可证明安全的无证书数字签名方案的研究

发布时间：2018-06-28 03:35

本文选题：短签名 + 聚合签名　；参考：《北京邮电大学》2014年博士论文

【摘要】：数字签名是信息安全的核心技术之一,在商业、金融、军事等领域有着广泛的应用。无证书数字签名避免了传统数字签名系统中证书管理问题,也消除了基于身份签名系统中的密钥托管问题,这使得无证书数字签名从其概念提出的初始就受到了学术界和工业界的极大关注,是近年来密码学与信息安全领域突出的研究热点之一。而可证明安全是现代密码方案的基本要求,它已经成为密码方案和协议的理论基础和设计依据。本文旨在提供更多可证明安全的无证书数字签名方案,研究内容主要包括无证书加密体制、普通的无证书签名方案、带有特殊性质的无证书签名方案(无证书聚合签名、无证书部分盲签名、无证书签密)。具体来说,主要有以下研究成果： 1.分析并改进了Hwang等人的无证书加密体制。Hwang等人的加密体制是第一个宣称在标准模型下可以证明能够抵抗“恶意但被动”的KGC攻击的无证书加密体制。我们证明了他们的加密体制不能抵抗“恶意但被动”KGC的攻击,甚至是不能抵抗“诚实但好奇”KGC的攻击。我们也提出了一个改进的加密体制,并在标准模型下证明了我们的加密体制能够抵抗“恶意但被动”的KGC攻击。 2.分析并改进了Yu等人的无证书签名方案。许多在标准模型下设计的无证书签名方案都被证明是不能抵抗密钥代替攻击。最近,Yu等人在标准模型下设计了一个无证书签名方案,并声称他们的方案可以抵抗密钥代替攻击,然而,我们证明了Yu等人的签名方案仍然容易遭受密钥代替攻击。利用我们的无证书加密体制,我们对Yu等人的签名方案进行了改进。我们的签名方案不仅避免了Yu等人方案的安全缺陷,且能提供更短的系统参数长度、更短的签名长度和更高的计算效率。 3.设计了一个新的无证书签名方案,并在随机预言模型下证明了我们的方案对自适应选择消息攻击是存在不可伪造的。新方案不仅能提供可证明安全性且具有较短的签名长度(一个群元素),因此我们的方案适合在存储能力较低的环境下使用。 4.分析并改进了Xiong等人的无证书聚合签名方案。Xiong等人声称他们的聚合签名方案在面对“恶意但被动”KGC攻击时仍然是安全的。我们证明了Xiong等人的方案甚至不能抵抗“诚实但好奇”的KGC的攻击；我们也提出了一个改进的聚合签名方案,并在随机预言模型下证明了我们的聚合签名方案能够抵抗“恶意但被动”的KGC攻击。性能分析表明我们的方案是高效实用的。 5.分析并改进了Zhang等人的无证书部分盲签名方案。在2011年,Zhang等人把部分盲签名方案扩展到无证书密码学中,提出了第一个可应用于电子现金系统的部分盲签名方案。我们证明了这个方案中的恶意KGC可以伪造任何消息的签名。最近,Zhang等人给出了一个纠正的方案,不过他们并没有给出这个方案的安全分析。我们证明了这个纠正的方案中的恶意用户通过更换签名人的公钥可以伪造任何消息的签名。我们的攻击表明一旦把Zhang等人的方案应用到电子现金中,恶意的用户或者KGC能伪造任何有效的电子现金(也就是签名),而银行并不会发现,这样肯定会给银行造成巨大的损失。我们也提出了相应的改进方案,并且证明了新方案具有部分盲的特性以及在自适应选择消息攻击条件下具有存在不可伪造性；同时基于我们的方案,我们描述了一个电子现金系统。 6.改进了Liu等人的无证书签密方案。Liu等人首次在标准模型下考虑了无证书签密方案的安全性。不幸的是他们的方案已被证明存在着安全缺陷。我们对Liu等人无证书签密方案进行了改进,并证明了新方案在标准模型下是可以抵抗类型Ⅰ和类型Ⅱ敌手(“恶意但被动”KGC)的攻击。新方案实现了在无证书密码体制下同时安全地提供签名和加密的功能,而且与Liu等人的方案相比有更短的系统参数。
[Abstract]:Digital signature is one of the core technologies of information security. It is widely used in commercial, financial, military and other fields. The certificate free digital signature avoids the problem of certificate management in the traditional digital signature system, and eliminates the key escrow problem in the identity signature system. This makes the certificate free digital signature beginning from its concept. It has attracted great attention from academia and industry. It is one of the hotspots in the field of cryptography and information security in recent years. But it is proved that security is the basic requirement of modern cryptographic schemes. It has become the theoretical basis and design basis of cryptographic schemes and protocols. This article is intended to provide more certificateless numbers that can be proved safe. The main research contents include the certificate free encryption system, the ordinary certificate free signature scheme, the certificate free signature scheme with special properties (certificate free aggregation signature, certificate free partial blind signature, certificate free signature).
1. analysis and improvement of Hwang et al.'s certificate free encryption system.Hwang et al encryption system is the first certificateless encryption system that claims to be able to resist "malicious but passive" KGC attacks under the standard model. We prove that their encryption system cannot resist the attack of "evil but passive" KGC, or even not. Against the attack of "honest but curious" KGC, we also proposed an improved encryption system and proved that our encryption system can resist "malicious but passive" KGC attacks under the standard model.
2. analyze and improve the certificate free signature scheme of Yu et al. Many certificateless signature schemes designed under the standard model are proved to be unable to resist the key instead of the attack. Recently, Yu and others design a certificate free signature scheme under the standard model, and claim that their scheme can replace the attack with the resistance key, however, we prove that The signature schemes of Yu and others are still vulnerable to key replacement attacks. Using our certificateless encryption system, we have improved the signature scheme of Yu and others. Our signature scheme not only avoids the security defects of Yu and others, but also provides shorter system parameter length, shorter signature length and higher computing efficiency.
3. a new certificateless signature scheme is designed. Under the random oracle model, it is proved that our scheme is not forgery for adaptive selection message attack. The new scheme not only provides proven security and has a shorter signature length (a group element), so our scheme is suitable for low storage environment. Use it below.
4. analysis and improvement of Xiong et al.'s certificate free aggregation signature scheme,.Xiong et al., and others claimed that their aggregation signature scheme was still safe in the face of "malicious but passive" KGC attacks. We proved that Xiong et al's scheme could not even resist "honest but curious" KGC attack; we also proposed an improved aggregation. The signature scheme and the random oracle model demonstrate that our aggregated signature scheme can resist "malicious but passive" KGC attacks. Performance analysis shows that our scheme is efficient and practical.
5. analysis and improve the certificateless partial blind signature scheme of Zhang et al. In 2011, Zhang and others extended the partial blind signature scheme to the certificateless cryptography, proposed the first partial blind signature scheme which can be applied to the electronic cash system. We proved that the evil intent KGC in this scheme can forge any message signatures. Recently, Z Hang et al. Gave a correction scheme, but they did not give a security analysis of the scheme. We proved that the malicious user in this correction scheme can forge any message signatures by replacing the public key of the signer. Our attack indicates that once the Zhang and other human schemes are applied to the electronic cash, it is malicious. The user or KGC can forge any effective electronic cash (that is, signature), and the bank will not find it, which will certainly cause huge losses to the bank. We also propose a corresponding improvement scheme and prove that the new scheme is partially blind and Unforged under the condition of adaptive choice message attack. At the same time, based on our plan, we describe an electronic cash system.
6. improved the certificateless signcryption scheme of Liu et al..Liu et al. For the first time considering the security of the certificate free signature scheme under the standard model. Unfortunately, their scheme has been proved to have security defects. We have improved the non certificate signature scheme of Liu et al. And proved that the new scheme is resistant under the standard model. Type I and type II enemy ("malicious but passive" KGC) attack. The new scheme provides a secure signature and encryption function under the certificateless cryptosystem, and has a shorter system parameter compared with the Liu et al scheme.
【学位授予单位】：北京邮电大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TN918.91

【参考文献】