臺灣博碩士論文加值系統

在目前的代理簽章架構中，都有一個共同的問題，
就是驗證者無法確認代理人是否是在代理期間產生代理簽章。
即使授權已經過期或被撤銷了，但是代理人依然可以對文件進行簽署，並且宣稱這份實際已過期無效的簽章是在授權期間所產生的。
過去Sun曾提出的可追蹤接收者的時戳代理簽章架構終，
企圖解決上述的問題，但是在本論文中我們將說明Sun的架構可能遭遇的問題，更進一步，為了解決代理簽章的共同問題，我們提出了一個藉由TSS(Time-Stamping Service)的代理簽章架構。

In current proxy signature schemes, an original signer delegates her/his signing capability to a proxy signer, and then the proxy signer can sign messages on behalf of the original signer. Although these schemes have succeeded in proxy delegations, they share a common problem. That is, a verifier cannot ascertain a proxy signature was signed by the proxy signer during the delegation period. Additionally, these schemes are in general defective in proxy revocations. In this research, we proposed two new proxy signature schemes to resolve the above problems. The first scheme utilizes a trusted third party called authentication server to ensure that proxy signatures can only be generated during valid delegation period. Also, the original signer can revoke her delegation whenever she wants. In the first scheme, it is required that the authentication server has to be trusted unconditionally. To alleviate the trust level, the other proposed scheme employs the time-stamping service and Pedersen''s
threshold cryptosystem. It is shown in the thesis that both schemes are secure and resolve the stated problems. The performance of both schemes are also analyzed.

1 Introduction 1
2 Related Works 5
2.1 Time-Stamping Service (TSS) . . . . . . . . . . . . . . . . . . . 5
2.2 Review of Sun''s Scheme. . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 Proxy signature key generation between the original and
proxy signers . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.2 Proxy signature generation between the proxy signer and
receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.3 Proxy signature veri‾cation . . . . . . . . . . . . . . . . 9
2.3 Cryptanalysis of Sun''s Scheme . . . . . . . . . . . . . . . . . . . 10
2.4 Review of Pedersen''s Threshold Cryptosystem without a Trusted
Party Scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4.2 Selecting and Distributing the Keys . . . . . . . . . . . . 13
2.4.3 Rebuild the secret . . . . . . . . . . . . . . . . . . . . . . 14
3 A Time-stamping Proxy Signature Scheme Using An Authen-
tication Server 15
3.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Basic Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.3 Revocation Protocol . . . . . . . . . . . . . . . . . . . . . . . . 18
3.4 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4 A Time-Stamping Proxy Signature Using TSS 23
4.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.2 Basic protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.3 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . 32
5 Conclusions and Future Works 38

[1] Dave Bayer, Stuart Haber, and W. Scott Stornetta. Improving the e±-
ciency and reliability of digital time-stamping. In Sequences''91: Methods
in Communication, Security, and Computer Science, pages 329{334, 1992.
[2] Josh Benaloh and Michael de Mare. E±cient broadcast time-stamping.
Technical Report 1, Clarkson University Department of Mathematics and
Computer Science, 1991.
[3] Ahto Buldas and Peeter Laud. New linking schemes for digital time-
stamping. In Proceedings of the 1st International Conference on Informa-
tion Security and Cryptology, pages 3{14, 1998.
[4] Ahto Buldas, Peeter Laud, Helger Lipmaa, and Jan Villemson. Time-
stamping with binary linking schemes. In CRYPTO''98, Lecture Notes in
Computer Science 1462, pages 486{501, 1998.
[5] Stuart Haber and W.-Scott Stornetta. Secure names for bit-strings. In
Proceedings of the 4th ACM Conference on Computer and Communica-
tions Security, pages 28{35, 1997.
[6] M. S. Hwang, I. C. Lin, and Eric J. L. Lu. A secure nonrepudiable thresh-
old proxy signature scheme with known signers. International Journal of
Informatica, 11(2):1{8, 2000.
[7] Seungjoo Kim, Sangjoo Park, and Dongho Won. Proxy signatures, revis-
ited. In Proceedings of International Conference on Information and Com-
munications Security, Lecture Notes in Computer Science 1334, pages
223{232, 1997.
[8] Byoungcheon Lee, Heesun Kim, and Kwangjo Kim. Strong proxy sig-
nature and its applications. In Proceedings of the 2001 Symposium on
Cryptography and Information Security (SCIS 2001), 2001.
[9] Masahiro Mambo, Keisuke Usuda, and Eiji Okamoto. Proxy signatures:
Delegation of the power to sign messages. IEICE Transactions on Fun-
damentals, E79-A(9):1338{1354, September 1996.
[10] Masahiro Mambo, Keisuke Usuda, and Eiji Okamoto. Proxy signatures
for delegating signing operation. In Proceedings of 3rd ACM conference
on Computer and Communications Security, pages 48{57, 1996.
[11] B. Cli®ord Neuman. Proxy-based authorization and accounting for dis-
tributed systems. In Proceedings of the 13th International Conference on
Distributed Computing Systems, pages 283{291, 1993.
[12] T.P. Pedersen. A threshold cryptosystem without a trusted party. In
Advances in Cryptology, CRYPTO''91, pages 522{526, 1991.
[13] Bruce Schneier. Applied Cryptography. Wiley, New York, 1996.
[14] Claus-Peter Schnorr. E±cient signature generation by smart cards. Jour-
nal of Cryptology, 4:161{174, 1991.
[15] Hung-Min Sun. Design of time-stamped proxy signatures with trace-
able receivers. IEE Proceedings of Computers and Digital Techniques,
147(6):462{466, 2000.
[16] Vijay Varadharajan, Phillip Allen, and Stewart Black. An analysis of
the proxy problem in distributed systems. In Proceedings of 1991 IEEE
Computer Society Symposium on Research in Security and Privacy, pages
255{275, 1991.