指定验证者数字签名的设计与分析
|
摘要
随着计算机网络技术的快速发展,特别是电子商务、电子政务的不断推广与应用,人们对信息安全问题的关注程度也逐渐地提高。数字签名是顺应了信息安全技术实际与发展的要求而产生的,能够在网络通信过程中保证传输信息的真实性、解决通信双方的争端一项信息技术。自从其产生以来,基于不同的数学难题,人们提出了大量的数字签名方案,例如基于大整数分解的RSA数字签名方案,基于离散对数的ElGamal数字签名方案等。为了满足数字签名方案在网络通信环境中实际应用需求,人们提出了各种不同的数字签名方案,例如代理签名,盲签名等。指定验证者的数字签名方案也正是这个背景下产生的,它在电子商务中对个人隐私信息和版权的在线指定授权等问题上发挥着重要的作用。
在其他传统数字签名方案中,任何人都能够验证数字签名的有效性。然而在指定验证者的数字签名方案中,除了签名者指定的验证者以外,其他任何人都不能有效的验证某一消息签名的正确性,从而有效的保护了消息签名者的个人隐私。本文在前人研究成果的基础上,主要对指定验证者的数字签名及其应用方面做了一些有益的尝试和探索。主要研究内容如下:
1.对现有一个方案进行研究与分析,发现原方案在应用于其他网络环境时容易遭受重放攻击。在原方案基础上,提出了一个高效的应用范围更广的方案。
2.结合代理签名和指定验证者代理签名的概念,提出了一个基于双线性对的指定验证者代理签名方案。
3.对一个基于身份的改进的指定验证者的代理签名方案进行了分析,发现了其中的安全漏洞,并证明对其安全性攻击是有效的。
4.提出了一个无证书的强指定验证者签名,解决了公钥系统中指定验证者签名存在的证书管理问题和基于身份的密码体制中指定验证者签名的密钥托管问题。
Along with the development of computer science and internet, especially great spread and application of electronic commerce and E-government, the problem of information security gradually draws much more attentions. Digital signature, its emergence fulfills the actual demands and the advancement of information security, is an information technology which could guarantee messages against any damage in transmitting procedure and settle disputes between the two sides of communication. Since its emergence, based on different mathematic problem, lots of digital signature schemes have been proposed, for instance, RSA signature scheme is based on the problem of integer factorization, ElGamal signature scheme is based on the problem of discrete logarithms. In order to satisfy the actual application requirements of digital signature in transmission network, plenty of other different signature schemes have been presented, for example, proxy signature and blind signature. Designated verifier signature come out as well in this condition, which plays an increasingly important role in privacy protection and online designated authorization.
In other ordinary digital signature scheme, anyone could verify the validity of a signature. However, in a designated verifier signature scheme except the designated verifier, nobody could verify the validity of the signature, thus it effectively protects signer's privacy. In this paper, based on achievements made by others, some beneficial trial and exploration in designated verifier signature have been made out. The following are the main research results:
1. Study and analyze a digital signature scheme, and discover that the scheme is easy to suffer the replay attack when applied in other network environment, thus propose a highly effective scheme with more widespread application.
2. Combining proxy signature with designated verifier signature, a new designated verifier proxy signature scheme is proposed.
3. Make some analysis on an improved ID-based designated verifier proxy signature scheme and figure out a security loophole in it, then prove that the security attack is valid.
4. A certificateless strong designated verifier signature scheme is presented, which alleviates the key escrow problem of ID-based cryptography and certificate authorities in traditional public key cryptography.
在其他传统数字签名方案中,任何人都能够验证数字签名的有效性。然而在指定验证者的数字签名方案中,除了签名者指定的验证者以外,其他任何人都不能有效的验证某一消息签名的正确性,从而有效的保护了消息签名者的个人隐私。本文在前人研究成果的基础上,主要对指定验证者的数字签名及其应用方面做了一些有益的尝试和探索。主要研究内容如下:
1.对现有一个方案进行研究与分析,发现原方案在应用于其他网络环境时容易遭受重放攻击。在原方案基础上,提出了一个高效的应用范围更广的方案。
2.结合代理签名和指定验证者代理签名的概念,提出了一个基于双线性对的指定验证者代理签名方案。
3.对一个基于身份的改进的指定验证者的代理签名方案进行了分析,发现了其中的安全漏洞,并证明对其安全性攻击是有效的。
4.提出了一个无证书的强指定验证者签名,解决了公钥系统中指定验证者签名存在的证书管理问题和基于身份的密码体制中指定验证者签名的密钥托管问题。
Along with the development of computer science and internet, especially great spread and application of electronic commerce and E-government, the problem of information security gradually draws much more attentions. Digital signature, its emergence fulfills the actual demands and the advancement of information security, is an information technology which could guarantee messages against any damage in transmitting procedure and settle disputes between the two sides of communication. Since its emergence, based on different mathematic problem, lots of digital signature schemes have been proposed, for instance, RSA signature scheme is based on the problem of integer factorization, ElGamal signature scheme is based on the problem of discrete logarithms. In order to satisfy the actual application requirements of digital signature in transmission network, plenty of other different signature schemes have been presented, for example, proxy signature and blind signature. Designated verifier signature come out as well in this condition, which plays an increasingly important role in privacy protection and online designated authorization.
In other ordinary digital signature scheme, anyone could verify the validity of a signature. However, in a designated verifier signature scheme except the designated verifier, nobody could verify the validity of the signature, thus it effectively protects signer's privacy. In this paper, based on achievements made by others, some beneficial trial and exploration in designated verifier signature have been made out. The following are the main research results:
1. Study and analyze a digital signature scheme, and discover that the scheme is easy to suffer the replay attack when applied in other network environment, thus propose a highly effective scheme with more widespread application.
2. Combining proxy signature with designated verifier signature, a new designated verifier proxy signature scheme is proposed.
3. Make some analysis on an improved ID-based designated verifier proxy signature scheme and figure out a security loophole in it, then prove that the security attack is valid.
4. A certificateless strong designated verifier signature scheme is presented, which alleviates the key escrow problem of ID-based cryptography and certificate authorities in traditional public key cryptography.
引文
1. Chaum D and Antwerpen H. Undeniable signatures [C]. Advances in Cryptology-Crypto' 89435(Springer, Berlin,1990):212-216.
2. Jakobsson M, Sako K, Impagliazzo K. Designated verifier proofs and their applications [C]. Advances in Eurocrypt'96 1070(Springer,Berlin,1996):143-154.
3. Saeednia S, Kramer S, Markovitch O.An efficient strong designated verifier signature scheme [C].ICISC'03 2971 (Springer, Berlin,2004):40-54.
4. Susilo W, Zhang F, Mu Y. Identity-based Strong designated verifier signature schemes [C]. ACSISP 2004, LNCS 3108,2004. (Springer-Verlag, Berlin):313-324,
5. Kumar K, Shailaja G, Saxena A. Identity based strong designated verifier signatuers scheme [EB/OL]. Cryp.eprint Archive Report 2006/134. Availiable at http://eprint. iacr.org/2006/134.pdf.
6. Zhang J and Mao J. A novel ID-based designated verifier signature scheme [J].Information Sciences 2008,178:766-773.
7. Lipmaa H, Wang G, Bao F. Designated verifier signature schemes:attacks, new security notions and a new construction [A]. Automata, Languages and Programming:32nd International Colloquium, ICALP 2005, Lisbon, Portugal, July 11-15,2005. Proceedings. Springer Verlag:Berlin/Heidelberg, Germany,459-471.
8. Lee J S and Chang J H.Comment on Saeednia et al.'s strong designated verifier signature scheme [J].Compute Standard&Interface,2009,31:258-260.
9. Kang B, Boyd C, Dawson E. A novel identity-based strong designated verifier signature scheme [J]. The Journal of Systems and Software,2009,82:270-273.
10. Mambo M, Usuda K, Okamoto E. Proxy signature:delegation of the power to sign messages [J]. EICE Trans. Fundamental,1996, E79-A (9):1338-1353.
11. Dai J Z, Yang X H, Dong J X. Designated-receiver proxy signature scheme for electronic commerce//[C]Proc.of IEEE International Conference on Systems, Man and Cybernetics, Hyatt Regency, Washington, D.C., USA,2003,1:384-389.
12. Wang G. Designated-verifier proxy signature for e-commerce [C]//Proceedings of IEEE International Conference on Multimedia and Expo, Taibei, Taiwan,2004,3:1731-1734.
13. Lal S and Verma V. Identity based strong designated verifier proxy signature schemes [EB/OL]. Cryp.eprint Archive Report 2006/394. Availiable at http://eprint.iacr.Org/ 2006/394.pdf.
14. Kang B, Boyd C, Dawson E. Identity-based strong designated verifier signature scheme: Attack and new construction [J]. Computes and Electrical Engineering 35(2009):49-53.
15. Yu Y, Xu C, Zhang X. Designated verifier proxy signature scheme without random oracle [J]. Computes and Mathematics with Applications,2009,57:1352-1364.
16. Lee J S, Chang J H, Lee D H.Forgery attacks on Kang et al.'s identity-based strong designated verifier signature scheme and its improvement with security proof [J]. Computers & Electrical Engineering,2010,36(5):948-954.
17. Boneh D, Lynn B, Shacham H. Short signatures from the weil pairings[A], Advances in Cryptology-Asiacrypt'01, LNCS,2248. Springer-Verlag,2001:514-532.
18.林兆,曹珍富,董晓蕾等.基于自认证密码系统的短指定验证者签名方案[J].计算机工程,2007,33(24):153-154,157.
19.司光东,辛向军,陈原等.具有指定验证者的短签名方案[J].电子学报,2008,36(1):24-27.
20. Huang X, Susilol W, Mu Y. Short designated verifier signature scheme and its identity-based variant [J]. International Journal of Network Security,2008 6(1):82-93.
21.胡小腾,黄上腾.标准模型下的安全短签名方案[J].计算机工程,2008.08,34(15):140-141.158.
22.贺雯,张建中.高效的具有指定验证者的代理签名方案[J].计算机应用研究,2009,26(130):3901-3902,391.
23. Shmir A. Identity-based cryptosystems and signature schemes [C].LNCS,1984, pp:47-53.
24. Al-Riyami S and Paterson K. Certificateless public key cryptography [C]. Asiacrypt 2003. LNCS 2894, Springer-Verlag,2003, pp:452-473.
25. Baek J, Safavi-Naini R, Susilo W. Certificateless Public Key Encryption without Pairing [C].LNCS,2005, Springer-Verlag, Berlin.
26. Ming Y, Shen X, Wang Y. Certificateless universal designated verifier signature schemes [J]. The Journal of China Universities of Posts and Telecommunications.2007,14(3): 85-90,94
27. Duan S. Certificateless undeniable signature scheme. Information Sciences [J].2008, 178(3),742-755
28. Shim K.Breaking the short certificateless signature scheme [J]. Information Sciences.2009, 179(3):303-306
29. Du H and Wen Q.Efficient and provably-secure certificateless short signature scheme from bilinear pairings.Computer Standards & Interfaces [J].2009,31(2):390-394.
30. Zhang L, Zhang F. A new certificateless aggregate signature scheme [J]. Computer Communications.2009,32(6):1079-1085.
31.Harna L, Renb J, and Lin C. Design of DL-based certificateless digital signatures [J]. Journal of Systems and Software.2009,82(9):789-793.
32.梁中银,杨晓元,魏萍等.一类高效的无证书可转换限定验证者签名[J],计算机工程与应用,2009,45(15):99-101.
33. Zhang G., Wang X. Certificateless Encryption.Scheme Secure in Standard Model [J]. Tsinghua Science & Technology.2009,14(4):452-459.
34. Liu Z, Hu Y, and Zhang X et al.'s. Certificateless signcryption scheme in the standard model. Information Sciences [J]. Volume 180, Issue 3,1 February 2010, Pages 452-464.
35. Steinfeld1 R, Bull L, Wang H.Universal designated verifier signature [C]. ASIACRYPT 2003, LNCS 2894,2003:523-542.
36.明洋,王育民.无随机预言机下的指定验证者代理签名方案[J].电子与信息学报,2008,30(3):668-671.
37. Cao F and Cao Z.An identity based universal designated verifier signature scheme secure in the standard model [J].The Journal of Systems and Software,2009,82:643-649.
38.明洋,李怒海,王育民.一种高效的广义指定验证者签名证明[J].电子学报,2006,34(12A):2434-2437.
39.陈国敏,陈晓峰.一个安全的广义指定验证者签名证明系统[J].电子与信息学报,2009,31(2):489-492.
40.李继国,余纯武,张福泰等.信息安全数学基础[M].武汉大学出版社,2006.
41.顾纯祥,祝跃飞,潘晓豫Forking引理与一类基于身份签名体制的安全性证明[J].Journal of Software,2007,18(4):1008-1014.
42.卢开澄.计算机密码学——计算机网络中的数据保密与安全(第三版)[M].北京:清华大学出版社,2003.
43.刘建伟,王育民.网络安全——技术与实践[M].清华大学出版社,2005.
44.赵茂泽.数字签名理论[M].北京:科学出版社,2007.
45.王琴.代理签名的多种扩展形式研究[D].上海:上海交通大学,2007.
46.冯登国.密码学原理与实践(第三版)[M].电子工业出版社,2009.
2. Jakobsson M, Sako K, Impagliazzo K. Designated verifier proofs and their applications [C]. Advances in Eurocrypt'96 1070(Springer,Berlin,1996):143-154.
3. Saeednia S, Kramer S, Markovitch O.An efficient strong designated verifier signature scheme [C].ICISC'03 2971 (Springer, Berlin,2004):40-54.
4. Susilo W, Zhang F, Mu Y. Identity-based Strong designated verifier signature schemes [C]. ACSISP 2004, LNCS 3108,2004. (Springer-Verlag, Berlin):313-324,
5. Kumar K, Shailaja G, Saxena A. Identity based strong designated verifier signatuers scheme [EB/OL]. Cryp.eprint Archive Report 2006/134. Availiable at http://eprint. iacr.org/2006/134.pdf.
6. Zhang J and Mao J. A novel ID-based designated verifier signature scheme [J].Information Sciences 2008,178:766-773.
7. Lipmaa H, Wang G, Bao F. Designated verifier signature schemes:attacks, new security notions and a new construction [A]. Automata, Languages and Programming:32nd International Colloquium, ICALP 2005, Lisbon, Portugal, July 11-15,2005. Proceedings. Springer Verlag:Berlin/Heidelberg, Germany,459-471.
8. Lee J S and Chang J H.Comment on Saeednia et al.'s strong designated verifier signature scheme [J].Compute Standard&Interface,2009,31:258-260.
9. Kang B, Boyd C, Dawson E. A novel identity-based strong designated verifier signature scheme [J]. The Journal of Systems and Software,2009,82:270-273.
10. Mambo M, Usuda K, Okamoto E. Proxy signature:delegation of the power to sign messages [J]. EICE Trans. Fundamental,1996, E79-A (9):1338-1353.
11. Dai J Z, Yang X H, Dong J X. Designated-receiver proxy signature scheme for electronic commerce//[C]Proc.of IEEE International Conference on Systems, Man and Cybernetics, Hyatt Regency, Washington, D.C., USA,2003,1:384-389.
12. Wang G. Designated-verifier proxy signature for e-commerce [C]//Proceedings of IEEE International Conference on Multimedia and Expo, Taibei, Taiwan,2004,3:1731-1734.
13. Lal S and Verma V. Identity based strong designated verifier proxy signature schemes [EB/OL]. Cryp.eprint Archive Report 2006/394. Availiable at http://eprint.iacr.Org/ 2006/394.pdf.
14. Kang B, Boyd C, Dawson E. Identity-based strong designated verifier signature scheme: Attack and new construction [J]. Computes and Electrical Engineering 35(2009):49-53.
15. Yu Y, Xu C, Zhang X. Designated verifier proxy signature scheme without random oracle [J]. Computes and Mathematics with Applications,2009,57:1352-1364.
16. Lee J S, Chang J H, Lee D H.Forgery attacks on Kang et al.'s identity-based strong designated verifier signature scheme and its improvement with security proof [J]. Computers & Electrical Engineering,2010,36(5):948-954.
17. Boneh D, Lynn B, Shacham H. Short signatures from the weil pairings[A], Advances in Cryptology-Asiacrypt'01, LNCS,2248. Springer-Verlag,2001:514-532.
18.林兆,曹珍富,董晓蕾等.基于自认证密码系统的短指定验证者签名方案[J].计算机工程,2007,33(24):153-154,157.
19.司光东,辛向军,陈原等.具有指定验证者的短签名方案[J].电子学报,2008,36(1):24-27.
20. Huang X, Susilol W, Mu Y. Short designated verifier signature scheme and its identity-based variant [J]. International Journal of Network Security,2008 6(1):82-93.
21.胡小腾,黄上腾.标准模型下的安全短签名方案[J].计算机工程,2008.08,34(15):140-141.158.
22.贺雯,张建中.高效的具有指定验证者的代理签名方案[J].计算机应用研究,2009,26(130):3901-3902,391.
23. Shmir A. Identity-based cryptosystems and signature schemes [C].LNCS,1984, pp:47-53.
24. Al-Riyami S and Paterson K. Certificateless public key cryptography [C]. Asiacrypt 2003. LNCS 2894, Springer-Verlag,2003, pp:452-473.
25. Baek J, Safavi-Naini R, Susilo W. Certificateless Public Key Encryption without Pairing [C].LNCS,2005, Springer-Verlag, Berlin.
26. Ming Y, Shen X, Wang Y. Certificateless universal designated verifier signature schemes [J]. The Journal of China Universities of Posts and Telecommunications.2007,14(3): 85-90,94
27. Duan S. Certificateless undeniable signature scheme. Information Sciences [J].2008, 178(3),742-755
28. Shim K.Breaking the short certificateless signature scheme [J]. Information Sciences.2009, 179(3):303-306
29. Du H and Wen Q.Efficient and provably-secure certificateless short signature scheme from bilinear pairings.Computer Standards & Interfaces [J].2009,31(2):390-394.
30. Zhang L, Zhang F. A new certificateless aggregate signature scheme [J]. Computer Communications.2009,32(6):1079-1085.
31.Harna L, Renb J, and Lin C. Design of DL-based certificateless digital signatures [J]. Journal of Systems and Software.2009,82(9):789-793.
32.梁中银,杨晓元,魏萍等.一类高效的无证书可转换限定验证者签名[J],计算机工程与应用,2009,45(15):99-101.
33. Zhang G., Wang X. Certificateless Encryption.Scheme Secure in Standard Model [J]. Tsinghua Science & Technology.2009,14(4):452-459.
34. Liu Z, Hu Y, and Zhang X et al.'s. Certificateless signcryption scheme in the standard model. Information Sciences [J]. Volume 180, Issue 3,1 February 2010, Pages 452-464.
35. Steinfeld1 R, Bull L, Wang H.Universal designated verifier signature [C]. ASIACRYPT 2003, LNCS 2894,2003:523-542.
36.明洋,王育民.无随机预言机下的指定验证者代理签名方案[J].电子与信息学报,2008,30(3):668-671.
37. Cao F and Cao Z.An identity based universal designated verifier signature scheme secure in the standard model [J].The Journal of Systems and Software,2009,82:643-649.
38.明洋,李怒海,王育民.一种高效的广义指定验证者签名证明[J].电子学报,2006,34(12A):2434-2437.
39.陈国敏,陈晓峰.一个安全的广义指定验证者签名证明系统[J].电子与信息学报,2009,31(2):489-492.
40.李继国,余纯武,张福泰等.信息安全数学基础[M].武汉大学出版社,2006.
41.顾纯祥,祝跃飞,潘晓豫Forking引理与一类基于身份签名体制的安全性证明[J].Journal of Software,2007,18(4):1008-1014.
42.卢开澄.计算机密码学——计算机网络中的数据保密与安全(第三版)[M].北京:清华大学出版社,2003.
43.刘建伟,王育民.网络安全——技术与实践[M].清华大学出版社,2005.
44.赵茂泽.数字签名理论[M].北京:科学出版社,2007.
45.王琴.代理签名的多种扩展形式研究[D].上海:上海交通大学,2007.
46.冯登国.密码学原理与实践(第三版)[M].电子工业出版社,2009.