 |
|
|
|
以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:5 、訪客IP:3.134.81.206
姓名 洪崇倍(Chung-Pei Hung ) 查詢紙本館藏 畢業系所 資訊工程研究所 論文名稱 多種數位代理簽章之設計
(On the Design of Proxy Signatures)相關論文 檔案 [Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
- 本電子論文使用權限為同意立即開放。
- 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
- 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
摘要(中) 數位代理簽章的概念,早在1994年即由顏博士嵩銘在其博士論文中已然提出。而後,日本學者滿保(MAMBO),臼田(USUDA),及岡本 (OKAMOTO)在1996年更一步的提出其做法及詳述完整的數位代理簽章的觀念。所謂的數位代理簽章,簡單的說,即是一個原始簽章者可以指定一個或多個代理簽章者來完成簽署數位簽章的工作。
到目前為止,授權數位代理簽章的方式上有以下五種:1. Full delegation,2. Partial delegation,3. Delegation by warrant,4. Partial delegation with warrant,及 5. Threshold delegation。每種不同型態的代理授權方式均有不同的安全性考量及要求。一般來說,partial delegation with warrant 的數位代理簽章同時具有高效率的驗證法及以合理有效的方式來規範其代理權。另外delegation by warrant 授權方式則具有可以以傳統的數位簽章來完成實作的特點。總而言之,每一種數位代理簽章的代理授權方式均有其優缺點及實作上的限制。
直到如今,在許多的文獻中已經可以找到不少的相關研究成果。本論文的第三章,將會對這些已經提出的數位代理簽章進行系列性的廣泛研究。然後將 partial delegation 和 partial delegation with warrant 所需的代理簽章金鑰 (proxy signing key) 產生函式完成其正規化形式。之後,再利用此一正規化格式的代理金鑰產生函式,將可以得到新穎的,同時也是安全又有效率的數位代理簽章 Meta-Proxy signature scheme。
基於Delegation by warrant的特性,一種具有高效率驗證方式的數位代理簽章將會在第四章中討論。此數位代理簽章運用一種變形的驗證方式,稱之為 “combined verification”,用來減少驗證數位代理簽章時所需的指數次方的計算量。
在大多數的代理簽章法中,可以利用一委任書(warrant)來限制代理簽章者的委任期限。一般而言,在委任書中會記綠有原始簽章者的識別碼,代理簽章者的識別碼,以及所委任代理的期限等相關資訊。然而在委任代理的期間內,代理簽章者可任意簽署所有的文件,甚至是該所簽署的文件將無法被原始簽章者所接受。因此,如何發展一套可以規範代理簽章者的行為(例如限制代理簽章者所能簽署的文件量)的數位代理簽章是一個相當重要的研究課題。在第五章中提出一種可以限制簽署次數的數位代理簽章,可以讓原始簽章者授權委任代理簽章者簽署某一數量的數位代理簽章。
在上述劇情中,當代理簽章者違背其原始簽章者所定的行為規範時,數位代理簽章本身應該具有某種型式的罰則來處罰代理簽章者。例如,不誠實的代理簽章者的秘密金鑰將會被原始簽章者所推導出來,甚至是任意的第三者(由顏博士在1994年其博士論文中所提出)。然而在本論文中所提的可限制次數的數位代理簽章無法達到此項要求,造成當不誠實的代理簽章者所簽的代理簽章超過所預設的數量時,仍無法推導出該代理簽章者的秘密金鑰。不過由某一代理簽章者所簽署的代理簽章仍舊是可以被追?統計的。摘要(英) The design of proxy signature was first considered in 1996
by Mambo, Usuda, and Okamoto. In a proxy signature scheme, an
original signer can delegate one or more proxy signers to sign on behalf of the original signer. The concept of proxy signature was been independently posed out by Yen in 1994 in his Ph.D. thesis.
Up to now, there are five categories of proxy delegation have
been proposed, named as fully delegation, partial delegation, delegation by warrant, partial delegation with warrant, and threshold delegation. Each type of proxy delegation has its security assumption and properties.
Generally speaking, the partial delegation with warrant is
the most efficient scheme, and provides a reasonable way to
regulate the delegation. The advantage of delegation by
warrant is that it can be implemented by an ordinary signature
scheme without any modification. Each kind of proxy signature
scheme has its merit and limitation.
Till now, a lot of related works can be found in the literature. In Chapter 3, a survey on those schemes is done in this thesis and we try to formalize the generation
function of proxy signing key for both partial delegation and partial delegation with warrant. Then, a Meta-proxy signature scheme is obtained.
In Chapter 4, an efficient proxy signature scheme in the form of delegation by warrant is proposed. It is shown that the scheme is more efficient for some variations with a special feature of it combined verification.
In most conventional situations, it can restrict the proxy
delegate within a permitted period by using a delegation warrant. In the warrant, the proxy signer's ID, original signer's ID, and delegation period are included. However, a proxy signer can sign on any number of messages at any time. It is an important issue on how to develop a proxy signature scheme that can restrict the proxy signer's behavior, for example to sign for a number of times. In Chapter 5, a proxy signature scheme with time limitation will be suggested. It enables an original signer to delegate a proxy signer to sign for a predetermined number of times.
In the scenario, there should be some penalty for the proxy
signer when she/he breaks the rule of the delegation. For
example, the original signer (or even anyone) can derive the
secret key of the dishonest proxy signer as suggested by Yen in
1994. However, the proposed scheme in this thesis cannot reach the above requirement. Thus, even if the proxy signer had broken the rule of delegation, no one can derive the secret key of proxy signer. However, the number of proxy signatures signed can be countable and traceable.關鍵字(中) ★ 代理簽章
★ 數位代理簽章
★ 數位簽章關鍵字(英) ★ Cryptogrpahy
★ Delegation
★ Digital Signature
★ Proxy Delegated
★ Proxy Signature
★ Signature
★ Time-Limitaion論文目次 1 Introduction . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . 1
1.2 Classification of Proxy Signatures . . . . . . . . . 3
1.2.1 Types of proxy delegation . . . . . . . . . . . 3
1.2.2 Types the proxy function . . . . . . . . . . . 4
1.3 Requirements of Proxy Signature . . . . . . . . . . . 5
1.4 Problems of Impersonation . . . . . . . . . . . . . 6
1.5 Overview of the Thesis . . . . . . . . . . . . . . . 7
2 Review of the Previous Works . . . . . . . . . . . . . . 9
2.1 Mambo-Usuda-Okamoto Scheme . . . . . . . . . . . . . 10
2.1.1 Review of the Mambo-Usuda-Okamoto scheme . . . 10
2.1.2 Remarks on a forgery attack . . . . . . . . . . 11
2.2 Sun-Hsieh Scheme . . . . . . . . . . . . . . . . . . 12
2.2.1 Brief review of the Sun-Hsieh scheme . . . . . 12
2.2.2 A forgery attack . . . . . . . . . . . . . . . 13
2.3 Yen-Hung-Lee Scheme . . . . . . . . . . . . . . . . . 14
2.3.1 Review of the Yen-Hung-Lee scheme . . . . . 14
2.3.2 Security analysis . . . . . . . . . . . . . 15
3 Meta-Proxy Signature Scheme of
Partial Delegation with Warrant 17
3.1 Generation Type . . . . . . . . . . . . . . . . . . . 17
3.1.1 Basic proxy signature scheme . . . . . . . . . 17
3.1.2 Meta equation . . . . . . . . . . . . . . . . . 18
3.2 Security Considerations . . . . . . . . . . . . . . 19
3.2.1 Public key updating attack . . . . . . . . . . 19
3.2.2 Delegation forgery attack . . . . . . . . . . . 20
3.3 Construct Flow . . . . . . . . . . . . . . . . . . . 20
3.3.1 Types of equation . . . . . . . . . . . . . . . 21
3.3.2 Choice of generate function f and g . . . . . . 21
3.3.3 Secure consideration of generate functions . . 23
3.4 Cryptanalysis of Each Type . . . . . . . . . . . . . 24
3.4.1 Type MP I : Partial delegation . . . . . . . . 24
3.4.2 Type MW I : Partial delegation with warrant . . 25
3.4.3 Type MW II : Partial delegation with warrant . 26
3.4.4 Type MW IIa : Partial delegation with warrant . 27
3.4.5 Type MW VII : Partial delegation with warrant . 27
3.5 Summary . . . . . . . . . . . . . . . . . . . . . . . 28
4 Proxy Signature Scheme of Delegation by Warrant 29
4.1 Basic Scheme . . . . . . . . . . . . . . . . . . . . 29
4.1.1 Proposed Basic Scheme . . . . . . . . . . . . . 29
4.1.2 Efficient analysis and discussion . . . . . . . 30
4.2 Variation Scheme . . . . . . . . . . . . . . . . . . 31
4.2.1 Proposed variation scheme . . . . . . . . . . . 31
4.2.2 Efficiency analysis and discussion . . . . . . 32
4.3 Security Analysis . . . . . . . . . . . . . . . . . . 33
4.3.1 Security of the signature . . . . . . . . . . . 33
4.3.2 Security of the combined verification . . . . . 34
4.4 Summary . . . . . . . . . . . . . . . . . . . . . . . 36
5 Proxy Signature Scheme with Time Limitation 37
5.1 Previous Works . . . . . . . . . . . . . . . . . . . 37
5.2 The Proposed Proxy Signature Scheme . . . . . . . . . 38
5.2.1 Proxy signature with limited delegation . . . . 38
5.3 Sequence Linking Signature Scheme . . . . . . . . . . 39
5.3.1 Discussions . . . . . . . . . . . . . . . . . 40
5.4 Security Analysis . . . . . . . . . . . . . . . . . . 41
5.4.1 Forgery attack analysis . . . . . . . . . . . . 41
5.4.2 Secret key recovery attack analysis . . . . . . 42
5.5 Summary . . . . . . . . . . . . . . . . . . . . . . . 42
6 Conclusions 43
6.1 Brief Review of Main Contributions . . . . . . . . . 43
6.2 Further Research Topics and Directions . . . . . . . 44
A Symmetric Atomic Proxy Signature Scheme 45
A.1 Atomic Proxy Signature Based on
ElGamal Type Signature Scheme . . . . . . . . . . . . 46
A.1.1 Review the ElGamal Types signature scheme . . . 46
A.1.2 Symmetric proxy function . . . . . . . . . . . 46
A.2 Atomic Proxy Signature Based on
Schnorr Signature Scheme . . . . . . . . . . . . . . 47
A.2.1 Review the Schnorr signature scheme . . . . . . 47
A.2.2 Symmetric proxy function . . . . . . . . . . . 47
A.3 Concluding Remarks . . . . . . . . . . . . . . . . . 48參考文獻 [1] M. Ballare, J.A. Caray, and T. Rabin, “Fast Batch Verification for Modular
Exponentiation and digital signatures,” In Advances in Cryptology Eurocrypt ’98
(EUROCRYPT’98), Lecture Notes in Computer Science. Vol. 1403, Springer-
Verlag, pp.236-250.
[2] M. Blaze, g. Bleumer, and M. Strauss, “Divertible prorocols and atomic proxy
cryptography,” In Advances in Cryptology Eurocrypt ’98 (EUROCRYPT’98),
Lecture Notes in Computer Science, Vol. 1403, Springer-Verlag, pp.127-144.
[3] C. Boyd and C. Pavlovski, “Attacking and Repairing Batch Verification
Schemes,” In Advances in Cryptology Aslacrypt 2000 (ASIACRYPT 2000),
Lecture Notes in Computer Science, Vol. 1976, Springer-Verlag, pp.58-71.
[4] T. ElGamal, “A public key cryptosystem and a signature scheme based on dis-
crete logarithms,” IEEE Trans. Inf. Theory vol.IT-31, no.4, pp.469—472, 1985.
[5] FIPS 180-1, “Secure Hash Standard,” NIST, US Department of Commerce,
Washington D.C., April 1995.
[6] S. Goldwasser, S. Micali, and R. Rivest, “A digital signature scheme secure
against adaptive chosen-message attacks,” SIAM journal of computing, Vol. 17,
No. 2, pp. 281-308 (April 1998)
[7] P. Horster, M. Michels, and H. Petersen, “Meta-ElGamal signature schemes,”
Technical Report TR-94-5, Department of Computer Science, University of
Technology Chenmitz-Zwickau, May 1994.
[8] S. Kim, S. Park, and D. Won, “Proxy signatures, revisited,” In Information and
Communications Security (ICICS ’97), Lecture Notes in Computer Science, Vol
1334, Springer-Verlag, pp.223—232, 1997.
[9] N.Y. Lee, T. Hwang, and C.H. Wang, “ On Zhang’s nonrepudiable proxy signa-
ture scheme,” In Advanecs in Cryptology ASICCRYPT’98 (ACISP 98), Lecture
Notes in Computer Science, Vol. 1438, springer-verlag, pp.415-422.
[10] M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures: Delegation of the
power to sign messages,” IEICE Trans. Fundamentals vol.E79-A, no.9, pp.1338—
1354, 1996.
[11] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of applied cryp-
tography, CRC Press, 1997.
[12] K. Nyberg, “Comment New Sigital signature Based on Discrete Logrithm,”
Electronic Letters, vol. 30, No. 6, page 481 (Mar. 1994).
[13] K. Nyberg and R. A. Rueppel, “ A new signature scheme based on the DSA
giving message recovery,” Proc. 1st ACM conference on Computer and Commu-
nications Security, Number3-5, Fairfax, Virginia, 1993
[14] T. Okamoto, M. Tada, and E. Okamoto, “Extended proxy signature for Smart
Card,” In Information security : Second International Workshop (ISW 99), Lec-
ture Notes in Computer Science, Vol. 1729, springer-verlag, pp.247-258.
[15] R. Rivest, “The MD5 message digest algorithm,” RFC 1321, Apr. 1992.
[16] R.L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signa-
tures and public-key cryptosystem,” Commun. of ACM, Vol.21, No.2, pp.120—
126, 1978.
[17] C.P. Schnorr, “Efficient identification and signatures for smart cards,” In Proc.
of Crypto ’89, Lecture Notes in Computer Science, Vol 435, Springer Verlag,
pp.239—252, 1990.
[18] H.M. Sun, “ On Proxy (Multi-) Signature schemes,” In Proceedings of the 2000
International Computer Symposium, workshop on Cryptology and Information
Security, Chiayi, Taiwan, December, 2000, pp.65-72.
[19] H.M. Sun and B.T. Hsieh, “Remarks on two nonrepudiable proxy signature
schemes,” In Proceedings of the 9th National Conference on Information Secu-
rity, 1999, pp.241—246.
[20] Y. Yacobi, M. Beller, “Batch Diffe-Hellman Key Agreement Systems and their
Application to Portable Communications,” Proceedings of Eurocrypt 92, Vol.
658, pp.208-217, 1992.
[21] S.M. Yen, C.P. Hung, and Y.Y. Lee, “ Remark on Some Proxy Signature
Scheme,” In Proceedings of the 2000 International Computer Symposium, work-
shop on Cryptology and Information Security, Chiayi, Taiwan, December, 2000,
pp.54-60.
[22] S.M. Yen and C.S. Laih, “Improved Digital Signature suitable for Batch Ver-
ification.” IEEE Transcations on computers, Vol. 44, No. 7, pp 957-959 (July
1995)
[23] S.M. Yen, C.S. Laih, and A.K. Lenstra, “Multi-exponentiation,” IEE proceed-
ing, Part E: Computers and Digital Techniques, Vol. 141, No. 6, pp.325-326,
1994
[24] S.M. Yen, “Design and Computation of the Public Key Cryptosystem,” ph.D.
thesis of Department of the Electrical Engineering, National Cheng Kung Uni-
versity, Taiwan, Apr. 1994
[25] S.M. Yen and C.S. Laih, “New Digital Signature Scheme Based on Discrete
Logrithm,” Electronics Letters, Vol. 29, No. 12, pp. 1120-1121 (1993).
[26] K. Zhang, “Threshold proxy signature schemes,” In 1997 information security
workshop, Japan, Sep., 1997, pp. 191-197.
[27] K. Zhang, “Nonrequdiable proxy signatures,” Manuscript, 1997, available on-
line at http://www.cl.cam.ac.uk/users/kz200/指導教授 顏嵩銘(Sung-Ming Yen) 審核日期 2001-6-29 推文 plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
網路書籤 Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit