以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:26 、訪客IP:3.144.254.254
姓名 謝杰泰(Chieh-Tai Shieh) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱 公平的多人並存簽章系統
(Fair Multi-party Concurrent Signatures)相關論文 檔案 [Endnote RIS 格式] [Bibtex 格式] [相關文章] [文章引用] [完整記錄] [館藏目錄] [檢視] [下載]
- 本電子論文使用權限為同意立即開放。
- 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
- 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
摘要(中) 隨著網路上電子商務的蓬勃發展,保證交易者雙方公平性的議題,也是越來越被重視,而在進行交易的協定中,必須要避免任何交易方利用不當的行為進行圖利。因此,在近二十年裡,公平電子交易協定的研究被大量的討論。但在早期的研究裡,為了達到公平性,必須假設交易雙方的設備擁有相近的計算能力,或是加入一個可信任第三者(Trusted Third Party)。
「並存簽章系統(Concurrent Signature Scheme)」的概念由Chen,Kulda,與Paterson在2004年歐洲密碼會議所提出。此概念試圖達到公平電子交易協定的類似概念,並使之不需要假設交易雙方的設備擁有相近的計算能力或是可信任第三者的存在。在Chen-Kulda-Paterson的系統中,交易雙方的簽章在額外的資訊(keystone)尚未公佈以前,都是不具有任何效力。
以往前人所提的並存簽章系統中,只能處理交易者人數在兩人的情況。直到2006年國際資訊安全會議,才由Tonien,Susilo,與Safavi-Naini提出第一個適用於多人的並存簽章系統。但本論文將指出Tonien等人系統上的缺陷,並說明Tonien等人的系統並未達到並存簽章的真正目的。此外,本論文將提出一個公平的多人並存簽章系統。此系統除了有達到原本並存簽章的真正目的外,還提供了在交易者間更公平,更有彈性的性質。摘要(英) With the growth of electronic commerce, issues of guaranteeing fairness between the transactors through the Internet is more and more important and the protocol of transactions should avoid any involved party to take advantage of other parties via improper behavior. Hence, the research on fair exchange protocols was extensively developed in the last twenty years. But in early works, the fairness relies on the assumption that either both parties have comparable computing power or a trusted third party is involved.
The concept of concurrent signature was introduced by Chen, Kudla, and Paterson at Eurocrypt 2004. A concurrent signature attempts to provide the similar functionality of a fair exchange without assuming the existence of a trusted third party or comparable computing power of the two parties. In the Chen-Kudla-Paterson scheme, the signatures signed by the two parties remain ambiguous
until the additional information {em keystone} is released.
The previous scheme only handles two participants in a transaction. At ISC 2006, Tonien, Susilo, and Safavi-Naini proposed the first multi-party concurrent signature scheme. In this thesis, it will be pointed out that the multi-party concurrent signature scheme proposed by Tonien {it et al.} does not achieve the goal of a concurrent signature. Furthermore, a fair multi-party concurrent
signature scheme will be proposed. It not only achieves the goal of a concurrent signature but also provides a fairer property and flexibility in a transaction.關鍵字(中) ★ 並存簽章
★ 環簽章
★ 公平交易關鍵字(英) ★ Ring signature
★ Fair exchange
★ Concurrent signature論文目次 1 Introduction 1
1.1 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Preliminary of Fair Exchange and Concurrent Signatures 4
2.1 Classification of Fair Exchange Protocols . . . . . . . . . . . . . . . . 4
2.2 Concept of Concurrent Signature Scheme . . . . . . . . . . . . . . . . 5
2.3 Classification of Concurrent Signature Schemes . . . . . . . . . . . . 6
2.3.1 Two-party concurrent signatures . . . . . . . . . . . . . . . . 6
2.3.2 Multi-party concurrent signatures . . . . . . . . . . . . . . . . 7
2.4 Introduction to Three Basic Signature Schemes . . . . . . . . . . . . 8
2.4.1 Probabilistic RSA signature scheme . . . . . . . . . . . . . . . 8
2.4.2 Schnorr signature scheme . . . . . . . . . . . . . . . . . . . . . 9
2.4.3 Schnorr-like signature scheme . . . . . . . . . . . . . . . . . . 9
2.5 Introduction to Bilinear Pairing . . . . . . . . . . . . . . . . . . . . . 10
3 Review of Concurrent Signature Schemes 12
3.1 Concurrent Signature Scheme . . . . . . . . . . . . . . . . . . . . . . 12
3.1.1 Generic algorithms of concurrent signature scheme . . . . . . . 12
3.1.2 Protocol of concurrent signature scheme . . . . . . . . . . . . 13
3.1.3 A concrete concurrent signature scheme . . . . . . . . . . . . . 14
3.1.4 Primary property of concurrent signature scheme . . . . . . . 16
3.2 Perfect Concurrent Signature Scheme . . . . . . . . . . . . . . . . . . 16
3.2.1 Wang et al.’s perfect concurrent signature scheme . . . . . . . 17
3.2.2 Primary property of perfect concurrent signature scheme . . . 18
3.3 Asymmetric Concurrent Signature Scheme . . . . . . . . . . . . . . . 18
3.3.1 Promises of Schnorr and Schnorr-like signatures . . . . . . . . 19
3.3.2 Generic algorithms of asymmetric concurrent signature scheme 19
3.3.3 Protocol of asymmetric concurrent signature scheme . . . . . . 21
3.3.4 A concrete asymmetric concurrent signature scheme . . . . . . 21
3.3.5 Primary property of asymmetric concurrent signature scheme 23
3.4 Multi-party Concurrent Signature Scheme . . . . . . . . . . . . . . . 23
3.4.1 Algorithms of multi-party concurrent signature scheme . . . . 23
3.4.2 Protocol of multi-party concurrent signature scheme . . . . . . 25
3.4.3 Drawbacks of multi-party concurrent signature scheme . . . . 26
4 Fair Multi-party Concurrent Signature Scheme 28
4.1 Generic Definitions of Fair Multi-party Concurrent Signatures . . . . 30
4.1.1 Algorithms of fair multi-party concurrent signature . . . . . . 30
4.1.2 Protocol of fair multi-party concurrent signature . . . . . . . . 31
4.1.3 Security definition . . . . . . . . . . . . . . . . . . . . . . . . 31
4.2 Concrete Fair Multi-party Concurrent Signature Schemes . . . . . . . 32
4.2.1 The case of all RSA signatures . . . . . . . . . . . . . . . . . . 32
4.2.2 The case of all Schnorr signatures . . . . . . . . . . . . . . . . 33
4.2.3 The case of mixture signatures: RSA and Schnorr . . . . . . . 35
4.3 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3.1 Correctness analysis . . . . . . . . . . . . . . . . . . . . . . . 35
4.3.2 Unforgeability analysis . . . . . . . . . . . . . . . . . . . . . . 35
4.3.3 Ambiguity analysis . . . . . . . . . . . . . . . . . . . . . . . . 36
4.3.4 Concurrency analysis . . . . . . . . . . . . . . . . . . . . . . . 36
4.3.5 Fairness analysis . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.3.6 Discussions of security analysis . . . . . . . . . . . . . . . . . 37
4.4 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.5 Modification of Two-party Case by Wang et al.’s Method . . . . . . . 38
4.5.1 Modificaion of two-party case protocol . . . . . . . . . . . . . 38
4.5.2 Comparisons with previous two-party concurrent signature
schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5 Conclusions 42
5.1 Review of Main Contributions . . . . . . . . . . . . . . . . . . . . . . 42
5.2 FutureWorks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Bibliography 45參考文獻 [1] O. Goldreich, “A simple protocol for signing contracts,” Advances in Cryptology
- CRYPTO 1983 LNCS, pp.133–136, Springer-Verlag, 1983.
[2] S. Even, O. Gorldreich, and A. Lempel, “A randomized protocol for signing
contracts,” Communications of the ACM, vol. 28(6), pp.637–647, 1985.
[3] E. F. Brickell, D. Chaum, I.B. Damg°ard, and J. van de Graaf, “Gradual and
verifiable release of a secret,” Advances in Cryptology - CRYPTO 1987, pp.156–
166, 1987.
[4] R. Cleve, “Controlled gradual disclosure schemes for random bits and their
applications,” Advances in Cryptology - CRYPTO 1989, LNCS 435, pp.573–
588, Springer-Verlag, 1990.
[5] I. B. Damg°ard, “Practical and provably secure release of a secret and exchange
of signatures,” Advances in Cryptology - EUROCRYPT 1993, LNCS, pp.200–
217, Springer-Verlag, 1994.
[6] D. Boneh, and M. Naor, “Timed commitments (extended abstract),” Advances
in Cryptology - CRYPTO 2000, LNCS 1880, pp.236–254, Springer-Verlag, 2002.
[7] M. K. Franklin and M. K. Reiter, “Fair exchange with a semi-trusted third
party,” Proc. of the 4th ACM Conference on Computer and Communications
Security, pp.1–5, 1997.
[8] B. Pfizmann, M. Schunter, and M. Waidner, “Optimal efficiency of optimistic
contract signing,” Proc. of the 17th Annual ACM Symposium on Principles of
Distributed Computing, pp.113–122, 1998.
[9] N. Asokan, V Shoup, and M. Waidner, “Optimistic fair exchange of signature,”
Advances in Cryptology - ASIACRYT 2002, LNCS 2501, pp.415–432, Springer-
Verlag, 1998.
[10] J. Garay, M. Jakobsson, and P. MackKenzie, “Abuse-free optimistic contract
signing,” Advances in Cryptology - CRYPTO 1999, LNCS 1666, pp.449–466,
Springer-Verlag, 1999.
[11] B. Baum-Waidner and M. Waidner, “Round-optimal and abuse free optimistic
multi-party contract signing,” Proc. of Automata, Languages and Programming,
pp.524–535, 2000.
[12] M. Abadi, N. Glew, B. Horne, and B. Pinkas, “Certified e-mail with a light
on-line trusted third party: design and implementation,” Proc. of the 11th
International World Wide Web Conference, WWW 2002, Honolulu, Hawaii,
USA, May 2002.
[13] J. Park, E. Chong, and H. Siegel, “Constructing fair exchange protocols for
e-commerce via distributed computation of RSA signatures,” Proc. of the 22nd
Annual ACM Symposium on Principles of Distributed Computing, pp.172–181,
2003.
[14] Y. Dodis, and L. Reyzin, “Breaking and repairing optimistic fair exchange from
PODC 2003,” ACM Workshop on Digital Rights Management (DRM), 2003.
[15] R.L. Rivest, A. Shamir, and Y. Tauman, “How to leak a secret,” Advances in
Cryptology - ASIACRIPT 2001, LNCS 2248, pp.552–565, Springer-Verlag 2001.
[16] M. Abe, M. Ohkubo, and K. Suzuki, “1-out-of-n signatures from a variety of
keys,” Advances in Cryptology - ASIACRYPT 2002, LNCS 2501, pp.415–432,
Springer-Verlag, 2002.
[17] M. Jackobsson, K. Sako, and R. Impagliazzo, “Designated verifier proofs and
their applications,” Advances in Cryptology - EUROCRYPT 1996, LNCS 1070,
pp.143–154, Springer-Verlag, 1996.
[18] C.P. Schnorr, “Efficient identification and signatures for smart cards,” Advances
in Cryptology - CRYPTO 1989, LNCS 435, pp.239–252, Springer-Verlag, 1990.
[19] J. Camenisch, “Efficient and generalized group signatures,” Advances in Cryptology
- EUROCRYPT 1997, LNCS 1233, pp.465–479, Springer-Verlag, 1998.
[20] E. Bresson, J. Stern and M. Szydlo, “Threshold ring Signatures and applications
to ad-hoc groups,” Advances in Cryptology - CRYPTO 2002, LNCS 2442,
pp.465–480, Springer-Verlag, 2002.
[21] L. Chen, C. Kudla, and K.G. Paterson, “Concurrent signatures,” Advances in
Cryptology - EUROCRYPT 2004, LNCS 3027, pp.287–305, Springer-Verlag,
2004.
[22] W. Susilo, Y. Mu, and F. Zhang, “Perfect concurrent signatures schemes,” Proc.
of Information and Communications Security Conference, ICISC 2004, LNCS
3269, pp.14–26, Springer-Verlag, 2004.
[23] W. Susilo and Y. Mu, “Tripartite concurrent signatures,” The 20th IFIP International
Information Security Conference, IFIP/SEC 2005, pp. 425–441,
Springer, 2005.
[24] K. Nguyen, “Asymmetric concurrent signatures,” Proc. of Information and
Communications Security Conference, ICISC 2005, LNCS 3783, pp.181–193,
Springer-Verlag, 2005.
[25] G. Wang, F. Bao, and J. Zhou, “The fairness of perfect concurrent signatures,”
Proc. of Information and Communications Security Conference, ICISC 2006,
LNCS 4307, pp.435–451, Springer-Verlag, 2006.
[26] Y.C. Chen and S.M. Yen, “Balanced concurrent signature,” Information Security
Conference, Taiwan, R.O.C., 2006.
[27] D. Tonien, W. Susilo, and R. Safavi-Naini, “Multi-party concurrent signatures”
Information Security, 9th International Conference, ISC 2006, LNCS 4176,
pp.131–145, Springer-Verlag, 2006.
[28] H. Hiwatari and K. Tanaka, “Fair exchange of signatures in the many-to-one
model” The 2006 Symposium on Cryptography and Information Security, SCIS
2006, 3a4-4, 2006.
[29] Y. Komano, “Fair exchange of signatures with multiple singer” IEICE Trans.
Fundamentals, Vol. e90, No. 5, pp.969–979, 2007.指導教授 顏嵩銘(Sung-Ming Yen) 審核日期 2008-7-22 推文 facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu 網路書籤 Google bookmarks del.icio.us hemidemi myshare