跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 黃友鍊
You-Lian Huang
論文名稱: 指定驗證者簽章之研究
On the Research of Designated Verifier Signature Schemes
指導教授: 顏嵩銘
Sung-Ming Yen
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
畢業學年度: 97
語文別: 英文
論文頁數: 66
中文關鍵詞: 指定驗證者簽章
外文關鍵詞: Universal Designated Verifier Signature, Designated Verifier Signature, Restricted Universal Designated Verifier Signatu
相關次數: 點閱:17下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 不同於傳統數位簽章具有可公開驗證性,指定驗證者簽章只允許被指定的驗證者可以驗證簽章的正確性,確保了簽章者的隱私性而被廣泛的應用於諸多系統上。本論文的研究集中在數個指定驗證者簽章以及其變形簽章的主題上。
    在授權性(Delegatability)的研究上,首先,我們對於指定驗證者簽章的授權性做分類,使其能適合不同的指定驗證者簽章系統。接下來,我們會指出兩個現存的指定驗證著簽章系統TOO系統和LSMP系統在授權性上的缺陷。
    觀察到可擷取式簽章系統(Content Extraction Signature)有驗證者間共謀的缺陷存在,我們使用指定驗證者簽章的概念,提出了一個可指定驗證者的可擷取式簽章系統,解決了這個問題。
    本論文的最後一部分關注的重點在建構一個新的受限制之廣義指定驗證者簽章系統(Restricted Universal Designated Verifier Signature),在指出了黃等人簽章系統的缺陷後,我們提出了一個新的建構方式以及簽章系統。

    Designated verifier signatures allow only a certain recipient can be convinced about the validity of a digital signature which protect the signer''s privacy and is very useful in many applications. In this thesis, our research focus on several specific topics of DVS and it''s variant schemes.
    On the research of delegatability, first, we classify this property to fit difierent DVS variant schemes. Afterwards, two existing DVS schemes: TOO strong-DVS scheme and LSMP constant-size multi-DVS scheme are shown to be delegatable.
    Observing that content extraction signatures are vulnerable on the verifier conspiracy problem. By modifying the original content extraction signature scheme with the concept of DVS, a content extraction signature scheme which can be designated to a certain recipient is proposed.
    In the last part of our thesis, our objective is to construct a new restricted universal designated verifier signature. After point out the major problems of Huang et al.''s scheme, a new restricted universal designated verifier signature scheme is proposed.

    1 Introduction 2 1.1 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Our Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 4 2 Designated Verifier and Universal Designated Verifier Signatures 6 2.1 Introduction to Designated Verifier Signatures . . . . . . . . . . . . . 6 2.1.1 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.2 Definitions and security properties . . . . . . . . . . . . . . . 7 2.1.3 Trapdoor hash functions . . . . . . . . . . . . . . . . . . . . . 9 2.2 Previous Designated Verifier Signature Schemes . . . . . . . . . . . . 10 2.2.1 SKM strong DVS scheme . . . . . . . . . . . . . . . . . . . . . 10 2.2.2 HSMZ short DVS scheme . . . . . . . . . . . . . . . . . . . . 11 2.3 Introduction to Universal Designated Verifier Signatures . . . . . . . 12 2.3.1 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.3.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.4 Previous Universal Designated Verifier Signature Schemes . . . . . . . 14 2.4.1 SBWP the first UDVS scheme . . . . . . . . . . . . . . . . . . 14 2.4.2 Steinfeld et al''s SchUDV 2 scheme . . . . . . . . . . . . . . . 15 3 Non-Delegatability of Two Delegated Verifier Signatures Schemes 18 3.1 Introduction to the Non-Delegatability . . . . . . . . . . . . . . . . . 18 3.2 Classification of the Non-Delegatability . . . . . . . . . . . . . . . . . 19 3.3 On the Non-Delegatability of Two Designated Verifier Signature Schemes 21 3.3.1 TOO strong-DVS scheme . . . . . . . . . . . . . . . . . . . . 21 3.3.2 LSMP constant-size multi-DVS scheme . . . . . . . . . . . . . 22 3.3.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 4 Designated Verifier Content Extraction Signature 26 4.1 Introduction to Content Extraction Signature . . . . . . . . . . . . . 26 4.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2.1 Document model . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2.2 Definition of content extraction signature . . . . . . . . . . . . 28 4.3 Previous CES Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.4 Conspiracy Issue of Content Extraction Signature . . . . . . . . . . . 29 4.5 The Proposed Designated Verifier Content Extraction Signature Scheme 30 4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5 A New Restrict Universal Designated Verifier Signature Scheme 33 5.1 Introduction to Restrict Universal Designated Verifier Signature . . . 33 5.1.1 Restriction: how to achieve? . . . . . . . . . . . . . . . . . . . 33 5.1.2 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5.2 Formal Definition of Restrict Universal Designated Verifier Signature Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.2.1 Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.2.2 Restrict property . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.3 Security Issue of Huang et al.''s Restrict Universal Designated Verifie Signature Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.3.1 Review of huang et al.’s RUDVS scheme . . . . . . . . . . . . 3 5.3.2 On the weakness of Huang et al.''s RUDVS scheme . . . . . . . 3 5.4 A New RUDVS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.4.1 The basic construction . . . . . . . . . . . . . . . . . . . . . . 39 5.4.2 Signature-reusing issue of the basic construction . . . . . . . . 40 5.4.3 A concrete RUDVS scheme . . . . . . . . . . . . . . . . . . . 41 5.4.4 Security analysis of the proposed RUDVS scheme . . . . . . . 43 5.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6 Conclusions 47 6.1 Brief Review of Main Contributions . . . . . . . . . . . . . . . . . . . 47 6.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 7 Bibliography · · · · · · · · · · · · · · · · · · · · · · · 50

    [1] David Chaum and Hans Van Antwerpen, "Undeniable signatures," Advances in Cryptology - CRYPTO ''89, LNCS 435, pp. 212-216, springer, 1990.
    [2] David Chaum, "Zero-knowledge undeniable signatures," Advances in Cryptology - EUROCRYPT ''90, LNCS473, pp. 458-464, Springer, 1991.
    [3] D. Boneh, B. Lynn, and H. Shacham, "Short Signatures from the Weil pairing," Advances in Cryptology - Asiacrypt ''01, LNCS 2248, pp. 514-532, Springer, 2001.
    [4] B. Boneh and X. Boyen, "Short Signature Without Random Oracles," Proc. of Public Key Cryptography 2004 - PKC 2004, LNCS 2947, pp.277-290, Springer, 2004.
    [5] M. Klonowski, P. Kubiak, M. Kutylowsiki, and A. Lauks, "How to Protect Signature from Being Shown to a Third Party," In Tust and Privacy in Digital Business - TrustBus 2006, Lect. Notes Comput. Sci., vol. 4083, pp. 192–202, Springer, 2006.
    [6] Ronald L. Rivest, Adi Shamir, and Yael Tauman, "How to leak a secret," Advance in Cryptology - ASIACRYPT ''01, LNCS 2248, pp. 552-565, Springer, 2001.
    [7] A.shamir and Y. Tauman, "improved Online/Offine Signature schemes," Advance in Cryptology - CRYPTO ''01, LNCS 2139, pp. 355-367, Springer, 2001.
    [8] G. Brassard, D. chaum, C. Crepeau, "Minimum Disclosure Proofs of Knowledge," Joural of Computer and System Sciences, Vol. 37, No. 2, pp. 156-189.
    [9] H. Krawczyk and T. Radin, "Chameleon Signatures, In Network and Distributed Systems Security Symposium - NDSS 2000, Internet Society, pp. 143-154.
    [10] G. Ateniese, and B. de Medeiros, "Identity-based chameleon hash and applications," In Financial Cryptography - FC ''04, LNCS 3110, pp. 164-180, Springer, 2004.
    [11] X. Chen, F. Zhang, and K. Kim, "Chameleon Hashing without Key Exposure," In Information Security Conference - ISC ''04, LNCS 3225, pp. 87-98, Springer, 2004.
    [12] R. Steinfeld, L. Bull, and Y. Zheng, "Content Extraction Signatures," In In ternational Conference on Information Security and Cryptology - ICISC 2001, LNCS 2288, pp. 285–304, Springer, 2001
    [13] L. Bull, P. Stanski, and D. M. Squire, "Content Extraction Signatures Using XML Digital Signatures and Custom Transforms On-Demand," Proceedings of the 12th international conference on World Wide Web - WWW ''03, ACM Press, pp. 170–177
    [14] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated Verifier Proofs an Their Applications, Advances in Cryptology - EUROCRYPT ''96, LNCS 1070, pp. 143–154, Springer, 1996.
    [15] S. Saeednia, S. Kremer, and O. Markowitch, “An Efficient Strong Designated Verifier Signature Scheme," Proc. of 6th International Conference on Information Security and Cryptology - ICISC 2003, LNCS 2971, pp. 40–54, Springer, 2003.
    [16] W. Susilo, F. Zhang, and Y. Mu, "Identity-Based Strong Designated Verifier Signature Schemes," Proc. of 9th Australasian Conference on Information Security and Privacy - ACISP 2004, LNCS 3108, pp. 313–324, Springer, 2004.
    [17] F. Laguillaumie and D. Vergnaud, "Designated Verifier Signature: Anonymity and Efficient Construction From Any Biliner Map," Proc. of 4th Confernce on Security in Communication Network - SCN 2004, LNCS 3352, pp. 495–507, Springer, 2004.
    [18] H. Lipmaa, G. Wang, and F. Bao, "Designated Verifier Signature Schemes Attacks, New Security Notions and a New Construction," Proc. of 32nd International Colloquium on Automata, Language and Programming - ICALP 2005, LNCS 3580, pp. 459–471, Springer, 2005.
    [19] R. Tso, T. Okamoto, and E. Okamoto, "Practical Strong Designated Verifier Signature Schemes Based on Double Discrete Logarithms," Proc. of SKLOIS Conference on Information Security and Cryptology - CISC 2005, LNCS 3822, pp. 113–127, Springer, 2005.
    [20] Y. Li, H. Lipmaa, and D. Pei, "On the Delegatability of Four Designated Verifier Signatures," Proc. of 7th International Conference on Information and Communications Security - ICICS 2005, LNCS 3783, pp. 61–71, Springer, 2005.
    [21] K. Phani Kumar, G. Shailaja, and A. Saxena "Identity Based Strong Designated Verifier Signature Scheme," IACR ePrint Report 2006/134, 2006.
    [22] X.Y. Huang, W. Susilo, Y. Mu, and F.T. Zhang, "Short (Identity-Based Strong Designated Verifier Signature Schemes," Proc. of 2ed Information Security Practice and Experience - ISPEC 2006, LNCS 3903, pp. 214–225, Springer, 2006.
    [23] X.Y. Huang, W. Susilo, Y. Mu and F.T. Zhang, "Short Designated Verifier Signature Scheme and Its Identity-based Variant," International Joural of Network Security - IJNS 2006, Vol. 42, No. 1, pp. 71-74, 2006.
    [24] Y. Li, W. Susilo, Y. Mu, and D. Pei, "Designated Verifier Signature: Definition Framework and New Constructions," Proc. of 4th International Conference on Ubiquitous Intelligence and Computing - UIC 2007, LNCS 4611, pp. 1191–1200, Springer, 2007.
    [25] R. Steinfeld, L. Bull, H. Wang, and J. Piperzyk "Universal Designated-Verifier Signatures," Advances in Cryptology - Asiacrypt ''03, LNCS 2894, pp. 523–542, Springer, 2003.
    [26] R. Steinfeld, H. Wang, and J. Pieprzyk, "Efficient Extension of Standar Schnorr/RSA Signature into Universal Designated-Verifier Signature," Proc. of Public Key Cryptography 2004 - PKC 2004, LNCS 2497, pp. 86–100, Springer, 2004.
    [27] C.Y. Ng, W. Susilo and Y. Mu "Universal Designated Multi Verifier Signature Schemes," Proc. of The 11st International Conference on Parallel and Distributed Systems - ICPADS2005, IEEE Press, Vol. 2, pp. 305–309, 2005.
    [28] J. Baek, R. Safavi-Naini, and W. Susilo, "Universal Designated Verifier Signature Proof(or How to Efficiently Prove the Knowledge of a Signature)," Advances in Cryptology - Asiacrypt ''05, LNCS 3788, pp. 644–661, Springer, 2005.
    [29] R. Zhang, J. Furukawa, and H. Imai, "Short Signature and Universal Designated Verifier Signature Without Random Oracles," Proc. of Applied Cryptography and Network Security - ACNS 2005, LNCS 3531, pp. 483–498, Springer, 2005.
    [30] F.G. Zhang, W. Susilo, Y. Mu, and X.F. Chen, "Identity-based Universal Designated Verifier Signatures," Proc. of First International Workshop on Security in Ubiquitous Computing Systems - SecUbiq 2005, LNCS 3823, pp. 825–834, Springer, 2005.
    [31] X.Y. Huang, W. Susilo, Y. Mu and W. Wu, "Universal Designated Verifier Signature without Delegatability," Proc. of 8th International Conference on Information and Communications Security - ICICS 2006, LNCS 4307, pp. 479-498, Springer, 2006.
    [32] G. Shailaja, K. Phani Kumar, and A. Saxena, "Universal Designated Multi Verifier Signature without Random Oracles," Proc. of 9th International Conference on Information Technology - ICIT 2006, IEEE Press, pp. 168–171, 2006.
    [33] D. Vergnaud, "New Extensions of Pairing-based Signatures into Universal Designated Verifier Signatures," Proc. of 33rd International Colloquium on Automata, Languages and Programming - ICALP 2006, LNCS 4052, pp. 58–69, Springer, 2006.
    [34] X.Y. Huang, W. Susilo, Y. Mu, and W. Wu, "Secure Universal Designated Verifier Signature without Random Oracles," International Journal of Information Security, 2007.
    [35] X. Huang, W. Susilo, Y. Mu, and F. Zhang, "Restricted Universal Designated Verifier Signature," Proc. of 3rd International Conference on Ubiquitous Intelligence and Computing - UIC 2006, LNCS 4159, pp. 874–882, Springer, 2006.
    [36] F. Laguillaumie and D. Vergnaud, "On the Soundness of Restricted Universal Designated Verifier Signatures and Dedicated Signature," Proc. of Information Security Conference - ISC 2007, LNCS 4779, pp. 175–188, Springer, 2007.
    [37] F. Laguillaumie and D. Vergnaud, "Multi-Designated Verifier Signatures, Proc. of Information and Communication Security - ICICS 2004, LNCS 3269, pp. 495-507, Springer, 2004.
    [38] C. Ma, and D. He, "A New Chameleon Multi-Signature Based on Bilinear Pairing," Proc. of Grid and Cooperative Computing - GCC 2004, LNCS 3252, pp. 329–334, Springer, 2004.
    [39] Sherman S.M. Chow, "Identity-based Strong Multi-Designated Verifiers Signatures," Proc. of 3rd European PKI Workshop: Research and Applications - EuroPKI 2006, LNCS 4043, pp. 257-259, Springer, 2006.
    [40] S. Lal and V. Verma, “Some Identity Based Strong Bi-Designated Verifier Signature Schemes," IACR ePrint Report 2007/193, 2007.
    [41] Stefan Brands, "Untraceable Off-Line Cash in Wallets with Observers, Advances in Cryptology - CRYPTO ''93, LNCS 773, pp. 302-318, Springer, 1994.
    [42] Yair Frankel, Yiannis Tsiounis, and Moti Yung, "Indirect discourse Proofs Achieving Efficient Fair Off-Line E-Cash System," Proceedings of ASIACRYPT ''96, pp. 286-300.
    [43] Markus Jakobsson and Moti Yung, "Revokable and Versatile Electronic Money," In 3rd ACM Conference on Computer and Communications Security, pp. 76-87, 1996.
    [44] Markus Jakobsson and Ari Juels, "X-Cash Executable Digital Cash, In Financial Cryptography - FC ''98, LNCS, Vol. 1465, pp. 16-27, Springer, 1998.

    QR CODE
    :::