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21(2): 120~126
[29] ElGamal.T. A Public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, 31(4): 469~472
[30]洪帆,崔国华,付小青.信息安全概论.武汉:华中科技大学出版社, 2005. 89-91
[31]冯登国.密码工程.北京:清华大学出版社, 2001. 152~155
[32] Koblitz.N. Elliptic curve cryptosystems. Mathematic of Computation, 1987, 48(177): 203 ~209
[33] Miller.V. Use of elliptic curves in cryptography. Proceedings of CRYPTO’85. Berlin:Springer-Verlag, 1985. 410~424
[34]陈晓峰,王育民,张方国.椭圆曲线离散对数的攻击现状.西安电子科技大学学报, 2002, 29(3): 398~401
[35]冯登国,卿斯汉.信息安全—核心理论与实践.北京:国防工业出版社,2000. 65~66
[36]孙伟,杨义先,纽芯忻.现代密码新理论.北京:科学出版社, 2002. 35~36
[37] National Institute of Standards and Technology. Digital Signature Standard. NIST FIPS PUB 186, Washington:Department of Commerce, NITS, 1994. 116~123
[38] Nyberg.K, Rueppel.R.A. Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem. Eurocrypt 94. Berlin:Spring-Verlag, 1994. 182~193
[39]伊丽江.代理签名体制及其应用研究[博士学位论文].西安:西安电子科技大学, 2000.
[40] B.Lee, H.Kim, K.Kim. Strong Proxy Signature and its application. Proc of SCIS 2001, 2001, 11(1): 603~608
[41]曹珍富,李继国,张亦辰.代理签名的现状与进展.通信学报, 2003, 10(01): 148 ~150
[42] C.PSchnorr. Efficient identification and signatures for smart cards. Advances in cryptology-crypto’89, 1990, 1(435): 239~252
[43] H.Petersen, P.Horster. Self-certified keys-concepts and applications. Chapman& Hall,1997, 21(7): 102~116
[44]柯召,孙琦.数论讲义.北京:高等教育出版社, 2001. 75~76
[45] T.ElGamal. A subexponential algrithm for computing discrete logarithms over GF( p 2). IEEE Trans, Information Theory, 1985, 31(5): 473~481
[46]廖大春,卢桂章,辛运炜.单向散列函数的原理、实现和在密码学中的应用.计算机应用研究, 2002, 1(2): 25~27
[47] Bin-Tsan Hsieh, Hung-Min Sun. Cryptanalysis of a strong proxy signature scheme with proxy signer privacy protection. IEEE 2003. NewYork:IEEE, 2003. 474~476
[48]付蓉,柳菊霞,苏靖枫等.匿名代理签名方案的研究与改进.信息安全与通讯保密, 2006, 3(16): 75~77
[49] Camenisch.L.J, Piveteau.M.J, Stadler.A.M. Blind signatures based on the discrete logarithm problem. Advances in Cryptology’92. Berlin:Spring-Verlag,1995. 428~432