基於質因數分解難題的前向式安全盲簽章系統

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：94

、訪客IP：3.147.89.105

姓名

蔡靜嫺(Jing-Shian Tsai) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

基於質因數分解難題的前向式安全盲簽章系統
(Forward-Secure Blind Signature Schemes Based on Integer Factorization Problem)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

數位簽章具有鑑定(Authentication)和不可否認(Non-repudiation)的特性。密鑰丟失(Key exposure problem)，這些特性不但會消失，連過去簽署過的簽章也都會失效。前向式安全(Forward security)可以減輕密鑰丟失所帶來的問題。因此，本論文分成兩個部份：首先，針對具有前向式安全的數位簽章系統之發展及相關延伸系統作介紹與整理。第二部份，提出兩個前向式安全盲簽章系統。
目前有許多方法來減輕密鑰丟失所帶來的問題，我們將它們分成以下四類來介紹：前向式安全(Forward security)、應用在配對的前向式安全(Pairing-based forward security)、隔絕密鑰式安全(Key-insulated security)以及耐入侵式安全(Intrusion-resilient security)。(1)前向式安全：著在描述所有系統的架構、重要的想法、目的和安全性分析。(2) 應用在配對的前向式安全：主要描述系統達到前向式安全的結構。(3) 隔絕密鑰式安全和(4) 耐入侵式安全：這兩類著重在描述其目的以及定義。最後，介紹前向式安全、隔絕密鑰式安全和耐入侵式安全這三者彼此間的關係及前向式安全與其他特性簽章系統(例如：門檻值簽章(Threshold signature)、群體式簽章(Group signature)…等)做結合。
盲簽章系統被廣泛的使用在一些財金上的應用，其目的是為了保護使用者的匿名性並提供不可偽造的安性。而前向式安全可以保護在密鑰丟失前的簽章合法性。我們認為針對E-cash 這個應用，盲簽章系統直接關係到金錢，因此盲簽章具有前向式安全是重要而且必須。萬一簽章者的密鑰丟失，過去所有的簽章都會因而不被信任，這對E-cash 中的三個角色(Bank、User and Merchant)都會造成損失。因此，我們在本論文中提出了以Fiat-Shamir 和Ong-Schnorr 盲簽章系統為基礎的兩個基於質因數分解難題的前向式安全盲簽章系統。同時，我們利用亂數神諭模組(Random oracle model)證明所提出的兩個前向式安全盲簽章系統具有前向式安全和匿名的特性。

摘要(英)

In this thesis, we focus on the topic of signature schemes with the forward security. Firstly, a survey of some signature schemes which are devoted to solving the key exposure problem is presented. Secondly, the proposed schemes, forward-secure blind signature schemes are introduced.
There are some ways to solve the key exposure problem. We classify them into four parts. They are the forward security, the pairing-based forward security, the key-insulted security, and the intrusion-resilient security. In the class of the forward security, we put more attention on describing all the evolution, each important key idea, new scheme, and security analysis. At the same time, some well design charts are used to help the readers to catch the whole development. In the class of the pairing-based forward security, we put attention on the structure which are used to achieve the forward security rather than describe each scheme in detail. In the class of the key-insulated security and the intrusion-resilient security, we focus on their purposes and the de¯nitions. Finally, the relationships between the forward
security, the key-insulted security, and the intrusion-resilient security and forward-secure signature schemes with special properties are presented.
The Blind signature which provides the properties of anonymity and unforgeability is employed in many large scale social activities and ¯nancial applications. If signer’’s secret key is compromised, the signature signed before will not be believed again. So, this kind of system will suffer a great loss. Forward-secure property is a security notion to preserve that a compromised current secret key does not help an adversary to forge any signature in some past time period. Therefore, the blind signature with the forward security becomes evidently important and necessary. In this thesis, we present two forward-secure blind signature schemes, which are based on Fiat-Shamir and Ong-Schnorr blind signatures, respectively. We give the proofs of the two forward-secure blind signature schemes with the blindness and forward security.

關鍵字(中)

★ 前向式安全
★ 質因數分解難題
★ 密鑰丟失
★ 盲簽章

關鍵字(英)

★ Forward Security
★ Factoring Problem
★ Key Exposure Problem
★ Blind Signature

論文目次

1 Introduction 1
1.1 Our Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Review of Blind Signature Schemes 6
2.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.1 Provable Security . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.2 Random Oracle Model . . . . . . . . . . . . . . . . . . . . . . 7
2.1.3 Factorization as Hard as Inverting Permutation . . . . . . . . 8
2.2 Introduction to Blind Signature Scheme . . . . . . . . . . . . . . . . . 8
2.2.1 Security of the Blind Signature . . . . . . . . . . . . . . . . . 11
2.2.2 Oracle Replay Attack . . . . . . . . . . . . . . . . . . . . . . . 12
2.2.3 Forking Lemma . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2.4 Witness Indistinguishability . . . . . . . . . . . . . . . . . . . 14
2.3 Two Blind Signature Schemes . . . . . . . . . . . . . . . . . . . . . . 15
2.3.1 Fiat-Shamir Blind Signature Scheme . . . . . . . . . . . . . . 15
2.3.2 Ong-Schnorr Blind Signature Scheme . . . . . . . . . . . . . . 15
2.3.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3 A Survey of Forward-Secure Signature Schemes 19
3.1 Why Forward Security . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2 Overview the Solutions for Key Exposure Problem . . . . . . . . . . . 22
3.3 Forward-Secure Signature Schemes . . . . . . . . . . . . . . . . . . . 27
3.3.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.3.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.4 The Techniques of Forward-Secure Signature Schemes . . . . . . . . . 32
3.4.1 Bellare and Miner's Forward-Secure Digital Signature Scheme 32
3.4.2 Abdalla and Reyzin's Forward-Secure Digital Signature Scheme 34
3.4.3 Krawczyk's Forward-Secure Signature Scheme . . . . . . . . . 36
3.4.4 Itkis and Reyzin's Forward-Secure Signature Scheme . . . . . 39
3.4.5 Malkin et al.'s Forward-Secure Signature Scheme . . . . . . . 45
3.4.6 Kozlov and Reyzin's Forward-Secure Signature Scheme . . . . 50
3.5 Pairing-Based Forward-Secure Signature Schemes . . . . . . . . . . . 54
3.6 Key-Insulated Security . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.7 Intrusion-Resilient Security . . . . . . . . . . . . . . . . . . . . . . . . 61
3.8 Relations between Three Security Notions . . . . . . . . . . . . . . . 65
3.9 Forward-Secure Signature Schemes with Special Properties . . . . . . 67
4 Forward-Secure Blind Signature Schemes Based on Integer Factor-
ization Problem 70
4.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4.2 Preliminaries of the Forward-Secure Blind Signature Scheme . . . . . 72
4.3 Forward-Secure Fiat-Shamir Blind Signature Schemes . . . . . . . . . 74
4.4 Forward-Secure Ong-Schnorr Blind Signature Scheme . . . . . . . . . 82
4.5 Some Further Discussions . . . . . . . . . . . . . . . . . . . . . . . . 84
5 Conclusions 87
5.1 Brief Review of the Main Contribution . . . . . . . . . . . . . . . . . 87
5.2 Further Research Topics and Directions . . . . . . . . . . . . . . . . . 88
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

參考文獻

[1] A. Shamir, How to share a secret," Communications of the ACM, Volume 22,
pp. 612{613, 1979.
[2] D. Chaum, Blind Signatures for Untraceable Payments," Advanced in Cryp-
tology - Crypto'82, pp. 199{203, Plenum, NY, 1983.
[3] D. Chaum, Security without Identi¯cation: Transaction Systems to Make Big
Brother Obsolete," Communications of the ACM, Volume 28, Number 10, pp.
1030{1044, October 1985.
[4] A. Fiat and A. Shamir, How to Prove Yourself: Practical Solutions to Identi-
¯cation and Signature Problems," Advances in Cryptology - Crypto'86, Lecture
Notes in Computer Science 263, pp. 186{194, Springer-Verlag, 1986.
[5] C. GÄunther, An Identity-Based Key Exchange Protocol," Advanced in Cryp-
tology - Eurocrypt'89, Lecture Notes in Computer Science 434, pp. 29{37,
Springer-Verlag, 1989.
[6] D. Chaum, Privacy Protected Payments: Unconditional Payer and/or Payee
Untraceability," In Smartcard 2000, pp. 69{93, 1989.
[7] U. Feige and A. Shamir, Witness Indistinguishable and Witness Hiding Pro-
tocols," In the 22nd Annual ACM Symposium on Theory of Computing, pp.
416{426, 1990.
[8] H. Ong and C.P. Schnorr, Fast Signature Generation with a Fiat-Shamir-Like
Scheme," Advanced in Cryptology - Eurocrypt'90, Lecture Notes in Computer
Science 740, pp. 432{440, Springer-Verlag, 1990.
[9] C.P. Schnorr, E±cient Signature Generation by Smart Cards," Journal of
Cryptology, Volume 4, Number 3, pp. 161{174, 1991.
[10] W. Di±e, P. van Oorschot, and W. Wiener, Authentication and authenticated
key exchanges," Designs, Codes and Cryptography, Volume 2, Number2, pp.
107{125, June 1992.
[11] M. Bellare and P. Rogaway, Random Oracles Are Practical: a Paradigm for
Designing E±cient Protocols," In Proceedings of 1st ACM Conference on Com-
puter and Communications Security, pp. 62{73 , 1993.
[12] S.A. Brands, Untraceable O®-Line Cash in Wallets with Observers," Advanced
in Cryptology - Crypto'93, Lecture Notes in Computer Science 773, pp. 302{318,
Springer-Verlag, 1994.
[13] N. Ferguson, Single Term O®-Line Coins," Advanced in Cryptology -
Crypto'93, Lecture Notes in Computer Science 773, pp. 319{328, Springer-
Verlag, 1994.
[14] D. Pointcheval and J. Stern, Provably Secure Blind Signature Schemes," Ad-
vanced in Cryptology - Asiacrypt'96, Lecture Notes in Computer Science 1163,
pp. 252{265, Springer-Verlag, 1996.
[15] V. Shoup, On the Security of a Practical Identi¯cation Scheme," Advanced in
Cryptology - EUROCRYPT'96 Lecture Notes in Computer Science 1070, pp.
344{353, Springer-Verlag, 1996.
[16] R. Anderson, Two remarks on Public Key Cryptology," Invited Lecture, ACM
- CCS'97, 1997.
[17] E. Fujisaki and T. Okamoto, Statistical Zero Knowledge Protocols to Prove
Modular Polynomial Relations," Advances in Cryptology - Crypto'97, Lecture
Notes in Computer Science 1294, pp. 16{30, Springer-Verlag, 1997.
[18] A. Juels, M. Luby, and R. Ostrovsky, Security of Blind Digital Signatures,"
Advanced in Cryptology - Crypto'97, Lecture Notes in Computer Science 1294,
pp. 150{164, Springer-Verlag, 1997.
[19] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of applied cryp-
tography, CRC Press, 1997.
[20] D. Pointcheval and J. Stern, New Blind Signature Equivalent to Factoriza-
tion," In Proceedings of the 4th ACM Conference on Computer and Communi-
cations Security - CCS'97, pp. 92{99, 1997.
[21] M. Bellare, Practice-Oriented Provable Security," In Lectures on Data Secu-
rity: Modern Cryptology in Theory and Practice, Lecture Notes in Computer
Science 1561, pp. 1{15 Springer-Verlag, 1998.
[22] M. Bellare and S. Miner, A Forward-Secure Digital Signature Scheme," Ad-
vances in Cryptology - Crypto'99, Lecture Notes in Computer Science 1666, pp.
431{448, Springer-Verlag, 1999.
[23] M. Abdalla and L. Reyzin, A New Forward-Secure Digital Signature Scheme,"
Advanced in Cryptology - Asiacrypt'00, Lecture Notes in Computer Science
1976, pp. 116{129, Springer-Verlag, 2000.
[24] R. Cramer and V. Shoup, Signature Schemes Based on the Strong RSA As-
sumption," ACM Transactions on Information and System Security, Volume 3,
Number 3, pp. 161{185, 2000.
[25] H. Krawczyk, Simple Forward-Secure Signatures from Any Signature Scheme,"
In Proceedings of the 7th ACM Conference on Computer and Communications
Security - CCS'00, pp. 108{115, 2000.
[26] D. Pointcheval and J. Stern, Security Arguments for Digital Signatures and
Blind Signatures," Journal of Cryptology, Volume 13, Number 3, pp. 361{396,
Springer-Verlag, 2000.
[27] M. Abdalla, S. Miner, and C. Namprempre, Forward-Secure Threshold Signa-
ture Schemes," Topics in Cryptology - CT-RSA'01, Lecture Notes in Computer
Science 2020, pp. 441{456, Springer-Verlag, 2001.
[28] G. Itkis and L. Reyzin, Forward-Secure Signatures with Optimal Signing and
Verifying," Advances in Cryptology - Crypto'01, Lecture Notes in Computer
Science 2139, pp. 332{354, Springer-Verlag, 2001.
[29] D.X. Song, Practical Forward Secure Group Signature Schemes," In Proceed-
ings of the 8th ACM conference on Computer and communications Security -
CCS'01, pp. 225{234, ACM Press, 2001.
[30] Y. Dodis, J. Katz, S. Xu, and M. Yung, Key-Insulated Public Key Cryp-
tosystems," Advances in Cryptology - Eurocrypt'02, Lecture Notes in Computer
Science 2332, pp. 65{82, Springer-Verlag, 2002.
[31] G. Itkis, Intrusion-Resilient Signatures: Generic Constructions, or Defeating
Strong Adversary with Minimal Assumptions," In Security in Communication
Networks - SCN'02, Lecture Notes in Computer Science 2576, pp. 102{118,
Springer-Verlag, 2002.
[32] G. Itkis and L. Reyzin, Intrusion-Resilient Signatures, or Towards Obsole-
tion of Certi¯cate Revocation," The previous version of SiBIR: Signer-Base
Intrusion-Resilient Signatures.
[33] G. Itkis and L. Reyzin, SiBIR: Signer-Base Intrusion-Resilient Signatures,"
Advances in Cryptology - Crypto'02, Lecture Notes in Computer Science 2442,
pp. 499{514, Springer-Verlag, 2002.
[34] A. Kozlov and L. Reyzin, Forward-Secure Signatures with Fast Key Update,"
In Proceedings of 3rd International Conference on Security in Communication
Networks - SCN'02, Lecture Notes in Computer Science 2576, pp. 341{356,
Springer-Verlag, 2002.
[35] T. Malkin, D. Micciancio, and S. Miner, E±cient Generic Forward-Secure
Signatures with An Unbounded Number of Time Periods," Advances in Cryp-
tology - Eurocrypt'02, Lecture Notes in Computer Science 2332, pp. 400{417,
Springer-Verlag, 2002.
[36] M. Bellare and B. Yee, "Forward-Security in Private-Key Cryptography," Top-
ics in Cryptology - CT-RSA'03, Lecture Notes in Computer Science 2612, pp.
1{18, Springer-Verlag, 2003.
[37] R. Canetti, S. Halevi, and J. Katz, A Forward-Secure Public Key Encryption
Scheme," Advances in Cryptology - Eurocrypt'03, Lecture Notes in Computer
Science 2656, pp. 255{271, Springer-Verlag, 2003.
[38] E. Cronin, S. Jamin, T. Malkin, and P. Mcdaniel, On the Performance, Feasi-
bility, and Use of Forward-Secure Signatures," In Proceedings of the 10th ACM
Conference on Computer and Communications Security - CCS'03, pp. 131{144,
Washington, D.C., 2003.
[39] J. Camenisch and M. Koprowski, Fine-Grained Forward-Secure Signature
Schemes without Random Oracles," In International Workshop on Coding and
Cryptography - WCC'03, 2003.
[40] D.N. Duc, J.H. Cheon, and K. Kim, A Forward-Secure Blind Signature Scheme
Based on the Strong RSA Assumption," In 15th International Conference on
Information and Communications Security - ICICS03, Lecture Notes in Com-
puter Science 2836, pp. 11{21, Springer-Verlag, 2003.
[41] Y. Dodis, J. Katz, S. Xu, and M. Yung, Strong Key-Insulated Signature
Schemes," In Proceedings of the 6th International Workshop on Practice and
Theory in Public Key Cryptography - PKC'03, Lecture Notes in Computer Sci-
ence 2567, pp. 130{144, Springer-Verlag, 2003.
[42] F. Hu, C.H. Wu, and J.D. Irwin, A New Forward Secure Signature Scheme
Using Bilinear Maps," Available at http://eprint.iacr.org/2003/188.
[43] G. Itkis and P. Xie, Generalized Key-Evolving Signature Schemes or How to
Foil An Armed Adversary," In Applied Cryptography and Network Security -
ACNS'03, Lecture Notes in Computer Science 2846, pp. 151{168, Springer-
Verlag, 2003.
[44] J. Zhou, F. Bao, and R. Deng, Validating Digital Signatures without TTP's
Time-Stamping and Certi¯cate Revocation," In Information Security Confer-
ence (ISC'03), Lecture Notes in Computer Science 2851, pp.96{110, Springer-
Verlag, 2003.
[45] J. Zhang, Q. Wu, and Y. Wang, A Novel E±cient Group Signature Scheme
with Forward Security," In International Conference on Information and Com-
munications Security - ICICS'03, Lecture Notes in Computer Science 2836,
pp.292{300, Springer-Verlag, 2003.
[46] N.G. Deleito, O. Markowitch, and E. Dall'Olio, A New Key-Insulated Sig-
nature Scheme," In 6th International Conference on Information and Commu-
nications Security - ICICS'04, Lecture Notes in Computer Science 3269, pp.
465{479, Springer-Verlag, 2004.
[47] B.G. Kang, J.H. Park, and S.G. Hahn, A New Forward Secure Signature
Scheme," Available at http://eprint.iacr.org/2004/183.
[48] Z. Le, Y. Ouyang, J. Ford, and F. Makedon, A Hierarchical Key-Insulated
Signature Scheme in the CA Trust Model," In Information Security - ISC'04,
Lecture Notes in Computer Science 3225, pp. 280{291, Springer-Verlag, 2004.
[49] W. Mao, Modern Cryptography: Theory and Practice, Prentice Hall PTR; 1st
edition, 2004.
[50] T. Malkin, S. Obana, and M. Yung, The Hierarchy of Key Evolving Signa-
tures and a Characterization of Proxy Signatures," Advances in Cryptology -
Eurocrypt'04, Lecture Notes in Computer Science 3027, pp. 306{322, Springer-
Verlag, 2004.
[51] Y. Zhu and Dan Xu, An E±cient Key-Evolving Signature Scheme Based on
Pairing," In Proceedings of the 10th IEEE International Workshop on Future
Trends of Distributed Computing Systems - FTDCS'04, pp. 68{73, 2004.
[52] D.L. Vo and K. Kim, Yet Another Forward Secure Signature from Bilinear
Pairings," In International Conference on Information Security and Cryptology
- ICISC'05, Lecture Notes in Computer Science 3935, pp. 441{455, Springer-
Verlag, 2005.
[53] S. Wang, F. Bao, and B. H. Deng, Cryptanalysis of a Forward Secure Blind
Signature Scheme with Provable Security," In International Conference on In-
formation and Communications Security - ICICS'05, Lecture Notes in Com-
puter Science 3783, pp. 53{60, Springer-Verlag, 2005.
[54] X. Guo, Q. Zhang, and C. Tang, On the Security of Two Key-Updating Sig-
nature Schemes," In Information Security and Privacy - ACISP'05, Lecture
Notes in Computer Science 3574, pp. 506{517, Springer-Verlag, 2005.
[55] Y.P. Lai, and C.C. Chang, A Simple Forward Secure Blind signature Scheme
Based on Master Keys and Blind Signature," In Proceedings of the 19th In-
ternational Conference on Advanced Information Networking and Applications,
IEEE, 2005.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2006-7-17

推文