政府推行電子商務已行之有年，尤以推動採購流程電子化深具突破性創新。然而，電子資訊傳遞過程中保護機制若欠缺完備，恐會危害機關與廠商雙方之間的權益，甚至影響雙方運用電子招標系統之意願，故如何有效維護資訊分享之安全性以及可靠性既顯得日益重要。然而，為了降低承辦人員暴露身份之風險，減少承辦人員遭受關說之紛擾，建立一匿名招標流程亦是電子化採購系統關鍵建設之ㄧ環。
本研究以ElGamal數位簽章系統理論為基礎，群體數位簽章為基本架構，藉由解離散對數與因式分解之難題，設計一個數位簽章模組，俾利資訊提供者分享訊息時可獲得充份地隱匿，同時資訊系統驗證者又得以辨認真偽，防制有心人員偽冒，確保資訊正確性與人員隱私之保障。本研究也和公開金鑰密碼系統NTRU（N-th degree truncated polynomial ring）做比較，闡述本文提出之密碼模組複雜度仍是極具效率之簽章機制，可充分提升電子資訊傳遞之效益。
本架構滿足個人隱密性、來源鑑定性、身份匿名性、資料保護性等安全流程機制，可避免傳遞資料遭致竄改衍生機關與廠商因互信不足，肇生運用招標系統資訊之顧忌。因之，此系統不但可扮演產業升級之墊腳石亦可建構供應鏈夥伴電子商務之交易橋樑，提昇國內採購供需間之整體效益指標，甚至亦可應用於軍事資料傳遞流程之驗證。

The government has endeavored to push electronic-commerce into practice for many years, especially in the field of bidding system. However, the bidding data is very likely to be intercepted and modified to someone’s benefits when sent through network. Another problem is that the sender and the receiver of a bidding transaction are not anonymous so that they are also likely to be the target. So, how to build a safe and anonymous bidding system is a very important issue for the success of e-commerce.
We implant ElGamal theory into the group digital signature to make factor program and discrete logarithms computations extremely hard to be solved. This mechanism can allow the bidding members share information anonymously but also, if necessary, allow the top administrator to identify from where or whom a message was sent. We compare our algorithm with N-th degree truncated polynomial ring (NTRU) cryptosystem and find that ours is more efficient in validating encryption and decryption signature.

摘 要 i
ABSTRACT iii
致 謝 v
目 錄 vi
圖 目 錄 viii
表 目 錄 x
一、 緒論 1
1.1 研究動機 1
1.2 研究目的 5
1.3 研究範圍 6
1.4 研究限制 7
1.5 論文架構 8
二、 文獻探討 11
2.1 政府電子採購招標系統 12
2.2 ElGamal數位簽章 19
2.3 群體簽章 30
2.4 NTRU公開金鑰密碼系統 41
三、 驗證系統密碼模組 47
3.1 參與者定義 47
3.2 驗證模式與運作流程 48
3.3 模組參數 49
3.4 傳遞系統群體簽章與驗證 53
四、 安全性與複雜度分析 59
4.1 安全性分析 59
4.2 複雜度分析 62
五、 雛型系統設計 63
5.1 系統設計 63
5.2 雛型實作 64
六、 結論與未來研究 67
6.1 結論 67
6.2 未來研究方向 68
參考文獻 69

〔1〕李傳彬，「廠商電子領投標行為研究」，國立中山大學公共事務管理研究所，碩士論文，2006年。
〔2〕行政院公共工程委員會，http://www.geps.gov.tw。
〔3〕電子簽章，全國法規資料庫，http://law.moj.gov.tw/。
〔4〕電子採購作業辦法，全國法規資料庫，http://law.moj.gov.tw/。
〔5〕Atul Kahate著，楊政穎譯，網路安全與密碼學（Cryptography and Network Security），台北：美商麥格羅．希爾國際股份有限公司 台灣分公司，2007年。
〔6〕鄧安文，密碼學－加密演算法，台北：全華，2004年。
〔7〕鄧安文，密碼學加密演算與密碼分析計算實驗，台北：全華，2006年。
〔8〕楊吳泉，現代密碼學入門與程式設計，台北：全華，1996年。
〔9〕Jonathan Knudsen著，阮韻芳譯，JAVA 密碼學，台北：美商歐萊禮股份有限公司 台灣分公司，1999年。
〔10〕陳正鎔、林文彬，「臥底匿名情資驗證系統之研究」，第十一屆資訊管理學術暨警政資訊實務研討會－社區安全e化與犯罪防制，第157－166頁，警察大學，2007年06月。
〔11〕陳正鎔、邱天嵩、林文彬，「資源分享身份驗證機制之研究」，第十六屆國防科技學術研討會，第5-111－5-120頁，中正理工學院，2007年11月。
〔12〕陳正鎔、林文彬、 陳鳳美、邱天嵩、尹延齡，「匿名資訊分享與分析之研究」，國防管理學報，第28卷第2期，2007年11月。
〔13〕Diffie, W. and M.E. Hellman,” New directions in cryptography”, IEEE Transactions on Information Theory, IT-22(6): pp.644-654, 1976.
〔14〕Shao, Z.,” Digital signature schemes based on factoring and discrete logarithms”, Electronics Letters, Vol.38, Issue 24, pp.1518–1519, 2002.
〔15〕Rivest, R.L., A. Shamir and L. M. Adleman,” A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21(2):pp.120-126,1978.
〔16〕ElGamal, T.,” A public key cryptosystem and a signature scheme based on discrete logarithms”, In G. R. Blakley and D. Chaum, editors, Advances in Cryptology-CRYPTO’84, Vol.196 of Lecture Notes in Computer Science, pp.10-18,Springer-Verlag, 1985.
〔17〕Shen, J.J., C.W. Lin and M.S. Hwang, “A modified remote user authentication scheme using smart cards”, IEEE Transactions on Consumer Electronics, Vol.49, No.2, pp.414-416, 2003.
〔18〕Hwang, M.S. and L.H. Li, “A new remote user authentication scheme using smart cards”, IEEE Transactions on Consumer Electronics, Vol.46, No.1, pp.28-30, 2000.
〔19〕Leung, K.C., L.M. Cheng, A.S. Fong, and C.K. Chan, “Cryptanalysis of a modified remote user authentication scheme using smart cards”, IEEE Transactions on Consumer Electronics, Vol.49, No.4, pp.1243-1245, 2003.
〔20〕Yoon, E.J., E.K. Ryu, and K.Y. Yoo,” Efficient Remote User Authentication Scheme based on Generalized ElGamal Signature Scheme”, IEEE Transactions on Consumer Electronics, Vol.50, No. 2, 2004.
〔21〕Kuo, W.C.,” On ElGamal Signature Scheme”, Future generation communication and networking (fgcn 2007), Vol.2, pp.151-153, 2007.
〔22〕Ren, J. and L. Ham,”Generalized Anonymous Information Sharing”, Signal Processing Applications for Public Security and Forensics. SAFE '07, pp.1-4, 2007.
〔23〕Yoon, E. and K. Yoo,” Secure Deniable Authentication Protocol Based on ElGamal Cryptography”, Information Security and Assurance, pp.36-39, 2008.
〔24〕Shao, J., Z. Cao and R. Lu,” An Improved Deniable Authentication Protocol”, Networks, 48:179-181, 2006.
〔25〕Wang, Y., J. Li, and L. Tie,”A simple protocol for deniable authentication based on ElGamal cryptography”, Networks, Vol.45, Issue 4,pp.193-194, 2005.
〔26〕Chaum, D. and van E. Heyst,“Group Signatures”, Advances in Cryptology EUROCRYPT, Vol.547, pp.257-265, 1991.
〔27〕Wu, Q., W. Susilo, Y. Mu and F. Zhang,”Ad Hoc Group Signatures”,Advances in Information and Computer Security (IWSEC 2006), LNCS 4266, pp.120-135,Springer-Verlag , 2006.
〔28〕Manulis, M., A.R. Sadeghi, J. Schwenk,” Linkable Democratic Group Signatures”, Information Security Practice and Experience (ISPEC 2006), LNCS 3903, pp.187-201. Springer-Verlag, 2006.
〔29〕Furukawa, J. and S. Yonezawa,” Group Signatures with Separate and Distributed Authorities”, Security in Communication Networks (SCN 2004), LNCS 3352, pp.77-90,Springer-Verlag, 2005.
〔30〕Delerablée, C. and D. Pointcheval,” Dynamic Fully Anonymous Short Group Signatures”, VIETCRYPT 2006, LNCS 4341, pp.193-210,Springer-Verlag, 2006.
〔31〕Cao, Z.,”Analysis of One Popular Group Signature Scheme”, ASIACRYPT 2006, LNCS 4284, pp.460-466, Springer-Verlag, 2006.
〔32〕Wei, V.K., T.H. Yuen and F. Zhang,” Group Signature Where Group Manager, Members and Open Authority Are Identity-Based”, Information Security and Privacy (ACISP 2005), LNCS 3574, pp.468-480, Springer-Verlag , 2005.
〔33〕Wei, V.K.,”Tracing-by-Linking Group Signatures”, Information Security (ISC 2005), LNCS 3650, pp.149-163, Springer-Verlag, 2005.
〔34〕Kiayias, A. and M. Yung,”Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders”, http://eprint.iacr.org/2004/076/,2004.
〔35〕Ateniese, G. and B.de. Medeiros,”Efficient Group Signatures without Trapdoors”, ASIACRYPT 2003, LNCS 2894, pp.246-268,Springer-Verlag, 2003.
〔36〕Kilian, J. and E. Petrank,” Identity escrow”, Advances in Cryptology －CRYPTO'98, Vol.1642 of LNCS, pp.169-185, Springer-Verlag, 1998.
〔37〕Kim, S., S. Park and D. Won,” Convertible group signatures”, ASIACRYPT 1996, LNCS 1163, pp.311-321,Springer-Verlag, 1996.
〔38〕Baudron, O., P.A. Fouque, D. Pointcheval, G. Poupard and J. Stern,”Practical Multi-Candidate Election System”, In PODC ’01. ACM, 2001.
〔39〕Sakurai, K. and S. Miyazaki,” An anonymous electronic bidding protocol based on a new convertible group signature schem”, Information Security and Privacy (ACISP'00), LNCS 1841, pp. 385-399,Berlin: Springer-Verlag, 2000.
〔40〕Lysyanskaya, A. and Z. Ramzan,“Group blind digital signatures: A scalable solution to electronic cash”, In FC’98, Vol.1465 of LNCS, pp.184-197,Springer-Verlag, 1998.
〔41〕Nakanishi, T. and N. Funabiki,” A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability”, Advances in Information and Computer Security (IWSEC 2006), LNCS 4266, pp.17-32,Springer-Verlag, 2006.
〔42〕Furukawa, J. and H. Imai,” An Efficient Group Signature Scheme from Bilinear Maps”, Information Security and Privacy (ACISP 2005), LNCS 3574, pp.455-467,Springer-Verlag, 2005.
〔43〕Kiayias, A. and M. Yung,”Group Signatures with Efficient Concurrent Join”, EUROCRYPT'05 , LNCS3494 , pp.198-214, Springer-Verlag, 2005.
〔44〕Ateniese, G. and B. de. Medeiros,” Efficient group signatures without trapdoors”, Advances in Asiacrypt’03, LNCS 2894, pp. 246-268.Springer-Verlag, 2003.
〔45〕Ding, X., G. Tsudik and S. Xu,” Leak-free group signatures with immediate revocation”, Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004), pp.608-615, IEEE Computer Society, 2004.
〔46〕Nguyen, L. and R. Safavi-Naini,”Efficient and provably secure trapdoor-free group signature schemes from bilinear pairings”, In: Advances in Asiacrypt’04, LNCS 3329, pp.372-386, Springer-Verlag, 2004.
〔47〕Zhang, J. , J. Zou and Y. Wang ,”A Group-Oriented Anonymous Signature scheme with Subliminal Channel”, Networking, Sensing and Control, 2005 IEEE , pp.49-53, 2005.
〔48〕Cui, S., C.W. Chan and X. Cheng ,”Practical Group Signatures from RSA”, AINA'06, pp.111-115 ,2006.
〔49〕Ge, H. and S.R. Tate ,” A group signature scheme with signature claiming and variable linkability”, IPCCC 2006. 25th IEEE International, pp.497-504, 2006.
〔50〕Chen, Z., J. Huang, D. Huang, J. Zhang, Y. Wang,”Provably Secure and ID-Based Group Signature Scheme”, AINA 2004, 18th International Conference on Advanced Information Networking and Applications,Vol.2, pp.384-387,2004.
〔51〕Nakanishi, T., F. Kubooka, N. Hamada, and N. Funabiki,”Group Signature Schemes with Membership Revocation for Large Groups”, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, pp.1275-1283,2006.
〔52〕Lee, W.B. and C.C. Chang,”Efficient group signature scheme based on the discrete logarithm”, Computers and Digital Techniques, IEE Proceedings, pp.15-18, 1998.
〔53〕Nyberg, K. and R. A. Rueppel,“A new signature scheme based on the DSA giving message recovery”, in 1st ACM Conf. on Computer and Communication Security, Fairfax, Virginia, United States, pp.58-61, 1993.
〔54〕Chen, L. and T.P. Pedersen,”New group signature schemes”, EUROCRYPT'94, LNCS 950, pp.171-181,Springer-Verlag, 1994.
〔55〕Tseng, Y.M. and J.K. Jan,” Improved group signature scheme based on discrete logarithm problem”, Electronics Letters, 35(1):pp.37-38, 1999.
〔56〕Zhang, J., X. Chen and Y. Wang,”Security analysis of the improved group signature”, ITW2003, 2003 IEEE, pp.171-174, 2003.
〔57〕Sun, H.M., Y.M. Tseng and J.K. Jan,“Improved group signature scheme based on discrete logarithm problem”, Electronics Letters ,Vol.35, No.16, pp.1323-1325,1999.
〔58〕Hoffstein, J., J. Pipher and J. Silverman,”NTRU: a ring based public key cryptosystem”, In Proc. of ANTS III, Vol.1423 of LNCS, pp.267-288,Springer-Verlag, 1998. First presented at the rump session of Crypto ’96.
〔59〕“The NTRU Public Key Cryptosystem – A Tutorial”, available at http://www.ntru.com.
〔60〕NTRU, http:// www.ntru.com/.
〔61〕Hoffstein, J., N. A. Howgrave-Graham, J. Pipher, J. H. Silverman, and W. Whyte,”NTRUSIGN: Digital signatures using the NTRU lattice”, In Proc. of CT-RSA, Vol.2612 of LNCS, Springer-Verlag, 2003.
〔62〕McEliece, R.J.,” A Public-Key Cryptosystem Based On Algebraic Coding Theory”, The Deep Space Network Progress Report, DSN PR 42-44, pp.114-116, 1978.
〔63〕Goldreich, O., S. Goldwasser and S. Halevi,” Public-Key Cryptosystems from Lattice Reduction Problems”, 17th Annual International Cryptology Conference on Advances in Cryptology , pp.112-131, 1997 .
〔64〕Koblitz, N.,”Elliptic curve cryptosystems”, Math. Comp.,Vol.48, pp.203-209, 1987.
〔65〕Miller, V., “Use of elliptic curves in cryptography”, In advances in Cryptology, CRYPTO – ‘85, Springer LNCS 218, pp.47-426, 1986.
〔66〕Sunar, B., D. Brown, F. Looft, et al.,” Efficient NTRU Implementations”, Electrical & Computer Engineering, 2002.
〔67〕Nick, H.G.,” A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU”, CRYPTO 2007, LNCS 4622, pp.150-169, 2007.
〔68〕Gama, N. and P.Q. Nguyen,” New Chosen-Ciphertext Attacks on NTRU”, PKC 2007, LNCS 4450, pp.89-106, 2007.
〔69〕Quan, Y., X. Li and Y. Hu,” Logical Mistakes in NTRU Compensation Algorithm and Improvement of Encryption Verification Algorithm”, Computational Intelligence and Security Workshops, CISW 2007, pp.769-772, 2007.
〔70〕Nick, H.G., H. Jeff , P. Jill and W. William,” On estimating the lattice security of NTRU”, Cryptology ePrint Archive: Report 2005/104, 2005.
〔71〕Lv, X., B. Yang and C. Pei,” Efficient Traitor Tracing Scheme Based on NTRU”, PDCAT’05, pp.120-124, 2005.
〔72〕HARN, L. ,”Public-key cryptosystem design based on factoring and discrete logarithms”, Computers and Digital Techniques, IEE Proceedings, pp.193-195, 1994.
〔73〕Tu, K.,” Public-key crypotosystem design based on factoring and discrete logarithms [Comment - Reply - Comment]”,Computers and Digital Techniques, IEE Proceedings Vol.143, Issue 1, pp.96- 96,1996.
〔74〕Maurer, U.M. and Y. Yacobi,” A non-interactive public key distribution system”, Designs, Codes and Cryptography, Vol.9, Number 3, pp.305-316, 1996.