採用堆疊式參數揭露之公平多方並存簽章系統

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：26

、訪客IP：18.222.166.127

姓名

葉彥頡(Yan-Jie Yeh) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

採用堆疊式參數揭露之公平多方並存簽章系統
(Improved Fair Multi-party Concurrent Signatures Based on Stack-like Release of Parameters)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

近年來，網際網路的日益普及促使了電子商務的快速成長，有越來越多的商業行為必須仰賴網路的便捷性才能順利完成。但也由於網路的便捷，使得交易參與者之間可能並非熟識或者互相信賴，因此，確保交易之間的公平議題也就顯得越來越重要。

並存簽章系統 (Concurrent Signature Schemes) 的概念首先是由陳等人在2004年的歐洲密碼會議上所提出，這個概念希望藉由一種較為可行的方式以達到等同於早期公平電子交易協定的成果，但卻不用仰賴公正的第三方協助或是假設交易雙方擁有相同計算能力等級的設備。在提出這個只適用於兩個人使用的並存簽章系統之後，原作者們也很好奇這個新的概念是否可以被延伸到允許更多人一起使用。

Tonien 等人首先嘗試回答這個問題，但他們提出的系統卻隨即被謝等人指出並不符合並存簽章所需要的要件，謝等人也發表他們的系統。不幸的是，謝等人的系統也被黃等人發現有缺陷存在，黃等人更進一步的認為設計一個適用於多方參與的並存簽章是不太可能的 (Infecundity)。雖然謝等人的系統不是那麼的完善，但對我們的研究來說，仍然非常具有參考價值。在本論文中，我們重新審視了現有的系統並重新思考了適用於多方參與的相關要件。之後，我們根據謝等人的設計加以修改以提出能夠達到真正的公平性之系統，這也同時代表了設計適用於多方參與的並存簽章仍然是可行的。

最後，我們的系統不僅保留了謝等人系統的特性，也克服了黃等人所發現的缺陷。而且我們的系統不只可以達到更好的效能與公平性，同時也是我們認為目前最有效率的系統。

摘要(英)

The increasing popularity of the Internet promotes the quick growth of electronic commerce in the recently years. More and more business transactions are accomplished through the Internet because of its convenience and efficiency. Therefore, issues of guaranteeing transactions fairness becomes important, especially when the transactors are mutually distrustful.

The concept of concurrent signatures aims to provide a practical solution to the fair exchange problem without relying on a trusted third party or the assumption of the same computing power between two transactors. After proposed the first concurrent signature, the authors were questioned about whether their notion can be extended to multi-party setting. Tonien et al. were the first ones who tried to answer the question. But Tonien et al.′s scheme was pointed out by Shieh et al. that it failed to achieve the concurrent notion and an alternative scheme was proposed. Unfortunately, a defect of Shieh et al.′s scheme was pointed out by Huang et al. by providing a strong while unproven claim of the infecundity of designing a multi-party concurrent signature.

Although Shieh et al.′s scheme is insufficient to be truly fair in the multi-party setting, it is still a good lesson to be learned for our research. This thesis analyses underlying schemes and reconsiders the design of multi-party concurrent signatures. After that, we proposed an improved scheme based on Shieh et al.′s design to achieve the required fairness requirement, which means that there is still possibility to design a concurrent signature for the multi-party setting. Our improved scheme is not only secure against the defect pointed out by Huang et al. but it also keeps all the features of Shieh et al.′s scheme. Furthermore, the proposed scheme achieves better performance and fairness. As a result, our scheme seems to be the most efficient concurrent signature scheme so far as we know.

關鍵字(中)

★ 多方參與
★ 並存簽章
★ 公平交易

關鍵字(英)

★ Multi-party
★ Concurrent Signature
★ Fair Exchange

論文目次

Contents
1 Introduction 1
1.1 Background Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1.1 Fair Exchange Problem . . . . . . . . . . . . . . . . . . . . . . 1
1.1.2 Concurrent Signature . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.3 Multi-party Concurrent Signature . . . . . . . . . . . . . . . . 5
1.2 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Review of Concurrent Signature Schemes 9
2.1 Concurrent Signature Scheme . . . . . . . . . . . . . . . . . . . . . . 9
2.1.1 Generic Algorithms of Concurrent Signature . . . . . . . . . . 10
2.1.2 Simplied Protocol of Concurrent Signature . . . . . . . . . . 11
2.1.3 A Concrete Scheme of Concurrent Signature . . . . . . . . . . 11
2.1.4 Security Requirements of Concurrent Signature . . . . . . . . 13
2.2 Perfect Concurrent Signature Scheme . . . . . . . . . . . . . . . . . . 14
2.3 Improved Perfect Concurrent Signature Scheme . . . . . . . . . . . . 15
2.4 Accountability of Concurrent Signature . . . . . . . . . . . . . . . . . 17
2.5 Asymmetric Concurrent Signature Scheme . . . . . . . . . . . . . . . 18
3 Review of Multi-party Concurrent Signature Schemes 21
3.1 Multi-party Concurrent Signature Scheme . . . . . . . . . . . . . . . 21
3.1.1 Denition of Bilinear Pairing . . . . . . . . . . . . . . . . . . . 22
3.1.2 Generic Algorithms of Multi-party Concurrent Signature . . . 22
3.1.3 Simplied Protocol of Multi-party Concurrent Signature . . . 24
3.1.4 Security Requirements of Multi-party Concurrent Signature . 25
3.1.5 Drawbacks of Multi-party Concurrent Signature . . . . . . . . 26
3.2 Fair Multi-party Concurrent Signature Scheme . . . . . . . . . . . . . 27
3.2.1 Generic Algorithms of Fair Multi-party Concurrent Signature 27
3.2.2 Simplied Protocol of Fair Multi-party Concurrent Signature . 28
3.2.3 Security Requirements of Fair Multi-party Concurrent Signature 29
3.2.4 A Concrete Scheme of Fair Multi-party Concurrent Signature 29
3.3 Further Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.3.1 An Attacking Scenario . . . . . . . . . . . . . . . . . . . . . . 31
3.3.2 Discussion on the Ambiguity Property . . . . . . . . . . . . . 32
4 Proposed Scheme Based on Stack-Like Release of Parameters 35
4.1 Comprehensive Discussion . . . . . . . . . . . . . . . . . . . . . . . . 35
4.1.1 Observation on the Attacking Scenario . . . . . . . . . . . . . 37
4.1.2 Our First Try on Fixing the Defect . . . . . . . . . . . . . . . 37
4.1.3 Another Challenge That We Faced . . . . . . . . . . . . . . . 38
4.2 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.2.1 Generic Algorithms of Proposed Scheme . . . . . . . . . . . . 40
4.2.2 The Stack-like Parameters Releasing Protocol . . . . . . . . . 40
4.2.3 Security Requirements of Proposed Scheme . . . . . . . . . . . 41
4.2.4 A Concrete Scheme . . . . . . . . . . . . . . . . . . . . . . . . 42
4.3 Analysis of Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . 44
4.3.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.3.2 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . 46
5 Conclusion 48
Bibliography 50

參考文獻

Bibliography
[1] O. Goldreich, "A Simple Protocol for Signing Contracts," Advances in Cryptology - CRYPTO 1983, pp. 133-136, 1983.
[2] S. Even, O. Goldreich, and A. Lempel, "A Randomized Protocol for Signing Contracts," Communications of the ACM, Vol. 28, pp. 637-647, 1985.
[3] E.F. Brickell, D. Chaum, I.B. Damgard, and J. Graaf, "Gradual and Veriable Release of a Secret," Advances in Cryptology - CRYPTO 1987, Lecture Notes in Computer Science Vol. 293, pp. 156-166, 1988.
[4] R. Cleve, "Controlled Gradual Disclosure Schemes for Random Bits and Their Applications," Advances in Cryptology - CRYPTO 1989, Lecture Notes in Computer Science Vol. 435, pp.573-588, 1990.
[5] I.B. Damgard, "Practical and Provably Secure Release of a Secret and Exchange of Signatures," Advances in Cryptology - EUROCRYPT 1993, Lecture Notes in Computer Science Vol.765, pp. 200-217, 1994.
[6] D. Boneh and M. Naor, "Timed Commitments (Extended Abstract)," Advances in Cryptology - CRYPTO 2000, Lecture Notes in Computer Science Vol. 1880, pp. 236-254, 2000.
[7] M.K. Franklin and M.K. Reiter, "Fair Exchange with a Semi-trusted Third Party," Proc. of the 4th ACM Conference on Computer and Communications Security, pp. 1-5, 1997.
[8] M. Franklin and G. Tsudik, "Secure Group Barter: Multi-party Fair Exchange with Semi-trusted Neutral Parties," Financial Cryptography, Lecture Notes in Computer Science Vol. 1465, pp. 90-102, 1998.
[9] M. Abadi, N. Glew, B. Horne, and B. Pinkas, "Certied E-mail with a Light on-line Trusted Third Party: Design and Implementation," Proc. of the 11th International World Wide Web Conference, pp. 387-395, 2002.
[10] N. Asokan, V. Shoup, and M. Waidner, "Optimistic Fair Exchange of Digital Signatures," Advances in Cryptology - EUROCRYPT 1998, Lecture Notes in Computer Science Vol. 1403, pp.591-606, 1998.
[11] B. Ptzmann, M. Schunter, and M. Waidner, "Optimal Efficiency of Optimistic Contract Signing," Proc. of the 17th Annual ACM Symposium on Principles of Distributed Computing, pp. 113-122, 1998.
[12] J.A. Garay, M. Jakobsson, and P. MacKenzie, "Abuse-free Optimistic Contract Signing," Advances in Cryptology - CRYPTO 1999, Lecture Notes in Computer Science Vol. 1666, pp. 449-466, 1999.
[13] B. Baum-Waidner and M.Waidner, "Round-optimal and Abuse Free Optimistic Multi-party Contract Signing," Automata, Languages and Programming, Lecture Notes in Computer Science Vol. 1853, pp. 524-535, 2000.
[14] Y. Dodis and L. Reyzin, "Breaking and Repairing Optimistic Fair Exchange from PODC 2003," Proc. of the 3rd ACM Workshop on Digital Rights Management, pp. 47-54, 2003.
[15] J.M. Park, E.K.P. Chong, and H.J. Siegel, "Constructing Fair Exchange Protocols for E-commerce via Distributed Computation of RSA Signatures," Proc. of the 22nd Annual Symposium on Principles of Distributed Computing, pp. 172-181, 2003.
[16] L. Chen, C. Kudla, and K.G. Paterson, "Concurrent Signatures," Advances in Cryptology - EUROCRYPT 2004, Lecture Notes in Computer Science Vol. 3027, pp. 287-305, 2004.
[17] W. Susilo, Y. Mu, and F. Zhang, "Perfect Concurrent Signature Schemes," Information and Communications Security, Lecture Notes in Computer Science Vol. 3269, pp. 14-26, 2004.
[18] G. Wang, F. Bao, and J. Zhou, "The Fairness of Perfect Concurrent Signatures," Information and Communications Security, Lecture Notes in Computer Science Vol. 4307, pp. 435-451, 2006.
[19] Y. Li, D. He, and X. Lu, "Accountability of Perfect Concurrent Signature," 2008 International Conference on Computer and Electrical Engineering, pp.773-777, 2008
[20] K. Nguyen, "Asymmetric Concurrent Signatures," Information and Communications Security, Lecture Notes in Computer Science Vol. 3783, pp. 181-193, 2005.
[21] W. Susilo and Y. Mu, "Tripartite Concurrent Signatures," Security and Privacy in the Age of Ubiquitous Computing, IFIP Advances in Information and Communication Technology Vol. 181, pp. 425-441, 2005.
[22] D. Tonien, W. Susilo, and R. Safavi-Naini, "Multi-party Concurrent Signatures," Information Security, Lecture Notes in Computer Science Vol. 4176, pp.131-145, 2006.
[23] R.L. Rivest, A. Shamir, and Y. Tauman, "How to Leak a Secret," Advances in Cryptology - ASIACRYPT 2001, Lecture Notes in Computer Science Vol. 2248, pp. 552-565, 2001.
[24] M. Abe, M. Ohkubo, and K. Suzuki, "1-out-of-n Signatures from a Variety of Keys," Advances in Cryptology - ASIACRYPT 2002, Lecture Notes in Computer Science Vol. 2501, pp. 415-432, 2002.
[25] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated Verier Proofs and Their Applications," Advances in Cryptology - EUROCRYPT 1996, Lecture Notes in Computer Science Vol. 1070, pp. 143-154, 1996.
[26] H. Ge, Y. Sun, L. Gu, S. Zheng, and Y. Yang, "Improved Tripartite Concurrent Signature," 2010 2nd International Conference on Computer Technology and Development, pp. 586-590, 2010.
[27] Y.C. Chen and S.M. Yen, "Balanced Concurrent Signature," Proc. Information Security Conference 2006, pp. 25-32, 2006
[28] M. Klonowski, M. Kuty lowski, A. Lauks, and F. Zagorski, "Conditional Digital Signatures," Trust, Privacy, and Security in Digital Business, Lecture Notes in Computer Science Vol. 3592, pp. 206-215, 2005.
[29] H. Huang, H.C. Lin, and S.M. Yen, "On the Possibility of Constructing a Concurrent Signature Scheme from a Conditional Signature Scheme," Proc. Cryptology and Information Security Conference 2008, pp. 97-107, 2008.
[30] C.T. Shieh, H.C. Lin, and S.M. Yen, "Fair Multi-party Concurrent Signatures," Proc. Cryptology and Information Security Conference 2008, pp. 108-118, 2008.
[31] R.L. Rivest, A. Shamir, and L.M. Adleman, "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Communications of the ACM, Vol. 21, pp. 120-126, 1978.
[32] C.P. Schnorr, "Efficient Identication and Signatures for Smart Cards," Advances in Cryptology - CRYPTO 1989, Lecture Notes in Computer Science Vol. 435, pp. 239-252, 1990.
[33] H. Huang, H.C. Lin, and S.M. Yen, "On the Infecundity of Designing a Multi-party Concurrent Signature Scheme," Proc. Cryptology and Information Security Conference 2009, 2009.
[34] J. Camenisch, "Efficient and Generalized Group Signatures," Advances in Cryptology - EUROCRYPT 1997, Lecture Notes in Computer Science Vol. 1233, pp.465-479, 1998.
[35] T.H. Yuen, D.S. Wong, W. Susilo, and Q. Huang, "Concurrent Signatures with Fully Negotiable Binding Control," Provable Security, Lecture Notes in Computer Science Vol. 6980, pp. 170-187, 2011.
[36] X. Tan, Q. Huang, and D.S. Wong, "Extending Concurrent Signature to Multiple Parties," Theoretical Computer Science, Vol. 548, pp.54-67, 2014.
[37] G. Ateniese, "Efficient Veriable Encryption (and Fair Exchange) of Digital Signatures," Proc. of the 6th ACM Conference on Computer and Communications Security, pp. 138-146, 1999.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2015-7-27

推文