直接匿名证言方案的改进与实现
|
摘要
可信计算组织认为隐私保护是可信系统的一个必要因素,用户对自己的隐私信息必须拥有选择和控制权,为此可信计算组织于2004年发布了DAA方案来保证证过程的匿名性和解决Privacy CA方案存在的问题。但是DAA方案的时间开销过大,不能很理想的应用于现实系统。
本文在研究一些特殊的可以实现匿名性的签名方案像代理签名方案,盲签名方案,群签名方案后,对DAA方案的产生背景、发展阶段、实现机制、具体协议进行了研究。在DAA匿名机制的原理框架内,解决缩短时间开销问题的方法主要是缩短参数长度,如果仅缩短参数长度,将会降低新方案的安全性。要想缩短参数长度又要保证新方案的安全性与匿名性,只有将离散对数问题转化成椭圆曲线离散对数问题。然而DAA方案是整数的因式分解系统与离散对数系统结合而产生的方案,只是将离散对数问题转化成椭圆曲线离散对数问题,相关整数的因式分解问题,因参数缩短而变得不安全,致使整个方案变得不安全。为此,本文提出了一个新的DAA方案,在新的方案中,摒弃了用整数的因式分解系统与离散对数系统结合来完成方案要求的方法,加入新的方法能够在只使用椭圆曲线离散对数问题进行构造来完成原方案的要求。
本文对新的方案和原来的方案在安全性,匿名性和执行效率几方面进行了比较分析。为了进行效率分析,模拟实现了DAA方案和新的方案。在实现方案中省去了通信的操作,实现单机版本的运行。为此建造了实现可以产生公钥功能的setup类。用于哈希函数的Hash类,设计了一个可以满足DAA方案要求输出1712位的安全Hash函数。实现TPM相应功能的tpm类,实现host相应功能的host类,实现DAA发布者功能的相应issuer类,实现验证者功能的verification类,和模拟方案的daa类。以及新方案中要用到椭圆曲线的功能的ecc类。
经过对新的方案与原方案相比分析,新的方案在不降低安全性和匿名性的情况下,提高了执行效率,缩短了时间花费。
Trusted Computing Group believes that privacy protection is one of necessary elements of trusted computing systems, and users must have the rights to choose and control their private information. In 2003, to ensure the anonymity in authentication and resolve the problems of Privacy CA scheme, Trusted Computing Group issued DAA scheme. However, the DAA scheme is not very satisfactory in real systems for its spending too much time.
In this paper, some special schemes which can be achieved anonymity, such as signature proxy signature schemes, blind signature schemes and group signature schemes, are studied. Then the background, the stage of development and the achieving mechanisms of DAA scheme are also studied. In the framework of DAA anonymous mechanism, the main method of reducing time expense is to shorten the length of parameters. But only to shorten the parameters length, will the security be decreased too. To shorten the length of parameters and guarantee the security and anonymity of new scheme, we may change the discrete logarithm problem into elliptic curves cryptosystem. However, DAA scheme is the scheme which is integrated by factoring integers and discrete logarithm problem, just changing the discrete logarithm problem into elliptic curves cryptosystems, will make the scheme unsafe. For these reasons, a new scheme has been offered. In the new scheme, factoring integers and discrete logarithm problem are discarded, and a new method was joined, so the requirements of the original scheme would be achieved by elliptic curves cryptosystem.
Finally, we compares the new scheme with the original scheme on the security, the anonymity and the efficiency. In order to carry out the efficiency analysis, the new scheme and the original scheme are simulated. In the implementation, the operation of communication is omitted and a stand-alone version is carried out. In the simulation programs, the class of set-up for producing a public key, the class of Hash for constructing hash function, the class of TPM for implementing the functions of TPM, the class of host, the class of issuer, the class of verification, the class of daa, and the class of ecc are all constructed.
Comparing with the original scheme, the new scheme does not decrease the safety and anonymity. At the same time, it improves efficiency by reducing the time expense.
本文在研究一些特殊的可以实现匿名性的签名方案像代理签名方案,盲签名方案,群签名方案后,对DAA方案的产生背景、发展阶段、实现机制、具体协议进行了研究。在DAA匿名机制的原理框架内,解决缩短时间开销问题的方法主要是缩短参数长度,如果仅缩短参数长度,将会降低新方案的安全性。要想缩短参数长度又要保证新方案的安全性与匿名性,只有将离散对数问题转化成椭圆曲线离散对数问题。然而DAA方案是整数的因式分解系统与离散对数系统结合而产生的方案,只是将离散对数问题转化成椭圆曲线离散对数问题,相关整数的因式分解问题,因参数缩短而变得不安全,致使整个方案变得不安全。为此,本文提出了一个新的DAA方案,在新的方案中,摒弃了用整数的因式分解系统与离散对数系统结合来完成方案要求的方法,加入新的方法能够在只使用椭圆曲线离散对数问题进行构造来完成原方案的要求。
本文对新的方案和原来的方案在安全性,匿名性和执行效率几方面进行了比较分析。为了进行效率分析,模拟实现了DAA方案和新的方案。在实现方案中省去了通信的操作,实现单机版本的运行。为此建造了实现可以产生公钥功能的setup类。用于哈希函数的Hash类,设计了一个可以满足DAA方案要求输出1712位的安全Hash函数。实现TPM相应功能的tpm类,实现host相应功能的host类,实现DAA发布者功能的相应issuer类,实现验证者功能的verification类,和模拟方案的daa类。以及新方案中要用到椭圆曲线的功能的ecc类。
经过对新的方案与原方案相比分析,新的方案在不降低安全性和匿名性的情况下,提高了执行效率,缩短了时间花费。
Trusted Computing Group believes that privacy protection is one of necessary elements of trusted computing systems, and users must have the rights to choose and control their private information. In 2003, to ensure the anonymity in authentication and resolve the problems of Privacy CA scheme, Trusted Computing Group issued DAA scheme. However, the DAA scheme is not very satisfactory in real systems for its spending too much time.
In this paper, some special schemes which can be achieved anonymity, such as signature proxy signature schemes, blind signature schemes and group signature schemes, are studied. Then the background, the stage of development and the achieving mechanisms of DAA scheme are also studied. In the framework of DAA anonymous mechanism, the main method of reducing time expense is to shorten the length of parameters. But only to shorten the parameters length, will the security be decreased too. To shorten the length of parameters and guarantee the security and anonymity of new scheme, we may change the discrete logarithm problem into elliptic curves cryptosystem. However, DAA scheme is the scheme which is integrated by factoring integers and discrete logarithm problem, just changing the discrete logarithm problem into elliptic curves cryptosystems, will make the scheme unsafe. For these reasons, a new scheme has been offered. In the new scheme, factoring integers and discrete logarithm problem are discarded, and a new method was joined, so the requirements of the original scheme would be achieved by elliptic curves cryptosystem.
Finally, we compares the new scheme with the original scheme on the security, the anonymity and the efficiency. In order to carry out the efficiency analysis, the new scheme and the original scheme are simulated. In the implementation, the operation of communication is omitted and a stand-alone version is carried out. In the simulation programs, the class of set-up for producing a public key, the class of Hash for constructing hash function, the class of TPM for implementing the functions of TPM, the class of host, the class of issuer, the class of verification, the class of daa, and the class of ecc are all constructed.
Comparing with the original scheme, the new scheme does not decrease the safety and anonymity. At the same time, it improves efficiency by reducing the time expense.
引文
[1] Schneier B.A Primer on Authentication and Digital Signa-tures [J].Computer Securit y Journal,1994,10(2):38-40。
[2] Anderson,J.P., Computer Security Technology Planning Study,ESD-TR-73-51,ESD/AFSC,Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206];
[3] Trusted Computing Group.Trusted Computing Platform Alliance (TCPA) M a i n S p e c i f i c a t i o n V e r s i o n 1 . 1 b [ E B / O L ] . http://www.trustedcomputinggroup.org,2001
[4] Trusted Computing Group.Specification,ArchitectureOverview,Specification(1.2 Edition)[EB/OL].(2004-04-28).http://www.trusted computinggroup.org.
[5] Brickell E, Camenisch J, Chen L. Direct Anonymous Attestation [A]// Proceedings of the 11th ACM Conference onComputer and Communications Security [C]. ACM Press, 2004:132-145.
[6] Trusted computing group. Trusted computing group design, implementation, and usage principles for TPM-based platforms version 1.0[EB/OL].(2005-01-2 2).http://www. trustedcomputinggroup.org.
[7] N.Koblitz,A.Menezes,S.Vanstone.The state of elliptic curve cryptography. Designs,Codes and Cryptography. 2000,19.
[8] Shanir A.and Fiat A, Method apparatus article for identification and signature, [J] U.S.Patent,31 May 1998.678-698.
[9] Schnorr C.P,Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system U.S.Patent 19,Feb.1991 995-999.
[10] 王育民,刘建伟.通信网的安全―理论与技术.西安:西安电子科技大学出版社,2005.
[11] 林 华, 鲁荣波. 一种基于椭圆曲线密码算法的零知识证明体制[J].福建电脑.2007.2 20-21.
[12] 陈钟,刘鹏,刘欣.可信计算概论[J].信息安全与通信保密. 2003.117-19.
[13] Microsotf.Secuirty Mdoel for the Next—Generation Secure Computing Base[EB/OL].http:// www.micorsoft.com/resource/sngscb/documents ngscb security mode1.doe ,2003.
[14] MAMBO M,USUDA K,OKAMOTO E.Proxy signatures for delegating signing operation [A].proc 3rd ACM Conference on Computer and commmunications Security[c].ACM Press,1996.48-57 .
[15] MAMBO M,USUDA K,OKAMOTO E.Proxy signatures:delegation of the power to sign messages[J].IEICE Trans Fundam,1996,E79-A(9):1338-1354.
[16] LEE B, KIM H, KIM K. Secure mobile agent using strong non-designated proxy signature[A]. Proc of ACISP’2001[C]. 2001.474-486.
[17] LEE B,KIM H,KIM K.Strong proxy signature and its application[A].Proc of ACISP2001[C]. 2001. 603-608.
[18] 王晓明, 符方伟.一种代理多重数字签名方案的安全分析[J].通信学报,2002, 23(4):98-102.
[19] 李继国,曹珍富,李建中,张亦辰.代理签名的现状与进展[J].通信学报,2003.10:114-125.
[20] MENEZES A, OORSCHOT V P, VANSTONE S. Handbook of Applied Cryptography[M].CRC Press,1997.
[21] GAMAGE C, Leiwo J, ZHENG Y. An efficient scheme for secure message transmission using proxy-signcryption[A]. Proceedings of the Twenty Second Australasian Computer Science [C]. 1999.
[22] Chaum D.Blind signatures for untraceable payments[C].Advanced in Cryptology Proc Crypto’82 Springer-Verlag 1983,199-203.
[23] Chaum D,Fiat A,Noar M.Untraceable Elctronic Cash[A].Advances in Cryptology Proceedings[ C]. Berlin : Springer ,1990. 319-327.
[24] Brands S. Untraceable Off2line Cash in Wallets with Observers [A]. Advances in Cryptology Proceedings [C].Berlin :Springer2Veralg ,1994. 302-318.
[25] Abe M,Fujisaki E.How to Date Blind Signatures[A].Advances in Cryptology Proceedings[C]. Berlin : Springer2Verlag ,1996. 244-251.
[26] 彭冰,杨宗凯,谭运猛.盲签名在电子现金中的应用[J].计算机工程与应用.2003,31.
[27] Pointcheval D. Strengthened Security for Blind Signatures[A] . Advances in Cryptology2Eurocryptp89 Proceedings[C] . Berlin : Springer2Verlag , 1998. 391-405.
[28] Schnorr C P. Efficient Identification and Signatures Generation for Smart Cards [A] . Advances in Cryptology2CRYPTOp89 Proceedings[C] . Berlin : Springer2Verlag , 1990. 239-252.
[29] CHAUM D ,HEYST V .Group signatures[A]1Proceedings of EUROCRYPT’91 ,Lecture Notes in Computer Science [C]. Springer2Verlag ,1991 ,547 :257 - 2651.
[30] ATENIESE G1 ,TSUDIK G1Some open issues and new directions in group signatures[ EBPOL ]1http : ∥www1isi1eduP~gtsPpubs1html1
[31] LYSYANSKAYA A ,RAMZAN Z1Group blind digital signatures :A scalable solution to electronic cash[A]1Proceedings of the 2nd Fi2nancial Cryptography Conference[C] . Anguilla ,BWI ,February 98 ,Springer2Verlag ,1998 ,184 - 1971
[32] RAMZAN Z1Group blind signatures a la carte [ EBPOL ]11999 ,http : ∥theory 11cs1mit1 eduP~zulfikar Phome page1html1
[33] TRAORE J1Group signatures and their relevance to privacy2protecting off2line electronic cash systems[J]1Information Security andPrivacy ,Lecture Notes in Computer Science ,1998 ,1587 :228-2431.
[34] CHEN L ,PEDERSEN T1New group signature schemes[A]1Proceedings of EUROCRYPT’94 ,Lecture Notes in Computer Science[C] .Springer2Verlag ,1995 ,950 :171 - 1811
[35] TSENG YM,JAN J K1A novel ID2based group signature11998 International Computer Symposium[A]1Workshop on Gryptology and Information Security[C] .Tainan,1998, 159 - 1641.
[36] 刘明理,渠慎明,马晓.签名匿名性的研究[J].电脑知识与技术.2007,11.741-743.
[37] 刘明理,谢苑,于素萍. 一种基于 TPM 的群签名方案[J].河南轻院学报.2008.2,80-82.
[38] STEVENSR.UNIX network promming , volumel , networking Apls:soeketandXTI[M」.2nded NewYork:PrenrieeHall,1988.
[39] CHRISTEN MG,SMITHM,TAYLOR C R.etal.Evolving video skims into useful multimedia abstraetions[C〕//Proc of the ACM CHI’98 Conferenee on Human Faetors in Computing System.New York:ACMPress,1998.
[40] SOURCE A.SANS shanng storage to infinity and beyond:eleetronie design [J].Electronie Design,2004,52(9):50 一 59.
[41] GUMMADI K p,pRADEEp M J,MURTHY C S R.An effieient primary-segmented baekup seheme for dependable real-time communieation in multihop networks[J].IEEE/ACM Transaetions on Net working,2003,11(l):81 一94
[42] 李煜,刘景森.直接匿名证言方案的实现机制与改进思路[J].河南大学学报(自然科学版) 2007 年 3 月第 37 卷第 2 期.195-197.
[43] Schneider B. Applied Crytography: protocols, algorithms, and source code in C,2nd Rev edition. John Wiley,1996.
[44] Zheng Y,Pieprzyk J,Seberry J.HAVAL-A one-way hashing algorithm with variable length of output.Advance in Cryptology-AUSCRYPT’92 Proceedings, Springer Verlag,1993.83-104.
[45] Menezes A J Elliptic curve public key cryptosystems USA Kluwer Academic Publishers,1993.
[46] Ceiticom Corporation Whitepaper Canada Ceiticom Corporation ,1997.
[47] 王育民, 刘建伟. 通信网的安全理论与技术. 西安: 西安电子科技大学, 1999.
[48] Man Young Rhce. Cryptography and secure communications. USA: McGraw-Hill Co,1994.
[49] Xiong Jintao, Liu Hongxiu, Pi Dezhong. Lucas public-key cryptosystem and its security. Journal of University ofElectronic Science and Technology of China, 1999, 28(4): 397-401.
[50] Xiang Qian, Liu Zhao. Simplest accomplishment of arithmetricon Galios fields. Journal of University of Electronic Scienceand Technology of China, 2000, 29(1):5-9.
[51] 张险峰,秦志光,刘锦德. 椭圆曲线加密系统的性能分析[J].电子科技大学学报. 2001.4.144-147.
[2] Anderson,J.P., Computer Security Technology Planning Study,ESD-TR-73-51,ESD/AFSC,Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206];
[3] Trusted Computing Group.Trusted Computing Platform Alliance (TCPA) M a i n S p e c i f i c a t i o n V e r s i o n 1 . 1 b [ E B / O L ] . http://www.trustedcomputinggroup.org,2001
[4] Trusted Computing Group.Specification,ArchitectureOverview,Specification(1.2 Edition)[EB/OL].(2004-04-28).http://www.trusted computinggroup.org.
[5] Brickell E, Camenisch J, Chen L. Direct Anonymous Attestation [A]// Proceedings of the 11th ACM Conference onComputer and Communications Security [C]. ACM Press, 2004:132-145.
[6] Trusted computing group. Trusted computing group design, implementation, and usage principles for TPM-based platforms version 1.0[EB/OL].(2005-01-2 2).http://www. trustedcomputinggroup.org.
[7] N.Koblitz,A.Menezes,S.Vanstone.The state of elliptic curve cryptography. Designs,Codes and Cryptography. 2000,19.
[8] Shanir A.and Fiat A, Method apparatus article for identification and signature, [J] U.S.Patent,31 May 1998.678-698.
[9] Schnorr C.P,Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system U.S.Patent 19,Feb.1991 995-999.
[10] 王育民,刘建伟.通信网的安全―理论与技术.西安:西安电子科技大学出版社,2005.
[11] 林 华, 鲁荣波. 一种基于椭圆曲线密码算法的零知识证明体制[J].福建电脑.2007.2 20-21.
[12] 陈钟,刘鹏,刘欣.可信计算概论[J].信息安全与通信保密. 2003.117-19.
[13] Microsotf.Secuirty Mdoel for the Next—Generation Secure Computing Base[EB/OL].http:// www.micorsoft.com/resource/sngscb/documents ngscb security mode1.doe ,2003.
[14] MAMBO M,USUDA K,OKAMOTO E.Proxy signatures for delegating signing operation [A].proc 3rd ACM Conference on Computer and commmunications Security[c].ACM Press,1996.48-57 .
[15] MAMBO M,USUDA K,OKAMOTO E.Proxy signatures:delegation of the power to sign messages[J].IEICE Trans Fundam,1996,E79-A(9):1338-1354.
[16] LEE B, KIM H, KIM K. Secure mobile agent using strong non-designated proxy signature[A]. Proc of ACISP’2001[C]. 2001.474-486.
[17] LEE B,KIM H,KIM K.Strong proxy signature and its application[A].Proc of ACISP2001[C]. 2001. 603-608.
[18] 王晓明, 符方伟.一种代理多重数字签名方案的安全分析[J].通信学报,2002, 23(4):98-102.
[19] 李继国,曹珍富,李建中,张亦辰.代理签名的现状与进展[J].通信学报,2003.10:114-125.
[20] MENEZES A, OORSCHOT V P, VANSTONE S. Handbook of Applied Cryptography[M].CRC Press,1997.
[21] GAMAGE C, Leiwo J, ZHENG Y. An efficient scheme for secure message transmission using proxy-signcryption[A]. Proceedings of the Twenty Second Australasian Computer Science [C]. 1999.
[22] Chaum D.Blind signatures for untraceable payments[C].Advanced in Cryptology Proc Crypto’82 Springer-Verlag 1983,199-203.
[23] Chaum D,Fiat A,Noar M.Untraceable Elctronic Cash[A].Advances in Cryptology Proceedings[ C]. Berlin : Springer ,1990. 319-327.
[24] Brands S. Untraceable Off2line Cash in Wallets with Observers [A]. Advances in Cryptology Proceedings [C].Berlin :Springer2Veralg ,1994. 302-318.
[25] Abe M,Fujisaki E.How to Date Blind Signatures[A].Advances in Cryptology Proceedings[C]. Berlin : Springer2Verlag ,1996. 244-251.
[26] 彭冰,杨宗凯,谭运猛.盲签名在电子现金中的应用[J].计算机工程与应用.2003,31.
[27] Pointcheval D. Strengthened Security for Blind Signatures[A] . Advances in Cryptology2Eurocryptp89 Proceedings[C] . Berlin : Springer2Verlag , 1998. 391-405.
[28] Schnorr C P. Efficient Identification and Signatures Generation for Smart Cards [A] . Advances in Cryptology2CRYPTOp89 Proceedings[C] . Berlin : Springer2Verlag , 1990. 239-252.
[29] CHAUM D ,HEYST V .Group signatures[A]1Proceedings of EUROCRYPT’91 ,Lecture Notes in Computer Science [C]. Springer2Verlag ,1991 ,547 :257 - 2651.
[30] ATENIESE G1 ,TSUDIK G1Some open issues and new directions in group signatures[ EBPOL ]1http : ∥www1isi1eduP~gtsPpubs1html1
[31] LYSYANSKAYA A ,RAMZAN Z1Group blind digital signatures :A scalable solution to electronic cash[A]1Proceedings of the 2nd Fi2nancial Cryptography Conference[C] . Anguilla ,BWI ,February 98 ,Springer2Verlag ,1998 ,184 - 1971
[32] RAMZAN Z1Group blind signatures a la carte [ EBPOL ]11999 ,http : ∥theory 11cs1mit1 eduP~zulfikar Phome page1html1
[33] TRAORE J1Group signatures and their relevance to privacy2protecting off2line electronic cash systems[J]1Information Security andPrivacy ,Lecture Notes in Computer Science ,1998 ,1587 :228-2431.
[34] CHEN L ,PEDERSEN T1New group signature schemes[A]1Proceedings of EUROCRYPT’94 ,Lecture Notes in Computer Science[C] .Springer2Verlag ,1995 ,950 :171 - 1811
[35] TSENG YM,JAN J K1A novel ID2based group signature11998 International Computer Symposium[A]1Workshop on Gryptology and Information Security[C] .Tainan,1998, 159 - 1641.
[36] 刘明理,渠慎明,马晓.签名匿名性的研究[J].电脑知识与技术.2007,11.741-743.
[37] 刘明理,谢苑,于素萍. 一种基于 TPM 的群签名方案[J].河南轻院学报.2008.2,80-82.
[38] STEVENSR.UNIX network promming , volumel , networking Apls:soeketandXTI[M」.2nded NewYork:PrenrieeHall,1988.
[39] CHRISTEN MG,SMITHM,TAYLOR C R.etal.Evolving video skims into useful multimedia abstraetions[C〕//Proc of the ACM CHI’98 Conferenee on Human Faetors in Computing System.New York:ACMPress,1998.
[40] SOURCE A.SANS shanng storage to infinity and beyond:eleetronie design [J].Electronie Design,2004,52(9):50 一 59.
[41] GUMMADI K p,pRADEEp M J,MURTHY C S R.An effieient primary-segmented baekup seheme for dependable real-time communieation in multihop networks[J].IEEE/ACM Transaetions on Net working,2003,11(l):81 一94
[42] 李煜,刘景森.直接匿名证言方案的实现机制与改进思路[J].河南大学学报(自然科学版) 2007 年 3 月第 37 卷第 2 期.195-197.
[43] Schneider B. Applied Crytography: protocols, algorithms, and source code in C,2nd Rev edition. John Wiley,1996.
[44] Zheng Y,Pieprzyk J,Seberry J.HAVAL-A one-way hashing algorithm with variable length of output.Advance in Cryptology-AUSCRYPT’92 Proceedings, Springer Verlag,1993.83-104.
[45] Menezes A J Elliptic curve public key cryptosystems USA Kluwer Academic Publishers,1993.
[46] Ceiticom Corporation Whitepaper Canada Ceiticom Corporation ,1997.
[47] 王育民, 刘建伟. 通信网的安全理论与技术. 西安: 西安电子科技大学, 1999.
[48] Man Young Rhce. Cryptography and secure communications. USA: McGraw-Hill Co,1994.
[49] Xiong Jintao, Liu Hongxiu, Pi Dezhong. Lucas public-key cryptosystem and its security. Journal of University ofElectronic Science and Technology of China, 1999, 28(4): 397-401.
[50] Xiang Qian, Liu Zhao. Simplest accomplishment of arithmetricon Galios fields. Journal of University of Electronic Scienceand Technology of China, 2000, 29(1):5-9.
[51] 张险峰,秦志光,刘锦德. 椭圆曲线加密系统的性能分析[J].电子科技大学学报. 2001.4.144-147.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |