Please use this identifier to cite or link to this item: https://ah.nccu.edu.tw/handle/140.119/120258


Title: ECQV自簽名憑證及其延伸應用之研究
A Study on ECQV Self-singed Certificate and Its Extensions
Authors: 蘇勤文
Su, Ching-Wen
Contributors: 左瑞麟
Tso, Ray-Lin
蘇勤文
Su, Ching-Wen
Keywords: Elliptic curve Qu-Vanstone(ECQV)
隱式憑證
憑證更新
Elliptic curve Qu-Vanstone(ECQV)
Implicit certificate
Certificate update
Date: 2018
Issue Date: 2018-10-01 12:10:34 (UTC+8)
Abstract: Elliptic curve Qu-Vanstone(ECQV)由Daniel等人於2001年提出,為目前眾多系統及標準使用的隱式憑證。隱式憑證確保只有憑證的原始擁有者可以算出相應私鑰,且隱式憑證並不包含簽章,因此可以快速計算,適合用於能力受限的系統設備上。但是我們發現ECQV存在兩個問題。第一個問題,由於隱式憑證不包含簽章的特性,在與對方溝通之前無法驗證用戶是否是正確的對象。第二個問題,由於證書和公鑰是一對一的對應關係,當用戶需要多個密鑰時,他們必須頻繁地與證書頒發機構(CA)溝通,這可能增加傳輸溝通成本。因此本研究提出兩種機制來解決上述問題。代理憑證機制以及憑證更新機制,兩種機制皆可基於原始憑證,自行產生多組公私鑰。代理憑證機制產生的公私鑰可分與他人做使用;憑證更新機制不可分與他人做使用,且生成的憑證具有可驗證性,可證實為原憑證擁有者生成,因此兩個機制可滿足不同的情境。另外我們也針對私鑰的機密性和證書的不可偽造性進行安全性證明。同時我們也透過實作證實,相較RSA或是ECQV我們提出的機制確實可以利用較少的時間、較低的成本生成憑證,因此適用於能力受限系統。
Elliptic curve Qu-Vanstone (ECQV) is now the most commonly used implicit certificate. However, we noticed that ECQV presents two main problems. First, due to the characteristics of the implicit certificate, it is not possible to verify whether the user is the correct object until we communicate with. Second, the certificate and the public key are in a one-to-one correspondence; hence, when users need multiple keys, they have to frequently communicate with the Certificate Authority (CA), which may increase the communication transmission costs. Therefore, we propose two schemes to solve the above issues. The proxy certificate scheme allows users to update their public/private keys without asking for a new certificate from the CA. The certificate update scheme allows users to update their keys and verifiers to check their identities. Then we also make sure that our scheme satisfy the confidentiality of the private key and the unforgeability of the certificate. In addition, we also implement the scheme we proposed and proved that it took a short time. Therefore, the mechanism we propose can indeed reduce the cost and suitable for power-limited systems.
Reference: [1] Cooper, David, et al. Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. No. RFC 5280. 2008.
[2] Brown, Daniel RL, Robert Gallant, and Scott A. Vanstone. "Provably secure implicit certificate schemes." International Conference on Financial Cryptography. Springer, Berlin, Heidelberg, 2001.
[3] IEEE 1609.2-Standard for Wireless Access in Vehicular Environments (WAVE) - Security Services for Applications and Management Messages, available from ITS Standards Program, http://www.standards.its.dot.gov/StdsSummary.asp.
[4] Miller, Victor S. "Use of elliptic curves in cryptography." Conference on the theory and application of cryptographic techniques. Springer, Berlin, Heidelberg, 1985.
[5] Koblitz, Neal. "Elliptic curve cryptosystems." Mathematics of computation 48.177 (1987): 203-209.
[6] Menezes, Alfred J., and Scott A. Vanstone. " Elliptic curve cryptosystems and their implementation." Journal of Cryptology 6.4 (1993): 209-224.
[7] Law, L., and J. Solinas. Suite B cryptographic suites for IPsec. No. RFC 4869. 2007.
[8] Pintsov, Leon A., and Scott A. Vanstone. "Postal revenue collection in the digital age." Financial Cryptography. Vol. 1962. 2000.
[9] Brown, Daniel RL, Matthew J. Campagna, and Scott A. Vanstone. "Security of ECQV-Certified ECDSA Against Passive Adversaries." IACR Cryptology ePrint Archive 2009 (2009): 620.
[10] D. R. L. Brown. Generic groups, collision resistance, and ECDSA. Designs, Codes and Cryptography, 35:119–152, 2005. http://eprint.iacr.org/2002/026.
[11] D. R. L. Brown. On the provable security of ECDSA. In I. F. Blake, G. Seroussi, and N. P. Smart, editors, Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Note Series, pages 21–40. Cambridge University Press, 2005.
[12] P. Paillier and D. Vergnaud. Discrete-log-based signatures may not be equivalent to discrete log. In B. Roy, editor, Advances in Cryptology — ASIACRYPT 2005, volume 3788 of Lecture Notes in Computer Science, pages 1–20. International Association for Cryptologic Research, Springer, Dec. 2005.
[13] Brown, Daniel RL, Robert Gallant, and Scott A. Vanstone. "Provably secure implicit certificate schemes." International Conference on Financial Cryptography. Springer, Berlin, Heidelberg, 2001.
[14] Brown, D. "Standards for efficient cryptography, SEC 1: elliptic curve cryptography." Released Standard Version 1 (2009)
[15] Kapoor, Vivek, Vivek Sonny Abraham, and Ramesh Singh. "Elliptic curve cryptography." Ubiquity 2008.May (2008): 7.
[16] Kosters, Michiel, and Sze Ling Yeo. "Notes on summation polynomials." arXiv preprint arXiv:1503.08001 (2015).
[17] Maletsky, Kerry. "RSA vs ECC comparison for embedded systems." White Paper, Atmel (2015): 5.
[18] Campagna, M. "SEC 4: Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV)." Certicom Res., Mississauga, ON, Canada, Tech. Rep (2013).
[19] Schnorr, Claus-Peter. "Efficient identification and signatures for smart cards." Conference on the Theory and Application of Cryptology. Springer, New York, NY, 1989.
[20] Schnorr, Claus-Peter. "Efficient signature generation by smart cards." Journal of cryptology 4.3 (1991): 161-174.
[21] Pointcheval, David, and Jacques Stern. "Security proofs for signature schemes." International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 1996.
[22] Pointcheval, David, and Jacques Stern. "Security arguments for digital signatures and blind signatures." Journal of cryptology 13.3 (2000): 361-396.
[23] D. Pointcheval and J. Stern, “Security proofs for signature schemes”, Advances in Cryptology – Eurocrypt’96, 1996, pp. 387-398.
[24] Seurin, Yannick. "On the exact security of schnorr-type signatures in the random oracle model." Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2012.
Description: 碩士
國立政治大學
資訊科學系
105753005
Source URI: http://thesis.lib.nccu.edu.tw/record/#G0105753005
Data Type: thesis
Appears in Collections:[資訊科學系] 學位論文

Files in This Item:

File SizeFormat
300501.pdf696KbAdobe PDF367View/Open


All items in 學術集成 are protected by copyright, with all rights reserved.


社群 sharing