跳到主要內容

臺灣博碩士論文加值系統

(54.224.117.125) 您好!臺灣時間:2022/01/23 19:20
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:茆育成
研究生(外文):Yu-Chen Mao
論文名稱:可指定驗証者的異質群體導向簽章系統
論文名稱(外文):A Heterogeneous Group-Oriented Signature Scheme with an Anonymous Signer and Designated Verifiers
指導教授:曾文貴曾文貴引用關係
指導教授(外文):Wen-Guey Tzeng
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:48
中文關鍵詞:指定驗証者匿名環式簽章群體簽章指定驗証者簽章指定驗証者環式簽章
外文關鍵詞:designated verifierring signaturedesignated verifier signaturedesignated verifier ring signaturesignatureanonymoussigner anonymouswitness indistinguishable
相關次數:
  • 被引用被引用:0
  • 點閱點閱:207
  • 評分評分:
  • 下載下載:16
  • 收藏至我的研究室書目清單書目收藏:0
我們提出一個可指定驗証者的群體導向簽章系統。而實際上,我們簽章系統是由環式簽章系統及指定驗証者簽章系統所結合而產生的。環式簽章系統所產生的簽章可指定一群使用者為可能的簽名者之簽章系統,其用意是在當使用者希望發送某些訊息,且希望能說服其他人相信該訊息的可靠度,但又想維持匿名性時所使用。而指定驗証者簽章系統所產生的簽章可指定一群使用者為該簽章的驗証者,對於不在指定範圍內的驗証者,則無法驗証該簽章的正確性,對於一些私人信件往來或是非正式的文件都適合使用該簽章。
我們的簽章系統具有維護簽名者匿名性及可指定驗証者的特性,我們稱我們的系統為可指定驗証者的環式簽章系統。在我們的系統中,我們假設每位使用者都有使用一套公眾金鑰簽章系統。我們的系統不需任何初始化動作且沒有中心管理員並且各個使用者可以用完全不相同的公眾金鑰簽章系統。在應用上,可以當做為環式簽章系統及指定驗証者簽章系統的替代方案。
關鍵詞: 可指定驗証者的環式簽章,指定驗証者簽章,環式簽章。

We propose a designated verifier ring signature scheme that can be used to construct both ring signatures and designated verifier signatures. The purpose of ring signatures is for a signer to leak an authoritative message without revealing his identity. A designated verifier signature conveys the validity of the signature only to a set of designated verifiers. Our scheme is setup-free but we require each user to have a public key signature scheme, which may be the same or a different signature scheme.
Our primary build blocks are witness indistinguishable protocols. For regular public key signature schemes, we provide a generalized method to turn them into witness indistinguishable protocols. We use signatures of knowledge to make them non-interactive and become our signatures. Finally we conclude our scheme is more general and flexible than both the original ring signature scheme and the original designated verifier signature scheme.
Keywords: designated verifier ring signature, designated verifier signature, ring signature, witness indistinguishable protocol.

1 Introduction 1
1.1 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Notation and Definitions 6
3 Building Blocks 11
3.1 Our Idea and Approach . . . . . . . . . . . . . . . . . . . . . 11
3.2 Zero-Knowledge Interactive Proofs (ZKIPs) . . . . . . . . . . . 14
3.2.1 ZKIP of Knowing one Discrete Logarithm . . . . . . . .16
3.2.2 ZKIP of Knowing the e th Root of a Group Element . . .20
3.2.3 ZKIP of Knowing one RSA Secret Key . . . . . . . . . .22
3.3 Witness Indistinguishable (WI) Protocols . . . . . . . . . . . .27
3.3.1 WI Proof of Knowing one of Discrete Logarithms . . . .28
3.3.2 WI Proof of Knowing one of GQ Secret Keys . . . . . . 29
3.3.3 WI proof of Knowing one of FFS Secret Keys . . . . . .30
3.3.4 WI proof of Knowing one of RSA Secret Keys . . . . . .32
3.3.5 WI proof of Knowing one of Secret Keys . . . . . . . .33
3.4 Signatures of Knowledge . . . . . . . . . . . . . . . . . . . . 35
3.5 A Designated Verifier Ring Signature (DVRS) . . . . . . . . . . 36
4 Our Scheme 41
4.1 Signing and Verifying . . . . . . . . . . . . . . . . . . . . . 41
4.2 Proofs of Security . . . . . . . . . . . . . . . . . . . . . . .43
5 Conclusions 47
A The Original Ring Signature Scheme 53
A.1 Comparison of the Original Ring Signature Scheme and Our
Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
A.2 Using the Original Ring Signature to Construct a DVRS . . . . . 57

[BCY89] G. Brassard, C. Crepeau, and M. Yung. Everything in NP can be argued in perfect zero-knowledge in a bounded number of rounds. In Proceedings of 16th ICALP, 1989.
[Cam97] J. Camenish. Efficient and generalized group signatures. In Pro-ceedings of Advances in Cryptology - EUROCRYPT ’97, volume 1233 of LNCS, pages 465—479. Springer-Verlag, 1997.
[CDS94] R. Cramer, I. Damgard, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Proceedings of Advances in Cryptology - CRYPTO ’94, volume 839 of LNCS, pages 174—187. Springer-Verlag, 1994.
[CEvdG88] D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demostrating possession of discrete logarithms and some generalizations. In Proceedings of Advances in Cryptology - EUROCRYPT ’87, volume 304 of LNCS, pages 127—141. Springer-Verlag, 1988.
[CP95] L. Chen and T. P. Pederson. New group signature schcmes. In Proceedings of Advances in Cryptology - EUROCRYPT ’94, volume 950 of LNCS, pages 171—181. Springer-Verlag, 1995.
[CvA90] D. Chaum and H. van Antwerpen. Undeniable signatures. In Proceedings of Advances in Cryptology - CRYPTO ’89, volume 435 of LNCS, pages 212—216. Springer-Verlag, 1990.
[CvH91] D. Chaum and E. van Heyst. Group signatures. In Proceedings of Advances in Cryptology - EUROCRYPT ’91, volume 547 of LNCS, pages 257—265. Springer-Verlag, 1991.
[DY91] Y. Desmedt and M. Yung. Weaknesses with undeniable signature schemes. In Proceedings of Advances in Cryptology - EUROCRYPT ’91, volume 547 of LNCS, pages 205—220. Springer-Verlag, 1991.
[ElG85] T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Proceedings of Advances in Cryptology - CRYPTO ’84, volume 196 of LNCS, pages 10—18. Springer-Verlag, 1985.
[FFS87] U. Feige, A. Fiat, and A. Shamir. Zero knowledge proofs of identity. In Proceedings of the 19th ACM Symposium on Theory of Computing, pages 210—217, May 1987.
[FS87] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Proceedings of Advances in Cryptology - CRYPTO ’86, volume 263 of LNCS, pages 186—194. Springer-Verlag, 1987.
[FS90] U. Feige and A. Shamir. Witness indistinguishable and witness hiding protocols. In Proceedings of the 22nd Annual ACM Sym-posium on the Theory of Computing, pages 416—426. ACM, 1990.
[GMR89] S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186—208, 1989.
[GQ88] L. C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessor minimizing both trans-mission and memory. In Proceedings of Advances in Cryptology - EUROCRYPT ’88, volume 330 of LNCS, pages 123—128. Springer-Verlag, 1988.
[Jak95] M. Jakobsson. Blackmailing using undeniable signatures. In Pro-ceedings of Advances in Cryptology - EUROCRYPT ’94, volume 950 of LNCS, pages 425—427. Springer-Verlag, 1995.
[JSI96] J. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Proceedings of Advances in Cryptology - EUROCRYPT ’96, volume 1070 of LNCS, pages 143—154. Springer-Verlag, 1996.
[RSA78] R. L. Rivest, A. Shamir, and L. M. Adleman. A method for ob-taining digital signatures and public-key cryptosystems. Com-munications of the ACM, 21(2):120—126, 1978.
[RST01] R. L. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 100—110. ACM, 2001.
[Sch90] C. P. Schnorr. Efficient identification and signatures for smart cards. In Proceedings of Advances in Cryptology - CRYPTO ’89, volume 435 of LNCS, pages 235—251. Springer-Verlag, 1990.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top