基于CL匿名凭证系统的属性证明协议的研究与实现

发布时间：2018-05-08 11:07

本文选题：匿名凭证系统 + 高效属性证明　；参考：《东北大学》2014年硕士论文

【摘要】：匿名凭证系统采用一种匿名的且不可连接的方式来出示用户的电子身份凭证,同时能够对一系列属性关系进行证明。但是,传统的属性证明协议通常具有与用户属性数量相关的线性计算复杂度,不适用于智能卡等资源有限的设备。因此,论文针对该问题对属性证明协议的计算复杂度优化进行了研究,提出一系列高效的属性证明协议。本文的核心思想是,为用户的每一个属性颁发对应的匿名凭证,并且通过选择性地聚合用户签名的方式来证明其属性关系。本文的主要工作有：(1)对Camenish和Lysyanskaya在2004年提出的CL签名机制进行研究与改进,结合聚合签名的技术,提出选择性聚合CL签名机制,该签名机制在签名验证阶段具有常数的计算复杂度；并证明了该签名机制在标准模型下具备正确性,且对于自适应消息选择攻击存在不可伪造性。在此基础上,构造匿名凭证系统,并形式化地证明该协议的安全性。(2)在匿名凭证系统中设计一系列属性证明协议。由于其基于属性的策略,用户不仅能够自主选择证明协议中需要涉及的属性和相关的匿名凭证；而且也能够在证明这些属性关系的同时证明对其匿名凭证的持有。本文对这些属性证明协议进行描述,并形式化地证明其安全性。(3)采用Java语言,使用了IatePair包,利用椭圆曲线上的双线性对运算来实现这些属性证明协议。协议包括三个实体：用户(User),凭证颁发者(Signer)和验证方(Verifier)。首先给出实体类的设计,包括ECC类,user、signer、verifier类以及各自的成员属性和方法；其次给出了核心功能的实现过程,包括选择性聚合CL签名机制,匿名凭证颁发协议和属性证明协议的实现流程图；最后对属性证明协议进行时间复杂度和具体性能的分析表明,本文的属性AND和OR关系证明协议的计算代价都小于传统的CL匿名凭证系统和基于累加器的系统；而属性区间和不等式证明协议在传统的CL匿名凭证系统和基于累加器的系统中都未涉及到,本文对于属性区间和不等式谓词的证明进行了完善。
[Abstract]:Anonymous voucher system uses an anonymous and unconnected way to present the user's electronic identity certificate, and it can prove a series of attribute relationships at the same time. However, traditional attribute certification protocols usually have linear computational complexity related to the number of user attributes, and are not suitable for devices with limited resources such as smart cards. Therefore, in this paper, the computational complexity optimization of attribute proof protocol is studied, and a series of efficient attribute proof protocols are proposed. The core idea of this paper is to issue the corresponding anonymous credentials for each attribute of the user and to prove the attribute relationship by selectively aggregating the user's signature. The main work of this paper is to study and improve the CL signature mechanism proposed by Camenish and Lysyanskaya in 2004. Combined with the technology of aggregate signature, we propose a selective polymerized CL signature mechanism. The signature scheme has constant computational complexity in the phase of signature verification, and it is proved that the signature mechanism is correct under the standard model, and it is unforgeable for adaptive message selection attacks. On this basis, the anonymous credential system is constructed, and the security of the protocol is formally proved. (2) A series of attribute proof protocols are designed in the anonymous credential system. Because of its attribution-based strategy, the user can not only choose the attributes and related anonymous credentials that need to be involved in the certification protocol, but also prove the relationship between these attributes and the possession of their anonymous credentials. In this paper, we describe these attribute proof protocols, and formally prove their security. We use Java language, IatePair package and bilinear pairings on elliptic curves to implement these attribute proof protocols. The protocol consists of three entities: the user user, the certificate issuer, and the verifier Verifierer. Firstly, the design of entity class is given, including the ECC class user signer verifier class and their member attributes and methods, and the implementation process of the core function, including the selective aggregation CL signature mechanism, is given. The implementation flow chart of anonymous certificate issuing protocol and attribute certification protocol is given. Finally, the time complexity and specific performance of attribute certification protocol are analyzed. The computational cost of the attribute AND and OR relationship proof protocol is lower than that of the traditional CL anonymous credential system and the accumulator-based system. However, attribute intervals and inequality proof protocols are not covered in traditional CL anonymous credential systems and accumulation-based systems. In this paper, the proof of attribute intervals and inequality predicates is improved.
【学位授予单位】：东北大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.91

【相似文献】