Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 ECQV自簽名憑證及其延伸應用之研究
A Study on ECQV Self-singed Certificate and Its Extensions
作者 蘇勤文
Su, Ching-Wen
貢獻者 左瑞麟
Tso, Ray-Lin
蘇勤文
Su, Ching-Wen
關鍵詞 Elliptic curve Qu-Vanstone(ECQV)
隱式憑證
憑證更新
Elliptic curve Qu-Vanstone(ECQV)
Implicit certificate
Certificate update
日期 2018
上傳時間 1-Oct-2018 12:10:34 (UTC+8)
摘要 Elliptic curve Qu-Vanstone(ECQV)由Daniel等人於2001年提出,為目前眾多系統及標準使用的隱式憑證。隱式憑證確保只有憑證的原始擁有者可以算出相應私鑰,且隱式憑證並不包含簽章,因此可以快速計算,適合用於能力受限的系統設備上。但是我們發現ECQV存在兩個問題。第一個問題,由於隱式憑證不包含簽章的特性,在與對方溝通之前無法驗證用戶是否是正確的對象。第二個問題,由於證書和公鑰是一對一的對應關係,當用戶需要多個密鑰時,他們必須頻繁地與證書頒發機構(CA)溝通,這可能增加傳輸溝通成本。因此本研究提出兩種機制來解決上述問題。代理憑證機制以及憑證更新機制,兩種機制皆可基於原始憑證,自行產生多組公私鑰。代理憑證機制產生的公私鑰可分與他人做使用;憑證更新機制不可分與他人做使用,且生成的憑證具有可驗證性,可證實為原憑證擁有者生成,因此兩個機制可滿足不同的情境。另外我們也針對私鑰的機密性和證書的不可偽造性進行安全性證明。同時我們也透過實作證實,相較RSA或是ECQV我們提出的機制確實可以利用較少的時間、較低的成本生成憑證,因此適用於能力受限系統。
Elliptic curve Qu-Vanstone (ECQV) is now the most commonly used implicit certificate. However, we noticed that ECQV presents two main problems. First, due to the characteristics of the implicit certificate, it is not possible to verify whether the user is the correct object until we communicate with. Second, the certificate and the public key are in a one-to-one correspondence; hence, when users need multiple keys, they have to frequently communicate with the Certificate Authority (CA), which may increase the communication transmission costs. Therefore, we propose two schemes to solve the above issues. The proxy certificate scheme allows users to update their public/private keys without asking for a new certificate from the CA. The certificate update scheme allows users to update their keys and verifiers to check their identities. Then we also make sure that our scheme satisfy the confidentiality of the private key and the unforgeability of the certificate. In addition, we also implement the scheme we proposed and proved that it took a short time. Therefore, the mechanism we propose can indeed reduce the cost and suitable for power-limited systems.
參考文獻 [1] Cooper, David, et al. Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. No. RFC 5280. 2008.
[2] Brown, Daniel RL, Robert Gallant, and Scott A. Vanstone. "Provably secure implicit certificate schemes." International Conference on Financial Cryptography. Springer, Berlin, Heidelberg, 2001.
[3] IEEE 1609.2-Standard for Wireless Access in Vehicular Environments (WAVE) - Security Services for Applications and Management Messages, available from ITS Standards Program, http://www.standards.its.dot.gov/StdsSummary.asp.
[4] Miller, Victor S. "Use of elliptic curves in cryptography." Conference on the theory and application of cryptographic techniques. Springer, Berlin, Heidelberg, 1985.
[5] Koblitz, Neal. "Elliptic curve cryptosystems." Mathematics of computation 48.177 (1987): 203-209.
[6] Menezes, Alfred J., and Scott A. Vanstone. " Elliptic curve cryptosystems and their implementation." Journal of Cryptology 6.4 (1993): 209-224.
[7] Law, L., and J. Solinas. Suite B cryptographic suites for IPsec. No. RFC 4869. 2007.
[8] Pintsov, Leon A., and Scott A. Vanstone. "Postal revenue collection in the digital age." Financial Cryptography. Vol. 1962. 2000.
[9] Brown, Daniel RL, Matthew J. Campagna, and Scott A. Vanstone. "Security of ECQV-Certified ECDSA Against Passive Adversaries." IACR Cryptology ePrint Archive 2009 (2009): 620.
[10] D. R. L. Brown. Generic groups, collision resistance, and ECDSA. Designs, Codes and Cryptography, 35:119–152, 2005. http://eprint.iacr.org/2002/026.
[11] D. R. L. Brown. On the provable security of ECDSA. In I. F. Blake, G. Seroussi, and N. P. Smart, editors, Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Note Series, pages 21–40. Cambridge University Press, 2005.
[12] P. Paillier and D. Vergnaud. Discrete-log-based signatures may not be equivalent to discrete log. In B. Roy, editor, Advances in Cryptology — ASIACRYPT 2005, volume 3788 of Lecture Notes in Computer Science, pages 1–20. International Association for Cryptologic Research, Springer, Dec. 2005.
[13] Brown, Daniel RL, Robert Gallant, and Scott A. Vanstone. "Provably secure implicit certificate schemes." International Conference on Financial Cryptography. Springer, Berlin, Heidelberg, 2001.
[14] Brown, D. "Standards for efficient cryptography, SEC 1: elliptic curve cryptography." Released Standard Version 1 (2009)
[15] Kapoor, Vivek, Vivek Sonny Abraham, and Ramesh Singh. "Elliptic curve cryptography." Ubiquity 2008.May (2008): 7.
[16] Kosters, Michiel, and Sze Ling Yeo. "Notes on summation polynomials." arXiv preprint arXiv:1503.08001 (2015).
[17] Maletsky, Kerry. "RSA vs ECC comparison for embedded systems." White Paper, Atmel (2015): 5.
[18] Campagna, M. "SEC 4: Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV)." Certicom Res., Mississauga, ON, Canada, Tech. Rep (2013).
[19] Schnorr, Claus-Peter. "Efficient identification and signatures for smart cards." Conference on the Theory and Application of Cryptology. Springer, New York, NY, 1989.
[20] Schnorr, Claus-Peter. "Efficient signature generation by smart cards." Journal of cryptology 4.3 (1991): 161-174.
[21] Pointcheval, David, and Jacques Stern. "Security proofs for signature schemes." International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 1996.
[22] Pointcheval, David, and Jacques Stern. "Security arguments for digital signatures and blind signatures." Journal of cryptology 13.3 (2000): 361-396.
[23] D. Pointcheval and J. Stern, “Security proofs for signature schemes”, Advances in Cryptology – Eurocrypt’96, 1996, pp. 387-398.
[24] Seurin, Yannick. "On the exact security of schnorr-type signatures in the random oracle model." Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2012.
描述 碩士
國立政治大學
資訊科學系
105753005
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0105753005
資料類型 thesis
dc.contributor.advisor 左瑞麟zh_TW
dc.contributor.advisor Tso, Ray-Linen_US
dc.contributor.author (Authors) 蘇勤文zh_TW
dc.contributor.author (Authors) Su, Ching-Wenen_US
dc.creator (作者) 蘇勤文zh_TW
dc.creator (作者) Su, Ching-Wenen_US
dc.date (日期) 2018en_US
dc.date.accessioned 1-Oct-2018 12:10:34 (UTC+8)-
dc.date.available 1-Oct-2018 12:10:34 (UTC+8)-
dc.date.issued (上傳時間) 1-Oct-2018 12:10:34 (UTC+8)-
dc.identifier (Other Identifiers) G0105753005en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/120258-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學系zh_TW
dc.description (描述) 105753005zh_TW
dc.description.abstract (摘要) Elliptic curve Qu-Vanstone(ECQV)由Daniel等人於2001年提出,為目前眾多系統及標準使用的隱式憑證。隱式憑證確保只有憑證的原始擁有者可以算出相應私鑰,且隱式憑證並不包含簽章,因此可以快速計算,適合用於能力受限的系統設備上。但是我們發現ECQV存在兩個問題。第一個問題,由於隱式憑證不包含簽章的特性,在與對方溝通之前無法驗證用戶是否是正確的對象。第二個問題,由於證書和公鑰是一對一的對應關係,當用戶需要多個密鑰時,他們必須頻繁地與證書頒發機構(CA)溝通,這可能增加傳輸溝通成本。因此本研究提出兩種機制來解決上述問題。代理憑證機制以及憑證更新機制,兩種機制皆可基於原始憑證,自行產生多組公私鑰。代理憑證機制產生的公私鑰可分與他人做使用;憑證更新機制不可分與他人做使用,且生成的憑證具有可驗證性,可證實為原憑證擁有者生成,因此兩個機制可滿足不同的情境。另外我們也針對私鑰的機密性和證書的不可偽造性進行安全性證明。同時我們也透過實作證實,相較RSA或是ECQV我們提出的機制確實可以利用較少的時間、較低的成本生成憑證,因此適用於能力受限系統。zh_TW
dc.description.abstract (摘要) Elliptic curve Qu-Vanstone (ECQV) is now the most commonly used implicit certificate. However, we noticed that ECQV presents two main problems. First, due to the characteristics of the implicit certificate, it is not possible to verify whether the user is the correct object until we communicate with. Second, the certificate and the public key are in a one-to-one correspondence; hence, when users need multiple keys, they have to frequently communicate with the Certificate Authority (CA), which may increase the communication transmission costs. Therefore, we propose two schemes to solve the above issues. The proxy certificate scheme allows users to update their public/private keys without asking for a new certificate from the CA. The certificate update scheme allows users to update their keys and verifiers to check their identities. Then we also make sure that our scheme satisfy the confidentiality of the private key and the unforgeability of the certificate. In addition, we also implement the scheme we proposed and proved that it took a short time. Therefore, the mechanism we propose can indeed reduce the cost and suitable for power-limited systems.en_US
dc.description.tableofcontents 摘要 i
Abstract ii
誌謝 iii
目錄 iv
表目錄 vi
圖目錄 vii
1. 緒論 1
1.1. 研究動機 1
1.2. 研究背景 2
1.3. 研究目的 4
1.4. 論文架構 4
2. 背景知識 5
2.1. 橢圓曲線密碼系統(Elliptic Curve Cryptosystem,ECC) 5
2.1.1. 定義橢圓曲線 5
2.1.2. 橢圓曲線上的運算 5
2.1.3. ECC應用 6
2.1.4. 安全性 7
2.2. Elliptic Curve Qu-Vanstone(ECQV) 8
2.2.1. OMC 8
2.2.2. ECQV 9
2.2.3. 安全性 11
2.3. Schnorr協議 12
2.3.1. Schnorr身分驗證協議 (Schnorr Identification Protocol) 12
2.3.2. Schnorr簽名協議(Schnorr Signature Protocol) 13
2.3.3. 安全性 15
3. 基於ECQV之多重金鑰生成機制 17
3.1. 定義 17
3.1.1. 符號定義 17
3.1.2. 方法定義 17
3.2. 安全模型 18
3.2.1. 私鑰安全性之安全模型 18
3.2.2. 憑證更新機制不可偽造性之安全模型 19
3.3. 代理憑證機制 20
3.4. 憑證更新機制 21
4. 安全性證明 24
4.1. 私鑰安全性證明 24
4.2. 憑證更新機制之不可偽造性證明 27
5. 效能比較 30
6. 結論 33
參考文獻 34
zh_TW
dc.format.extent 713602 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0105753005en_US
dc.subject (關鍵詞) Elliptic curve Qu-Vanstone(ECQV)zh_TW
dc.subject (關鍵詞) 隱式憑證zh_TW
dc.subject (關鍵詞) 憑證更新zh_TW
dc.subject (關鍵詞) Elliptic curve Qu-Vanstone(ECQV)en_US
dc.subject (關鍵詞) Implicit certificateen_US
dc.subject (關鍵詞) Certificate updateen_US
dc.title (題名) ECQV自簽名憑證及其延伸應用之研究zh_TW
dc.title (題名) A Study on ECQV Self-singed Certificate and Its Extensionsen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) [1] Cooper, David, et al. Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. No. RFC 5280. 2008.
[2] Brown, Daniel RL, Robert Gallant, and Scott A. Vanstone. "Provably secure implicit certificate schemes." International Conference on Financial Cryptography. Springer, Berlin, Heidelberg, 2001.
[3] IEEE 1609.2-Standard for Wireless Access in Vehicular Environments (WAVE) - Security Services for Applications and Management Messages, available from ITS Standards Program, http://www.standards.its.dot.gov/StdsSummary.asp.
[4] Miller, Victor S. "Use of elliptic curves in cryptography." Conference on the theory and application of cryptographic techniques. Springer, Berlin, Heidelberg, 1985.
[5] Koblitz, Neal. "Elliptic curve cryptosystems." Mathematics of computation 48.177 (1987): 203-209.
[6] Menezes, Alfred J., and Scott A. Vanstone. " Elliptic curve cryptosystems and their implementation." Journal of Cryptology 6.4 (1993): 209-224.
[7] Law, L., and J. Solinas. Suite B cryptographic suites for IPsec. No. RFC 4869. 2007.
[8] Pintsov, Leon A., and Scott A. Vanstone. "Postal revenue collection in the digital age." Financial Cryptography. Vol. 1962. 2000.
[9] Brown, Daniel RL, Matthew J. Campagna, and Scott A. Vanstone. "Security of ECQV-Certified ECDSA Against Passive Adversaries." IACR Cryptology ePrint Archive 2009 (2009): 620.
[10] D. R. L. Brown. Generic groups, collision resistance, and ECDSA. Designs, Codes and Cryptography, 35:119–152, 2005. http://eprint.iacr.org/2002/026.
[11] D. R. L. Brown. On the provable security of ECDSA. In I. F. Blake, G. Seroussi, and N. P. Smart, editors, Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Note Series, pages 21–40. Cambridge University Press, 2005.
[12] P. Paillier and D. Vergnaud. Discrete-log-based signatures may not be equivalent to discrete log. In B. Roy, editor, Advances in Cryptology — ASIACRYPT 2005, volume 3788 of Lecture Notes in Computer Science, pages 1–20. International Association for Cryptologic Research, Springer, Dec. 2005.
[13] Brown, Daniel RL, Robert Gallant, and Scott A. Vanstone. "Provably secure implicit certificate schemes." International Conference on Financial Cryptography. Springer, Berlin, Heidelberg, 2001.
[14] Brown, D. "Standards for efficient cryptography, SEC 1: elliptic curve cryptography." Released Standard Version 1 (2009)
[15] Kapoor, Vivek, Vivek Sonny Abraham, and Ramesh Singh. "Elliptic curve cryptography." Ubiquity 2008.May (2008): 7.
[16] Kosters, Michiel, and Sze Ling Yeo. "Notes on summation polynomials." arXiv preprint arXiv:1503.08001 (2015).
[17] Maletsky, Kerry. "RSA vs ECC comparison for embedded systems." White Paper, Atmel (2015): 5.
[18] Campagna, M. "SEC 4: Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV)." Certicom Res., Mississauga, ON, Canada, Tech. Rep (2013).
[19] Schnorr, Claus-Peter. "Efficient identification and signatures for smart cards." Conference on the Theory and Application of Cryptology. Springer, New York, NY, 1989.
[20] Schnorr, Claus-Peter. "Efficient signature generation by smart cards." Journal of cryptology 4.3 (1991): 161-174.
[21] Pointcheval, David, and Jacques Stern. "Security proofs for signature schemes." International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 1996.
[22] Pointcheval, David, and Jacques Stern. "Security arguments for digital signatures and blind signatures." Journal of cryptology 13.3 (2000): 361-396.
[23] D. Pointcheval and J. Stern, “Security proofs for signature schemes”, Advances in Cryptology – Eurocrypt’96, 1996, pp. 387-398.
[24] Seurin, Yannick. "On the exact security of schnorr-type signatures in the random oracle model." Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2012.
zh_TW
dc.identifier.doi (DOI) 10.6814/THE.NCCU.CS.021.2018.B02en_US