具有匿名撤銷之匿名憑證系統

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：42

、訪客IP：3.149.214.144

姓名

宋柏麟(Bo-Lin Sung) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

具有匿名撤銷之匿名憑證系統
(An Anonymous Credential Scheme with Revocaiton of Anonymity)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

現今有許多電子互動行為日常生活中廣泛發生，然而，這些行為可能會產生個人隱私洩漏的危害。為了這項目的，匿名憑證系統隨之誕生。匿名憑證系統允許使用者在電子交易行為中同時保護使用者的隱私安全。在匿名憑證系統中，使用者可以從信賴的機構得到一個憑證，進而向服務提供端證明此憑證合法性與滿足服務提供端所需之屬性且過程中不洩漏使用者除了身份外的任何資訊。而現存匿名憑證系統在此步驟通常使用零知識證明來達到保護使用者隱私不被服務提供端所獲取，然而零知識證明的運算量會隨著要證明的屬性數量呈線性成長。此外現存匿名憑證系統也缺乏有效利用的匿名撤銷機制。

在本論文中，我們提出一個有效率且具有匿名撤銷之匿名憑證系統。我們利用指定驗證者簽章伴隨變色龍雜湊函數來取代現存匿名憑證系統所採用的零知識證明進而達到效能的提升。此外我們採用群簽章的概念實現一個實際的匿名撤銷方法進而克服現存匿名憑證系統的缺陷。

摘要(英)

Anonymous credential systems promise efficient, and ubiquitous access
to digital services while preserving user′s privacy.
In an anonymous credential system, a user Alice can obtain credentials from
an organization, and she can prove to the verifier that she has been given
appropriate credentials without revealing any information about her identity.
And the technique of zero-knowledge proof is adopted in existing anonymous
credential systems to protect the attributes from being known by the verifiers.
However, the computation of zero-knowledge proof will increase linearly with
the number of attributes. And the existing anonymous credential systems are
lake of effective revocation approaches.

In this thesis, an efficient anonymous credential system with revocation is
proposed, and the technique of chameleon hash is adopted to replace complex
zero-knowledge proof for performance improvement. In addition, we use the
concept of group signatures to implement a practical approach of revocation
to overcome the disadvantage of existing anonymous credential systems.

關鍵字(中)

★ 匿名憑證
★ 匿名撤銷

關鍵字(英)

★ Anonymous Credential System
★ Revocation
★ Anonymity

論文目次

Contents
1 Introduction 1
1.1 Background and Motivation . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Purpose and Contribution . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Preliminary 5
2.1 The Model of Anonymous Credential System . . . . . . . . . . . . . . 5
2.2 Requirements of Anonymous Credential System . . . . . . . . . . . . 6
2.3 Bilinear Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.4 BB Signatures and BBS+ Signature . . . . . . . . . . . . . . . . . . . 8
2.4.1 BB signature . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.2 BBS+ signature . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.5 ID-based Chameleon Hash . . . . . . . . . . . . . . . . . . . . . . . . 9
2.6 Strong Designated Verifier Signature . . . . . . . . . . . . . . . . . . 11
3 Related Work 15
3.1 Introduction to Anonymous Credentials . . . . . . . . . . . . . . . . . 15
3.2 U-Prove Versus Idemix . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.1 U-Prove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.2 Idemix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3 Revocation and Comparison . . . . . . . . . . . . . . . . . . . . . . . 22
4 The Proposed Anonymous Credential Scheme 27
4.1 Security Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.2 Modified ID-based DVS Scheme . . . . . . . . . . . . . . . . . . . . . 28
4.3 Our Proposed Anonymous Credential Scheme . . . . . . . . . . . . . 30
5 Security Analysis and Performance Comparison 34
5.1 Security Analysis of Proposed Anonymous Credential Scheme . . . . 34
5.2 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
6 Conclusions 40
6.1 Brief Review of Main Contributions . . . . . . . . . . . . . . . . . . . 40
6.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

參考文獻

[1] A. Lysyanskayak, ”Signature Schemes and Applications to Cryptographic Protocol
Design,” PhD thesis, Massachusetts Institute of Technology, 2002.
[2] A. De Santis, G. Di Crescenzo, G. Persiano, and M. Yung, ”On Monotone
Formula Closure of SZK,” Proc. of the 35th Annual Symposium on Foundations
of Computer Science - SFCS ′94, pp. 454--465, 1994.
[3] A. De Santis, G. Di Crescenzo, and G. Persiano, ”Communication-Ecient
Anonymous Group Identication,” Proc. of the 5th ACM Conference on Com-
puter and Communications Security - CCS ′98 pp. 73--82, 1998.
[4] A. Miyaji, M. Nakabayashi, and S. Takano, ”New Explicit Conditions of Elliptic
Curve Traces for FR-Reduction,” IEICE Trans. Fundamentals, Vol. E84-A, No.
5, pp. 1234--1243, 2001.
[5] C. Paquin and S. Brands, ”U-Prove Cryptographic Specification v1.0,” Mi-
crosoft Corporation, 2010.
[6] C. Paquin and G. Zaverucha, ”U-Prove Cryptographic Specification V1.1 (Revision
3),” Microsoft Corporation, 2013.
[7] D. Chaum, ”Blind Signatures for Untraceable Payments,” Proc. of CRYPTO
′83, LNCS 82, pp. 199--203, 1983.
[8] D. Chaum, ”Security without Identication: Transaction systems to Make Big
Brother Obsolete,” Communications of the ACM, Vol. 28, Issue 10, pp. 1030--
1044, 1985.
[9] D. Chaum and E. van Heyst, ”Group Signatures,” Proc. of EUROCRYPT ′91,
LNCS 547, pp. 257--265, 1991.
[10] D. Chaum and H. Van Antwerpen, ”Undeniable Signatures,” Proc. of CRYPTO
′90, LNCS 435, pp. 212--216, 1990.
[11] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, ”Aggregate and Verifiably
Encrypted Signatures from Bilinear Maps,” Proc. of EUROCRYPT ′03, LNCS
2656, pp. 416--432, 2003.
[12] D. Boneh and X. Boyen, ”Short Signatures without Random Oracles,” Proc. of
EUROCRYPT ′04, LNCS 3027, pp. 56--73, 2004.
[13] D. Boneh and H. Shacham, ”Group Signatures with Verifier-Local Revocation,”
Proc. of the 11th ACM conference on Computer and Communications Security
- CCS ′04, pp. 168--177, 2004.
[14] D. Boneh, X. Boyen, and H. Shacham, ”Short Group Signatures,” Proc. of
CRYPTO ′04, LNCS 3152, pp. 41--55, 2004.
[15] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, ”Internet
X.509 Public Key Infrastructure Certicate and Certificate Revocation
List (CRL) Prole,” In RFC 3280, 2008.
[16] D.X. Song, ”Practical Forward Secure Group Signature Schemes,” Proc. of the
8th ACM conference on Computer and Communications Security - CCS ′01,
pp. 225--234, 2001.
[17] E. R. Verheul, ”Self-Blindable Credential Certificates from the Weil Pairing,”
Proc. of ASIACRYPT ′01, LNCS 2248, pp. 533--551, 2001.
[18] G. Ateniese, D. Song, and G. Tsudik, ”Quasi-Ecient Revocation of Group Signatures,”
Proc. of the 6th International Conference on Financial Cryptography
- FC ′02, LNCS 2357, pp. 183--197, 2002.
[19] G. Ateniese and B. de Medeiros, ”Identity-Based Chameleon Hash and Applications,”
Proc. of the 8th International Conference on Financial Cryptography
- FC ′04, LNCS 3110, pp. 164--180, 2004.
[20] G. Frey, M. Muller, and H. Ruck. ”The Tate Pairing and the Discrete Logarithm
Applied to Elliptic Curve Cryptosystems,” IEEE Transactions on Information
Theory, Vol. 45, Issue. 5, pp. 1717--1718, 1999.
[21] H. Krawczyk and T. Rabin, ”Chameleon Hashing and Signatures,” Proc. of
NDSS ′00, pp. 143--154, 2000.
[22] J. Camenisch and A. Lysyanskaya, ”An Efficient System for Non-transferable
Anonymous Credentials with Optional Anonymity Revocation,” Proc. of EU-
ROCRYPT ′01, LNCS 2045, pp. 93--118, 2001.
[23] J. Camenisch and A. Lysyanskaya, ”Dynamic Accumulators and Application to
Efficient Revocation of Anonymous Credentials,” Proc. of CRYPTO ′02, LNCS
2442, pp. 61--76, 2002.
[24] J. Camenisch and E. Van Herreweghen, ”Design and Implementation of the
Idemix Anonymous Credential System,” Proc. of the 9th ACM Conference on
Computer and Communications Security - CCS ′02, pp. 1030--1044, 2002.
[25] J. Benaloh and M. de Mare, ”One-way Accumulators: A Decentralized Alternative
to Digital Signatures,” Proc. of EUROCRYPT ′93, LNCS 4948, pp. 274--
285, 1993.
[26] J. Camenisch, M. Kohlweiss, and C. Soriente, ”An Accumulator Based on Bilinear
Maps and Efficient Revocation for Anonymous Credentials,” Proc. of PKC
′09, LNCS 5443, pp. 481--500, 2009.
[27] J. Camenisch, M. Kohlweiss, and C. Soriente, ”Solving Revocation with Effi-
cient Update of Anonymous Credentials,” Proc. of the 7th International Con-
ference on Security and Cryptography for Networks - SCN ′10, LNCS 6280,
pp. 454--471, 2010.
[28] M. Jakobsson, ”Blackmailing Using Undeniable Signatures,” Proc. of EURO-
CRYPT ′94, LNCS 950, pp.425--427, 1994.
[29] M. Naor, ”On Cryptographic Assumptions and Challenges,” Proc. of CRYPTO
′03, LNCS 2729, pp. 96--109, 2003.
[30] M. Bellare and P. Rogaway, ”Random Oracles are Practical: A Paradigm for
Designing Efficient Protocols,” Proc. of the 1th ACM Conference on Computer
and Communications Security - CCS ′93, pp. 62--73, 1993.
[31] M. Jakobsson, K. Sako, and R. Impagliazzo, ”Designated Verifier Proofs and
their Applications,” Proc. of EUROCRYPT ′96, LNCS 1070, pp. 143--154, 1996.
[32] M.H. Au, W. Susilo, and Y. Mu, ”Constant-Size Dynamic k-TAA,” Proc. of
the 5th International Conference on Security and Cryptography for Networks -
SCN ′06, LNCS 4116, pp. 111--125, 2006.
[33] P. Persiano and I. Visconti, ”An Anonymous Credential System and a Privacy-
Aware PKI,” Proc. of the 8th Australasian Conference on Information Security
and Privacy - ACISP ′03, LNCS 2727, pp. 27--38, 2003.
[34] P.P. Tsang, M.H. Au, A. Kapadia, and S.W. Smith, ”Blacklistable Anonymous
Credentials: Blocking Misbehaving Users without TTPS,” Proc. of the
14th ACM Conference on Computer and Communications Security - CCS ′07,
pp. 72--80, 2007.
[35] S. Brands, ”Rethinking Public Key Infrastructure and Digital Certicates
Building in Privacy,” PhD thesis, Eindhoven Institute of Technology, 1999.
[36] S. Brands, L. Demuynck, and B. De Decker, ”A Practical System for Globally
Revoking the Unlinkable Pseudonyms of Unknown Users,” Proc. of the 12th
Australasian Conference on Information Security and Privacy - ACISP ′07,
LNCS 4586, pp. 400--415, 2007.
[37] Security Team, Computer Science Dept, ”Specication of the Identity Mixer
Cryptographic Library,” IBM Research, Zurich, 2009.
[38] T. Nakanishi and N. Funabiki, ”Verifier-Local Revocation Group Signature
Schemes with Backward Unlinkability from Bilinear Maps,” Proc. of ASI-
ACRYPT ′05, LNCS 3788, pp. 533--548, 2005.
[39] T. Nakanishi, H. Fujii, Y. Hira, and N. Funabiki, ”Revocable Group Signature
Schemes with Constant Costs for Signing and Verifying,” Proc. of PKC ′09,
LNCS 5443, pp. 463--480, 2009.
[40] V. Miller. ”The Weil Pairing, and Its Efficient Calculation,” Journal of Cryp-
tology, Vol. 17, No. 4, pp. 235--261, 2004.
[41] W. Susilo, F. Zhang, and Y. Mu, ”Identity-Based Strong Designated Verifier
Signature Schemes,” Proc. of the 9th Australasian Conference on Information
Security and Privacy - ACISP ′04, LNCS 3108, pp. 313--324, 2004.
[42] Y. Desmedt and M. Yung, ”Weaknesses with Undeniable Signature Schemes,”
Proc. of EUROCRYPTO ′91, LNCS 547, pp. 205--220, 1991.
[43] Y. Desmedt, C. Goutier, and S.Bengio, ”Special Uses and Abuses of the Fiat-
Shamir Passport Protocol,” Proc. of CRYPTO ′87, LNCS 293, pp. 21--39, 1987.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2014-11-24

推文