Publications-Theses
Article View/Open
Publication Export
-
題名 基於晶格之分散式可控制策略簽章之研究
A Study on Decentralized Policy-controlled Signatures from Lattice作者 劉子源
Liu, Zi-Yuan貢獻者 左瑞麟
Tso, Ray-Lin
劉子源
Liu, Zi-Yuan關鍵詞 可控制策略簽章
後量子密碼
晶格
分散式
Policy-controlled Signature
Post-quantum Cryptography
Lattice
Decentralized日期 2018 上傳時間 7-Aug-2019 16:36:12 (UTC+8) 摘要 可控制策略簽章(Policy-controlled Signature)由 Thorncharoensri等人於ICICS 2009提出,為一個新型態的數位簽章,其性質保證簽名者可以連同屬性對訊息簽名,而只有擁有符合屬性的驗證者可以進行驗證。在原先的論文裡,Thorncharoensri等人提出了基於雙線性配對的架構,並且定義其安全模型。由於量子電腦的發展,未來面對量子電腦的攻擊難以避免,而傳統上可控制策略簽章大多是使用離散對數難問題去證明其安全性,未來可能會遭受到量子電腦攻擊的破解。因此,藉由晶格上之難問題可抗量子攻擊之性質,本論文說明可控制策略簽章可以透過屬性加密架構以及簽名架構達成,因此,採用Bert等人基於環-短整數解難問題之簽名架構以及Rahman等人基於環-錯誤學習難問題之加密架構,提出第一個基於晶格之分散式可控制策略簽章與其安全性證明。特別的是此架構為分散式架構,任何用戶能自行成為認證中心,發送簽名及認證的鑰匙。這論文有兩個主要貢獻:其一為使原始架構成為抗量子攻擊之架構;其二為此架構能避免需要完全信任單一認證中心之問題。
Policy-controlled signature (PCS) was first introduced by Thorncharoensri \\textit{et al}. at ICICS $2009$. It is a new type of digital signature in which a signer can sign the message with some policies, but only verifiers who have the correct policy credentials can verify the signature. In the pioneering paper, Thorncharoensri \\textit{et al}. proposed a generic construction based on bilinear pairings and defined its security models. With the rapid development of quantum computers, it will be difficult to avoid the quantum attacks in the future. This work shows that the attribute-based encryption and signature scheme can construct the policy-controlled signature scheme. Therefore, assuming that, with this preparation, a lattice could withstand quantum attacks, this work adopts Bert`s signature protocol and Rahman`s encryption protocol to propose the first decentralized PCS based on the lattice. Specifically, it is a decentralized scheme in which any user can become an authority and then issue a signer key or policy credentials. This thesis makes two contributions. On the one hand, it introduces the first policy-controlled signature that is quantum resistant. On the other hand, this new scheme avoids the problem of fully trusting a single certificate authority.參考文獻 1 S. Agrawal, D. Boneh, and X. Boyen. Efficient Lattice (H)IBE in the Standard Model. In H. Gilbert, editor, Advances in Cryptology – EUROCRYPT 2010, pages 553–572, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.2 M. Ajtai. Generating Hard Instances of Lattice Problems (Extended Abstract). In Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC ’96, pages 99–108, New York, NY, USA, 1996. ACM.3 M. Ajtai. The Shortest Vector Problem in L2 is NPhard for Randomized Reductions (Extended Abstract). In Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, STOC ’98, pages 10–19, New York, NY, USA, 1998. ACM.4 J. Alwen and C. Peikert. Generating Shorter Bases for Hard Random Lattices. Theory of Computing Systems, 48(3):535–553, Apr 2011.5 P. S. L. M. Barreto, P. Longa, M. Naehrig, J. E. Ricardini, and G. Zanon. Sharper RingLWE Signatures. IACR Cryptology ePrint Archive 2016, pages 1–30, 2016.6 A. Beimel. Secure Schemes for Secret Sharing and Key Distribution. Technion Israel Institute of technology, Faculty of computer science, 1996.7 A. Beimel. Secure Schemes for Secret Sharing and Key Distribution. In PhD thesis, Israel Institute of Technology, 1996.8 P. Bert, P.A. Fouque, A. RouxLanglois, and M. Sabt. Practical Implementation of RingSIS/LWE Based Signature and IBE. In T. Lange and R. Steinwandt, editors, PostQuantum Cryptography, pages 271–291, Cham, 2018. Springer International Publishing.9 X. Boyen. Attribute-Based Functional Encryption on Lattices. In Proceedings of the 10th Theory of Cryptography Conference on Theory of Cryptography, TCC’13, pages 122–142, Berlin, Heidelberg, 2013. SpringerVerlag.10 Z. Brakerski and V. Vaikuntanathan. Efficient Fully Homomorphic Encryption from (Standard) LWE. SIAM Journal on Computing, 43(2):831–871, 2014.11 L. G. Bruinderink, A. Hülsing, T. Lange, and Y. Yarom. Flush, Gauss, and Reload–A cache attack on the BLISS lattice-based signature scheme. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9813 LNCS(645622):323–345, 2016.12 Y. Chen and P. Q. Nguyen. BKZ 2.0: Better Lattice Security Estimates. In D. H. Lee and X. Wang, editors, Advances in Cryptology – ASIACRYPT 2011, pages 1–20, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.13 S. S. Chow. Multidesignated verifiers signatures revisited. International Journal of Network Security, 7(3):348–357, 2008.14 L. Ducas, A. Durmus, T. Lepoint, and V. Lyubashevsky. Lattice Signatures and Bimodal Gaussians. In R. Canetti and J. A. Garay, editors, Advances in Cryptology – CRYPTO 2013, pages 40–56, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.15 L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, P. Schwabe, G. Seiler, and D. Stehlé. CRYSTALSDilithium : A Lattice-Based Digital Signature Scheme. 2018(1):238–268, 2018.16 L. Ducas, V. Lyubashevsky, and T. Prest. Efficient Identity-Based Encryption over NTRU Lattices. In P. Sarkar and T. Iwata, editors, Advances in Cryptology – ASIACRYPT 2014, pages 22–41, Berlin, Heidelberg, 2014. Springer Berlin Heidelberg.17 N. Genise and D. Micciancio. Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus, 201818 C. Gentry. A Fully Homomorphic Encryption Scheme. PhD thesis, Stanford, CA, USA, 2009.19 C. Gentry, C. Peikert, and V. Vaikuntanathan. Trapdoors for Hard Lattices and New Cryptographic Constructions. In Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, STOC ’08, pages 197–206, New York, NY, USA, 2008. ACM.20 F. Laguillaumie, A. Langlois, B. Libert, and D. Stehlé. Lattice-based group signatures with logarithmic signature size. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8270 LNCS(PART 2):41– 61, 2013.21 A. Lenstra, H. Lenstra, and L. Lovász. Factoring Polynomials with Rational Coefficients. Mathematische Annalen, 261(4):515–534, 12 1982.22 V. Lyubashevsky. Lattice-based Identification Schemes Secure Under Active Attacks. In Proceedings of the Practice and Theory in Public Key Cryptography, 11th International Conference on Public Key Cryptography, PKC’08, pages 162–179, Berlin, Heidelberg, 2008. SpringerVerlag.23 V. Lyubashevsky. Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. In Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09, pages 598– 616, Berlin, Heidelberg, 2009. SpringerVerlag.24 V. Lyubashevsky. Lattice Signatures Without Trapdoors. In Proceedings of the 31st Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT’12, pages 738–755, Berlin, Heidelberg, 2012. SpringerVerlag.25 V. Lyubashevsky and D. Micciancio. Asymptotically Efficient Latticebased Digital Signatures. In Proceedings of the 5th Conference on Theory of Cryptography, TCC’08, pages 37–54, Berlin, Heidelberg, 2008. SpringerVerlag.26 V. Lyubashevsky, C. Peikert, and O. Regev. On Ideal Lattices and Learning with Errors over Rings. In H. Gilbert, editor, Advances in Cryptology – EUROCRYPT 2010, pages 1–23, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.27 D. Micciancio and C. Peikert. Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller. In D. Pointcheval and T. Johansson, editors, Advances in Cryptology – EUROCRYPT 2012, pages 700–718, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg.28 C. Peikert and B. Waters. Lossy Trapdoor Functions and Their Applications. SIAM Journal on Computing, 40(6):1803–1844, 2011.29 M. S. Rahman, A. Basu, and S. Kiyomoto. Decentralized Ciphertext-Policy Attribute-Based Encryption: A PostQuantum Construction. J. Internet Serv. Inf. Secur., 7:1–16, 2017.30 S. Saeednia, S. Kremer, and O. Markowitch. An Efficient Strong Designated Verifier Signature Scheme. Proceedings of the 24th Symposium on Information Theory in the Benelux, 2971:187– 194, 2003.31 C. P. Schnorr and M. Euchner. Lattice Basis reduction: Improved practical algorithms and solving subset sum problems. Mathematical Programming, 66(1):181–199, Aug 1994.32 D. Stehlé, R. Steinfeld, K. Tanaka, and K. Xagawa. Efficient Public Key Encryption Based on Ideal Lattices. In M. Matsui, editor, Advances in Cryptology – ASIACRYPT 2009, pages 617– 635, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg.33 Thomas Prest. Gaussian Sampling in Lattice-Based Cryptography-PHD thesis. Ph.D. Thesis, 2015.34 P. Thorncharoensri, W. Susilo, and Y. Mu. Policy-Controlled Signatures. Information and Communications Security, 2009.35 P. Thorncharoensri, W. Susilo, and Y. Mu. Policy-controlled signatures and their applications. Computer Standards & Interfaces, 50:26 – 41, 2017.36 P. van EmdeBoas. Another NP-complete Partition Problem and the Complexity of Computing Short Vectors in a Lattice. Report. Department of Mathematics. University of Amsterdam. Department, Univ., 1981. 描述 碩士
國立政治大學
資訊科學系
105753036資料來源 http://thesis.lib.nccu.edu.tw/record/#G0105753036 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 劉子源 zh_TW dc.contributor.author (Authors) Liu, Zi-Yuan en_US dc.creator (作者) 劉子源 zh_TW dc.creator (作者) Liu, Zi-Yuan en_US dc.date (日期) 2018 en_US dc.date.accessioned 7-Aug-2019 16:36:12 (UTC+8) - dc.date.available 7-Aug-2019 16:36:12 (UTC+8) - dc.date.issued (上傳時間) 7-Aug-2019 16:36:12 (UTC+8) - dc.identifier (Other Identifiers) G0105753036 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/124872 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系 zh_TW dc.description (描述) 105753036 zh_TW dc.description.abstract (摘要) 可控制策略簽章(Policy-controlled Signature)由 Thorncharoensri等人於ICICS 2009提出,為一個新型態的數位簽章,其性質保證簽名者可以連同屬性對訊息簽名,而只有擁有符合屬性的驗證者可以進行驗證。在原先的論文裡,Thorncharoensri等人提出了基於雙線性配對的架構,並且定義其安全模型。由於量子電腦的發展,未來面對量子電腦的攻擊難以避免,而傳統上可控制策略簽章大多是使用離散對數難問題去證明其安全性,未來可能會遭受到量子電腦攻擊的破解。因此,藉由晶格上之難問題可抗量子攻擊之性質,本論文說明可控制策略簽章可以透過屬性加密架構以及簽名架構達成,因此,採用Bert等人基於環-短整數解難問題之簽名架構以及Rahman等人基於環-錯誤學習難問題之加密架構,提出第一個基於晶格之分散式可控制策略簽章與其安全性證明。特別的是此架構為分散式架構,任何用戶能自行成為認證中心,發送簽名及認證的鑰匙。這論文有兩個主要貢獻:其一為使原始架構成為抗量子攻擊之架構;其二為此架構能避免需要完全信任單一認證中心之問題。 zh_TW dc.description.abstract (摘要) Policy-controlled signature (PCS) was first introduced by Thorncharoensri \\textit{et al}. at ICICS $2009$. It is a new type of digital signature in which a signer can sign the message with some policies, but only verifiers who have the correct policy credentials can verify the signature. In the pioneering paper, Thorncharoensri \\textit{et al}. proposed a generic construction based on bilinear pairings and defined its security models. With the rapid development of quantum computers, it will be difficult to avoid the quantum attacks in the future. This work shows that the attribute-based encryption and signature scheme can construct the policy-controlled signature scheme. Therefore, assuming that, with this preparation, a lattice could withstand quantum attacks, this work adopts Bert`s signature protocol and Rahman`s encryption protocol to propose the first decentralized PCS based on the lattice. Specifically, it is a decentralized scheme in which any user can become an authority and then issue a signer key or policy credentials. This thesis makes two contributions. On the one hand, it introduces the first policy-controlled signature that is quantum resistant. On the other hand, this new scheme avoids the problem of fully trusting a single certificate authority. en_US dc.description.tableofcontents 1 Introduction 11.1 Policy-controlled Signature 11.2 Lattice-based Scheme 21.3 Contribution 21.4 Thesis Outline 22 Definitions and Preliminaries 42.1 Notations 42.2 Lattices 42.2.1 Hard Problems 52.2.2 Trapdoor on Lattice 82.2.3 Gadget-based Trapdoor Construction 82.3 Policy-controlled Signature 93 Technical Literature 113.1 Lattice-based Signature 113.1.1 Hash-and-Sign Signatures 113.1.2 Fiat-Shamir Signatures 123.2 Access Structure and Linear Secret Sharing 133.3 FRD map 144 Decentralized Policy-controlled Signature from Lattice System 154.1 Definition 154.2 System Model 164.3 Security Model 184.3.1 Queries 184.3.2 Unforgeability 194.3.3 Coalition-resistance 204.3.4 Invisibility 214.4 System Construction 235 Security Analysis 275.1 Unforgeability 275.2 Invisibility 286 Conclusion 32Reference 33 zh_TW dc.format.extent 776759 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0105753036 en_US dc.subject (關鍵詞) 可控制策略簽章 zh_TW dc.subject (關鍵詞) 後量子密碼 zh_TW dc.subject (關鍵詞) 晶格 zh_TW dc.subject (關鍵詞) 分散式 zh_TW dc.subject (關鍵詞) Policy-controlled Signature en_US dc.subject (關鍵詞) Post-quantum Cryptography en_US dc.subject (關鍵詞) Lattice en_US dc.subject (關鍵詞) Decentralized en_US dc.title (題名) 基於晶格之分散式可控制策略簽章之研究 zh_TW dc.title (題名) A Study on Decentralized Policy-controlled Signatures from Lattice en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) 1 S. Agrawal, D. Boneh, and X. Boyen. Efficient Lattice (H)IBE in the Standard Model. In H. Gilbert, editor, Advances in Cryptology – EUROCRYPT 2010, pages 553–572, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.2 M. Ajtai. Generating Hard Instances of Lattice Problems (Extended Abstract). In Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC ’96, pages 99–108, New York, NY, USA, 1996. ACM.3 M. Ajtai. The Shortest Vector Problem in L2 is NPhard for Randomized Reductions (Extended Abstract). In Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, STOC ’98, pages 10–19, New York, NY, USA, 1998. ACM.4 J. Alwen and C. Peikert. Generating Shorter Bases for Hard Random Lattices. Theory of Computing Systems, 48(3):535–553, Apr 2011.5 P. S. L. M. Barreto, P. Longa, M. Naehrig, J. E. Ricardini, and G. Zanon. Sharper RingLWE Signatures. IACR Cryptology ePrint Archive 2016, pages 1–30, 2016.6 A. Beimel. Secure Schemes for Secret Sharing and Key Distribution. Technion Israel Institute of technology, Faculty of computer science, 1996.7 A. Beimel. Secure Schemes for Secret Sharing and Key Distribution. In PhD thesis, Israel Institute of Technology, 1996.8 P. Bert, P.A. Fouque, A. RouxLanglois, and M. Sabt. Practical Implementation of RingSIS/LWE Based Signature and IBE. In T. Lange and R. Steinwandt, editors, PostQuantum Cryptography, pages 271–291, Cham, 2018. Springer International Publishing.9 X. Boyen. Attribute-Based Functional Encryption on Lattices. In Proceedings of the 10th Theory of Cryptography Conference on Theory of Cryptography, TCC’13, pages 122–142, Berlin, Heidelberg, 2013. SpringerVerlag.10 Z. Brakerski and V. Vaikuntanathan. Efficient Fully Homomorphic Encryption from (Standard) LWE. SIAM Journal on Computing, 43(2):831–871, 2014.11 L. G. Bruinderink, A. Hülsing, T. Lange, and Y. Yarom. Flush, Gauss, and Reload–A cache attack on the BLISS lattice-based signature scheme. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9813 LNCS(645622):323–345, 2016.12 Y. Chen and P. Q. Nguyen. BKZ 2.0: Better Lattice Security Estimates. In D. H. Lee and X. Wang, editors, Advances in Cryptology – ASIACRYPT 2011, pages 1–20, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.13 S. S. Chow. Multidesignated verifiers signatures revisited. International Journal of Network Security, 7(3):348–357, 2008.14 L. Ducas, A. Durmus, T. Lepoint, and V. Lyubashevsky. Lattice Signatures and Bimodal Gaussians. In R. Canetti and J. A. Garay, editors, Advances in Cryptology – CRYPTO 2013, pages 40–56, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.15 L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, P. Schwabe, G. Seiler, and D. Stehlé. CRYSTALSDilithium : A Lattice-Based Digital Signature Scheme. 2018(1):238–268, 2018.16 L. Ducas, V. Lyubashevsky, and T. Prest. Efficient Identity-Based Encryption over NTRU Lattices. In P. Sarkar and T. Iwata, editors, Advances in Cryptology – ASIACRYPT 2014, pages 22–41, Berlin, Heidelberg, 2014. Springer Berlin Heidelberg.17 N. Genise and D. Micciancio. Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus, 201818 C. Gentry. A Fully Homomorphic Encryption Scheme. PhD thesis, Stanford, CA, USA, 2009.19 C. Gentry, C. Peikert, and V. Vaikuntanathan. Trapdoors for Hard Lattices and New Cryptographic Constructions. In Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, STOC ’08, pages 197–206, New York, NY, USA, 2008. ACM.20 F. Laguillaumie, A. Langlois, B. Libert, and D. Stehlé. Lattice-based group signatures with logarithmic signature size. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8270 LNCS(PART 2):41– 61, 2013.21 A. Lenstra, H. Lenstra, and L. Lovász. Factoring Polynomials with Rational Coefficients. Mathematische Annalen, 261(4):515–534, 12 1982.22 V. Lyubashevsky. Lattice-based Identification Schemes Secure Under Active Attacks. In Proceedings of the Practice and Theory in Public Key Cryptography, 11th International Conference on Public Key Cryptography, PKC’08, pages 162–179, Berlin, Heidelberg, 2008. SpringerVerlag.23 V. Lyubashevsky. Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. In Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09, pages 598– 616, Berlin, Heidelberg, 2009. SpringerVerlag.24 V. Lyubashevsky. Lattice Signatures Without Trapdoors. In Proceedings of the 31st Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT’12, pages 738–755, Berlin, Heidelberg, 2012. SpringerVerlag.25 V. Lyubashevsky and D. Micciancio. Asymptotically Efficient Latticebased Digital Signatures. In Proceedings of the 5th Conference on Theory of Cryptography, TCC’08, pages 37–54, Berlin, Heidelberg, 2008. SpringerVerlag.26 V. Lyubashevsky, C. Peikert, and O. Regev. On Ideal Lattices and Learning with Errors over Rings. In H. Gilbert, editor, Advances in Cryptology – EUROCRYPT 2010, pages 1–23, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.27 D. Micciancio and C. Peikert. Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller. In D. Pointcheval and T. Johansson, editors, Advances in Cryptology – EUROCRYPT 2012, pages 700–718, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg.28 C. Peikert and B. Waters. Lossy Trapdoor Functions and Their Applications. SIAM Journal on Computing, 40(6):1803–1844, 2011.29 M. S. Rahman, A. Basu, and S. Kiyomoto. Decentralized Ciphertext-Policy Attribute-Based Encryption: A PostQuantum Construction. J. Internet Serv. Inf. Secur., 7:1–16, 2017.30 S. Saeednia, S. Kremer, and O. Markowitch. An Efficient Strong Designated Verifier Signature Scheme. Proceedings of the 24th Symposium on Information Theory in the Benelux, 2971:187– 194, 2003.31 C. P. Schnorr and M. Euchner. Lattice Basis reduction: Improved practical algorithms and solving subset sum problems. Mathematical Programming, 66(1):181–199, Aug 1994.32 D. Stehlé, R. Steinfeld, K. Tanaka, and K. Xagawa. Efficient Public Key Encryption Based on Ideal Lattices. In M. Matsui, editor, Advances in Cryptology – ASIACRYPT 2009, pages 617– 635, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg.33 Thomas Prest. Gaussian Sampling in Lattice-Based Cryptography-PHD thesis. Ph.D. Thesis, 2015.34 P. Thorncharoensri, W. Susilo, and Y. Mu. Policy-Controlled Signatures. Information and Communications Security, 2009.35 P. Thorncharoensri, W. Susilo, and Y. Mu. Policy-controlled signatures and their applications. Computer Standards & Interfaces, 50:26 – 41, 2017.36 P. van EmdeBoas. Another NP-complete Partition Problem and the Complexity of Computing Short Vectors in a Lattice. Report. Department of Mathematics. University of Amsterdam. Department, Univ., 1981. zh_TW dc.identifier.doi (DOI) 10.6814/NCCU201900331 en_US