隨著科技的進步與網際網路的蓬勃發展，有許多網路相關應用及協定被提出，為使用者帶來前所未有的便利，然而便利的背後卻帶來不可預知的安全性問題，因為使用者無法得知協定參與者的身份合法性，故需要透過一個公正的第三方協助，以達到確認對方合法性的目的。並藉由被信任的第三方協助進行金鑰交換或是協調產生所需之協定參數。
故本論文首先探討由可靠的第三方協助參與者協調共同金鑰之相關協定，在2008年，Yoon 和Yoo兩位韓國學者指出Chang和Chang的三方通訊方法有安全性上的問題，並且提出了一個改進的三方金鑰交換協定的方法，可以抵檔線上字典攻擊。但是我們發現Yoon 和Yoo的方法還是存在著線上字典攻擊的安全性弱點。接著，探討原簽署者透過可信任的第三方產生秘密參數，以作為提供代理人簽章的方法。在2007年，Hu和Huang兩位學者提出一個新的簽章方法，植基於雙線性為基礎的個人識別碼代理人簽章。在2009年Park等三位學者指出Hu和Huang的方法違反了隱私性的原則。當代理金鑰產生階段時，代理人不需要經過委託人的同意，就可以自行產生。但是我們發現Park等三位學者的方法還是有安全性的缺失。其一，代理人會被愚弄(fooling)；其二，代理金鑰的驗證在他們的方法中，永遠不會成功。最後，我們提出一個改進的方法。

Recently, as rapid advanced of technology and growth of network. A lot of network applications and protocols were proposed. It will be very convenient to the users, but behind of the convenience is that unpredictable security problem. Users have no idea to verify the partner’s identity if is valid via the protocol. For this reason, we need an impartial trustworthy-third-party to help verifying the user’s legitimate. At last, exchanging the key agreement and generating the parameters both need by trustworthy-third-party.
In our thesis, we will discuss protocol about trustworthy-third-party assistant partners to communicate the same session key each other. In 2008, Yoon and Yoo pointed out that Chang and Chang’s 3PEKE protocol with security problem, and proposed an improved three-party key exchange protocol can be against online dictionary attacks. However, we found that Yoon and Yoo’s scheme still existence of online dictionary attacks, security vulnerabilities. Next, we discuss that original signer generates secret parameters via trustworthy-third-party to suppose proxy signer signature. In 2007, Hu and Huang proposed a novel signature scheme. It’s identity-based on bilinear proxy signature. In 2009, Park et al. pointed out that the scheme violates the privacy principles on Hu-Huang’s scheme. When the proxy key generation phase, the proxy signer can generate signature without agreement of original signer. However, we found that Park et al.’s scheme still has weak security. First, the proxy signer will be fooling. Second, the proxy verification key in their way will never succeed. Finally, we proposed our scheme.

摘　要 i
Abstract ii
誌 謝 iv
Table of Contents v
List of Figures vii
List of Tables viii

Chapter 1 Introduction 1
1.1 Motivation 1
1.2 Thesis Organization 2

Chapter 2 Three Party Encryption Key Exchange Protocol 3
2.1 Related Works 3
2.2 Notations 4
2.3 Review of Yoon and Yoo’s 3PEKE Scheme 5
2.4 Yoon and Yoo’s Security Problem 6

Chapter 3 A Proxy Signature Scheme Based on Bilinear Pairings with Identity-based Cryptographic Approaches 8
3.1 Related Works 8
3.2 Review of Hu-Huang’s Scheme 9
3.2.1 Initialization Phase 10
3.2.2 Key Pair Generation Phase 10
3.2.3 Proxy Key Generation Phase 10
3.2.4 Proxy Key Signature Generation and Verification Phase 11
3.3 The Privacy Problem on Hu-Huang’s Scheme 12
3.4 Review of Park et al.’s Scheme 12
3.4.1 Proxy Key Generation Phase 12
3.5 Flaw of Park et al.’s Scheme 13
3.6 The Proposed Scheme 15
3.6.1 The Proposed Proxy Key Generation Phase 15
3.7 Security Analysis 17

Chapter 4 Conclusions 20

Bibliography 22

[1]M. Steiner, G. Tsudik and M. Waidner, “Refinement and extension of encrypted key exchange,” ACM Operating Systems Review, Vol.29, pp. 22-30, 1995.
[2]E. J. Yoon and K. Y. Yoo, “Improving the novel three-party encrypted key exchange protocol,” Computer Standard &; Interfaces , Vol. 30, pp. 309-314, 2008.
[3]C. C. Chang and Y. F. Chang, “A novel three-party encrypted key exchange protocol,” Computer Standards &; Interfaces, Vol. 26, pp. 471-476, 2004.
[4]W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, Vol. 22, pp. 644-654, 1976.
[5]S. M. Bellovin and M. Merrit, “Encrypted key exchange: password-based protocols secure against dictionary attacks,” in: IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California, pp. 72-84, 1992.
[6]Y. Ding and P. Horster, “Undetectable on-line password guessing attacks,” ACM Operating Systems Review, Vol. 29, pp.77-86, 1995.
[7]C. L. Lin, H. M. Sun and T. Hwang, “Three-party encrypted key exchange: attacks and a solution,” ACM Operating Systems Review, Vol. 34, pp. 12-20, 2000.
[8]A. Shamir, “Identity-based cryptosystems and signature schemes,” Advances in Cryptology – Crypto’84, LNCS 196, Springer-Verlag, pp.47-53, 1984.
[9]M. Mambo, K. Usuda and E. Okamoto, “Proxy signature: Delegation of the power to sign messages,” IEICE Transactions on Fundamentals, Vol. E79-A, No. 9, pp. 1338-1354, 1996.
[10]S. Kim, S. Park and D. Won, “Proxy signatures, revisited,” Proceedings of the International Conference on Information and Communications Security, ICICS’97, LNCS 1334, pp. 223-232, 1997.
[11]Y. F. Chang and C. C. Chang, “Efficient multi-proxy multi-signature schemes based on DLP,” International Journal of Computer Science and Network Security, Vol. 6, No. 2B, pp. 152-159, February 2006,.
[12]Y. F. Chang and C. C. Chang, “An RSA-based (t,n) threshold proxy signature scheme with freewill identities,” International Journal of Information and Computer Security, Vol. 1, No. 1/2, pp. 201-209, 2007.
[13]Y. F. Chang and C. C. Chang, “Robust t-out-of-n proxy signature based on RSA cryptosystems,” International Journal of Innovative Computing Information and Control, Vol. 4, No. 2, pp. 425-431, February 2008.
[14]X. Hu and S. Huang, “A novel proxy key generation protocol and its application,” Computer Standards &; Interfaces, Vol. 29, No. 14, pp. 191-195, 2007.
[15]D. Boneh and M. Franklin, “Identity based encryption from the Weil pairing,” Advances in Cryptology-Cryto’01, LNCS 2139, Springer-Verlag, pp. 213-229, 2001.
[16]D. Boneh, B. Lynn and H. Shacham, “Short signatures from the Weil pairing,” Advances in Cryptology-Asiacryp’01, LNCS 2248, Springer-Verlag, pp. 514-532, 2001.
[17]H. Park, S. Lim and I. Yie, “A privacy problem on Hu-Huang’s proxy key generation protocol,” Computer Standards &; Interfaces, Vol. 31, No. 17, pp. 480-483, 2009.
[18]B. Lee, H. Kim and K. Won, “Secure mobile agent using strong non-designated proxy signature,” Proceedings of ACISP’01, LNCS 2119, Springer-Verlag, pp. 474-486, 2001.
[19]F. Hess, “Efficient identity based signature schemes based on pairings,” Proceedings of SAC''02, LNCS 2595, Springer-Verlag, pp. 310-324, 2002.
[20]J. C. Cha and J. H. Cheon, “An identity-based signature from gap Diffie–Hellman groups,” Proceedings of PKC''03, LNCS 2567, Springer-Verlag, pp. 18-30, 2003.