Publications-Theses
Article View/Open
Publication Export
-
題名 利用多金鑰授權中心與免憑證聚合簽章解決金鑰託管問題之研究
A Study on Solving the Key Escrow Problem by Multiple Key-Privacy Authorities and Certificateless Aggregate Signatures作者 葉政宏
Yeh, Cheng-Hung貢獻者 左瑞麟
Tso, Ray-Lin
葉政宏
Yeh, Cheng-Hung關鍵詞 公鑰基礎建設
基於身份之密碼系統
免憑證聚合簽章
金鑰產生中心
金鑰授權中心
Public Key Infrastructure (PKI)
ID-Based Cryptography(IBC)
Certificateless Aggregate Signatures
Key Generation Center (KGC)
Key Privacy Authority (KPA)日期 2021 上傳時間 2-Sep-2021 18:16:52 (UTC+8) 摘要 密碼學發展的過程中,如何透過加密技術保護使用者資料的隱私及確認使用者身份常常是研究的主題,我們所熟悉的公鑰基礎建設(Public Key Infrastructure, PKI)為了確認用戶身份是合法的,須透過憑證管理中心(Certification Authority, CA)進行用戶認證,但由於CA在協同工作中需要彼此交換憑證,在憑證管理上需大量憑證存儲問題外,也需要花額外的計算來處理驗證和撤銷憑證等問題。自身份公鑰加密技術(Identity-based Public Key Cryptography, ID-PKC)概念提出後,用戶可使用其身份代表其公鑰,並將其傳至金鑰產生中心(Key generation center, KGC),KGC收到後產生用戶的私鑰,這解決PKI需要交換憑證的問題,但是,ID-PKC卻存在一個金鑰託管問題,KGC知道所有用戶的私鑰。因此,陸續有許多篇論文提出解決方案,近期有篇論文參考Lee等人所提出的方案後,改採區塊鏈之聯盟鏈方式去解決,該方案雖然成功解決了金鑰託管及原始金鑰授權中心(Key privacy authority, KPA)沒有機制驗證用戶身份的缺點,但因採用聯盟鏈太過龐大,且所需資源需求大。在本文中,我們將研究Lee等人提出的方案,透過其原始架構優勢並結合身份密碼搭配免憑證優勢,提出我們的改良方案,讓KPA有驗證用戶身份的機制外,我們方案讓用戶在計算私鑰上,能有效減少雙線性配對計算以及減少KPA驗證等待的時間。
In the process of cryptography development, how to protect the privacy of user data and verify user identity through encryption technology is often the subject of research. Authority (CA) for user authentication but since CA needs to exchange certificates with each other in collaborative work, a large number of certificate storage issues are required in certificate management and additional calculations are required to handle problems such as authentication and revocation of certificates.Since the concept of Identity-based Public Key Cryptography (ID-PKC) was proposed, the user can use its identity to represent its public key and transmit it to the Key generation center (KGC) and the KGC receives it and generates the user’s private key, which solves the problem that the PKI needs to exchange certificates. However, ID-PKC has a key escrow problem and KGC knows all user’s private keys.Therefore, there are many papers proposing solutions one after another. Recently, one paper referred to the solution proposed by Lee et al. and adopted the Consortium Blockchain approach to solve the problem. Although the solution successfully solved the shortcomings of key escrow and the original Key privacy authority (KPA) without a mechanism to verify the user`s identity, the Consortium Blockchain was too large and required large resources.In this paper, we will study the scheme proposed by Lee et al. and propose our improved scheme by combining the advantages of its original architecture with the advantages of identity cryptography and certificateless, so that KPA has a mechanism to verify the user`s identity and our scheme allows the user to effectively reduce the bilinear pairing calculations and reduce the waiting time for KPA authentication in the calculation of private keys.參考文獻 [1] Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE transactions on Information Theory, 22(6), 644-654.[2] Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.[3] ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4), 469-472.[4] Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48(177), 203-209.[5] Hunt, R. (2001, October). PKI and digital certification infrastructure. In Proceedings. Ninth IEEE International Conference on Networks, ICON 2001. (pp. 234-239). IEEE.[6] Perlman, R. (1999). An overview of PKI trust models. IEEE network, 13(6), 38-43.[7] Adams, C., & Lloyd, S. (2003). Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional.[8] Chokhani, S., Ford, W., Sabett, R., Merrill, C. R., & Wu, S. S. (2003). Internet X. 509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC, 3647, 1-94.[9] Shamir, A. (1984, August). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47-53). Springer, Berlin, Heidelberg.[10] Boneh, D., & Franklin, M. (2001, August). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213-229). Springer, Berlin, Heidelberg.[11] Boneh, D., Lynn, B., & Shacham, H. (2001, December). Short signatures from the Weil pairing. In International conference on the theory and application of cryptology and information security (pp. 514-532). Springer, Berlin, Heidelberg.[12] Al-Riyami, S. S., & Paterson, K. G. (2003, November). Certificateless public key cryptography. In International conference on the theory and application of cryptology and information security (pp. 452-473). Springer, Berlin, Heidelberg.[13] Liu, J. K., Au, M. H., & Susilo, W. (2007, March). Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 273-283).[14] Waters, B. (2005, May). Efficient identity-based encryption without random oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 114-127). Springer, Berlin, Heidelberg.[15] Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. computer, 35(10), 54-62.[16] Huang, X., Mu, Y., Susilo, W., Wong, D. S., & Wu, W. (2007, July). Certificateless signature revisited. In Australasian Conference on Information Security and Privacy (pp. 308-322). Springer, Berlin, Heidelberg.[17] Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557-594.[18] Zhou, B., Li, H., & Xu, L. (2018, June). An authentication scheme using identity-based encryption & blockchain. In 2018 IEEE Symposium on Computers and Communications (ISCC) (pp. 00556-00561). IEEE.[19] Boneh, D., Gentry, C., Lynn, B., & Shacham, H. (2003, May). Aggregate and verifiably encrypted signatures from bilinear maps. In International conference on the theory and applications of cryptographic techniques (pp. 416-432). Springer, Berlin, Heidelberg.[20] Bellare, M., Namprempre, C., & Neven, G. (2007, July). Unrestricted aggregate signatures. In International Colloquium on Automata, Languages, and Programming (pp. 411-422). Springer, Berlin, Heidelberg.[21] Boldyreva, A., Gentry, C., O`Neill, A., & Yum, D. H. (2007, October). Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In Proceedings of the 14th ACM conference on Computer and communications security (pp. 276-285).[22] Ahn, J. H., Green, M., & Hohenberger, S. (2010, October). Synchronized aggregate signatures: new definitions, constructions and applications. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 473-484).[23] Zhang, C., Lu, R., Lin, X., Ho, P. H., & Shen, X. (2008, April). An efficient identity-based batch verification scheme for vehicular sensor networks. In IEEE INFOCOM 2008-The 27th Conference on Computer Communications (pp. 246-250). IEEE.[24] Wasef, A., Jiang, Y., & Shen, X. (2009). DCS: An efficient distributed-certificate-service scheme for vehicular networks. IEEE Transactions on Vehicular Technology, 59(2), 533-549.[25] Xiong, H., Guan, Z., Chen, Z., & Li, F. (2013). An efficient certificateless aggregate signature with constant pairing computations. Information Sciences, 219, 225-235.[26] Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., & Yoo, S. (2004, January). Secure key issuing in ID-based cryptography. In Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation-Volume 32 (pp. 69-74).[27] Menezes, A. J., Okamoto, T., & Vanstone, S. A. (1993). Reducing elliptic curve logarithms to logarithms in a finite field. iEEE Transactions on information Theory, 39(5), 1639-1646. 描述 碩士
國立政治大學
資訊科學系碩士在職專班
106971022資料來源 http://thesis.lib.nccu.edu.tw/record/#G0106971022 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 葉政宏 zh_TW dc.contributor.author (Authors) Yeh, Cheng-Hung en_US dc.creator (作者) 葉政宏 zh_TW dc.creator (作者) Yeh, Cheng-Hung en_US dc.date (日期) 2021 en_US dc.date.accessioned 2-Sep-2021 18:16:52 (UTC+8) - dc.date.available 2-Sep-2021 18:16:52 (UTC+8) - dc.date.issued (上傳時間) 2-Sep-2021 18:16:52 (UTC+8) - dc.identifier (Other Identifiers) G0106971022 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/137163 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 106971022 zh_TW dc.description.abstract (摘要) 密碼學發展的過程中,如何透過加密技術保護使用者資料的隱私及確認使用者身份常常是研究的主題,我們所熟悉的公鑰基礎建設(Public Key Infrastructure, PKI)為了確認用戶身份是合法的,須透過憑證管理中心(Certification Authority, CA)進行用戶認證,但由於CA在協同工作中需要彼此交換憑證,在憑證管理上需大量憑證存儲問題外,也需要花額外的計算來處理驗證和撤銷憑證等問題。自身份公鑰加密技術(Identity-based Public Key Cryptography, ID-PKC)概念提出後,用戶可使用其身份代表其公鑰,並將其傳至金鑰產生中心(Key generation center, KGC),KGC收到後產生用戶的私鑰,這解決PKI需要交換憑證的問題,但是,ID-PKC卻存在一個金鑰託管問題,KGC知道所有用戶的私鑰。因此,陸續有許多篇論文提出解決方案,近期有篇論文參考Lee等人所提出的方案後,改採區塊鏈之聯盟鏈方式去解決,該方案雖然成功解決了金鑰託管及原始金鑰授權中心(Key privacy authority, KPA)沒有機制驗證用戶身份的缺點,但因採用聯盟鏈太過龐大,且所需資源需求大。在本文中,我們將研究Lee等人提出的方案,透過其原始架構優勢並結合身份密碼搭配免憑證優勢,提出我們的改良方案,讓KPA有驗證用戶身份的機制外,我們方案讓用戶在計算私鑰上,能有效減少雙線性配對計算以及減少KPA驗證等待的時間。 zh_TW dc.description.abstract (摘要) In the process of cryptography development, how to protect the privacy of user data and verify user identity through encryption technology is often the subject of research. Authority (CA) for user authentication but since CA needs to exchange certificates with each other in collaborative work, a large number of certificate storage issues are required in certificate management and additional calculations are required to handle problems such as authentication and revocation of certificates.Since the concept of Identity-based Public Key Cryptography (ID-PKC) was proposed, the user can use its identity to represent its public key and transmit it to the Key generation center (KGC) and the KGC receives it and generates the user’s private key, which solves the problem that the PKI needs to exchange certificates. However, ID-PKC has a key escrow problem and KGC knows all user’s private keys.Therefore, there are many papers proposing solutions one after another. Recently, one paper referred to the solution proposed by Lee et al. and adopted the Consortium Blockchain approach to solve the problem. Although the solution successfully solved the shortcomings of key escrow and the original Key privacy authority (KPA) without a mechanism to verify the user`s identity, the Consortium Blockchain was too large and required large resources.In this paper, we will study the scheme proposed by Lee et al. and propose our improved scheme by combining the advantages of its original architecture with the advantages of identity cryptography and certificateless, so that KPA has a mechanism to verify the user`s identity and our scheme allows the user to effectively reduce the bilinear pairing calculations and reduce the waiting time for KPA authentication in the calculation of private keys. en_US dc.description.tableofcontents 摘要 IAbstract II第一章 緒論 11.1 研究背景 11.2 Lee等人方案介紹 31.3 研究動機 151.4 研究目的 171.5 論文架構 18第二章 背景知識 192.1 雙線性配對(Bilinear Pairing) 192.2 安全性證明的問題假設 202.3 具有恆定配對計算之高效免憑證聚合簽章 20第三章 文獻探討 263.1 基於身份之密碼系統(ID-based Cryptography) 263.2 基於身份認證之加密方案(IBE) 283.3 免憑證公鑰加密方案(CL-PKE) 303.4 雙線性配對之聚合簽章方案 33第四章 利用多金鑰授權中心與免憑證聚合簽章解決金鑰託管問題之研究 354.1 研究方法 454.2 研究貢獻 474.3 安全性分析 48第五章 方案比較 505.1 方案比較 50第六章 結論 51第七章 參考文獻 53圖目錄圖 1、 Lee等人方案架構 4圖 2、 Lee等人方案-System setup階段 5圖 3、 Lee等人方案-KPAs彼此循序計算系統公鑰(1) 7圖 4、 Lee等人方案-KPAs彼此循序計算系統公鑰(2) 7圖 5、 Lee等人方案-key issuing階段 8圖 6、 Lee等人方案- key securing階段(1) 9圖 7、 Lee等人方案-無機制驗證用戶身份 9圖 8、 Lee等人方案- key securing階段(2) 11圖 9、 Lee等人方案- key securing階段(3) 11圖 10、 Lee等人方案- key retrieving階段(1) 12圖 11、 Lee等人方案- key retrieving階段(2) 13圖 12、 KPA沒有機制來驗證用戶的身份 15圖 13、 用戶計算私鑰上,需花(n+3)次雙線性配對的計算 16圖 14、 用戶與多個KPA溝通是採循序方式 16圖 15、 雙線性配對示意圖 19圖 16、 具有恆定配對計算之高效免憑證聚合簽章-Partial Key Generation(1) 22圖 17、 具有恆定配對計算之高效免憑證聚合簽章-Partial Key Generation(2) 23圖 18、 具有恆定配對計算之高效免憑證聚合簽章-簽章階段 23圖 19、 具有恆定配對計算之高效免憑證聚合簽章-確認聚合簽章 25圖 20、 架構比較 35圖 21、 本方案示意圖 37圖 22、 本方案- KPAs setup階段 38圖 23、 本方案- key issuing階段(1) 39圖 24、 本方案- key issuing階段(2) 40圖 25、 本方案- key issuing階段(2) 40圖 26、 本方案- KPAs Verification 41圖 27、 本方案-加解密運用 42圖 28、 本方案-加解密運用(2) 43圖 29、 本方案-加解密運用(3) 44圖 30、 本方案-使用身份密碼的方式建構 45圖 31、 本方案-與聚合簽章相結合(1) 46圖 32、 本方案-與聚合簽章相結合(2) 46圖 33、 本方案-用戶與KPA溝通是採廣播方式 47圖 34、 用戶身份可驗證性 49表目錄表 1、 Lee等人方案符號定義 3表 2、 Lee等人方案角色說明 3表 3、 Lee等人方案KPAs彼此循序計算系統公鑰 5表 4、 具有恆定配對計算之高效免憑證聚合簽章符號定義 21表 5、 基於身份之密碼系統符號定義 26表 6、 免憑證公鑰加密方案符號定義 30表 7、 雙線性配對之聚合簽章方案符號定義 33表 8、 本方案符號定義 36表 9、 本方案角色說明 36 zh_TW dc.format.extent 3995074 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0106971022 en_US dc.subject (關鍵詞) 公鑰基礎建設 zh_TW dc.subject (關鍵詞) 基於身份之密碼系統 zh_TW dc.subject (關鍵詞) 免憑證聚合簽章 zh_TW dc.subject (關鍵詞) 金鑰產生中心 zh_TW dc.subject (關鍵詞) 金鑰授權中心 zh_TW dc.subject (關鍵詞) Public Key Infrastructure (PKI) en_US dc.subject (關鍵詞) ID-Based Cryptography(IBC) en_US dc.subject (關鍵詞) Certificateless Aggregate Signatures en_US dc.subject (關鍵詞) Key Generation Center (KGC) en_US dc.subject (關鍵詞) Key Privacy Authority (KPA) en_US dc.title (題名) 利用多金鑰授權中心與免憑證聚合簽章解決金鑰託管問題之研究 zh_TW dc.title (題名) A Study on Solving the Key Escrow Problem by Multiple Key-Privacy Authorities and Certificateless Aggregate Signatures en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE transactions on Information Theory, 22(6), 644-654.[2] Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.[3] ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4), 469-472.[4] Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48(177), 203-209.[5] Hunt, R. (2001, October). PKI and digital certification infrastructure. In Proceedings. Ninth IEEE International Conference on Networks, ICON 2001. (pp. 234-239). IEEE.[6] Perlman, R. (1999). An overview of PKI trust models. IEEE network, 13(6), 38-43.[7] Adams, C., & Lloyd, S. (2003). Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional.[8] Chokhani, S., Ford, W., Sabett, R., Merrill, C. R., & Wu, S. S. (2003). Internet X. 509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC, 3647, 1-94.[9] Shamir, A. (1984, August). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47-53). Springer, Berlin, Heidelberg.[10] Boneh, D., & Franklin, M. (2001, August). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213-229). Springer, Berlin, Heidelberg.[11] Boneh, D., Lynn, B., & Shacham, H. (2001, December). Short signatures from the Weil pairing. In International conference on the theory and application of cryptology and information security (pp. 514-532). Springer, Berlin, Heidelberg.[12] Al-Riyami, S. S., & Paterson, K. G. (2003, November). Certificateless public key cryptography. In International conference on the theory and application of cryptology and information security (pp. 452-473). Springer, Berlin, Heidelberg.[13] Liu, J. K., Au, M. H., & Susilo, W. (2007, March). Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 273-283).[14] Waters, B. (2005, May). Efficient identity-based encryption without random oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 114-127). Springer, Berlin, Heidelberg.[15] Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. computer, 35(10), 54-62.[16] Huang, X., Mu, Y., Susilo, W., Wong, D. S., & Wu, W. (2007, July). Certificateless signature revisited. In Australasian Conference on Information Security and Privacy (pp. 308-322). Springer, Berlin, Heidelberg.[17] Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557-594.[18] Zhou, B., Li, H., & Xu, L. (2018, June). An authentication scheme using identity-based encryption & blockchain. In 2018 IEEE Symposium on Computers and Communications (ISCC) (pp. 00556-00561). IEEE.[19] Boneh, D., Gentry, C., Lynn, B., & Shacham, H. (2003, May). Aggregate and verifiably encrypted signatures from bilinear maps. In International conference on the theory and applications of cryptographic techniques (pp. 416-432). Springer, Berlin, Heidelberg.[20] Bellare, M., Namprempre, C., & Neven, G. (2007, July). Unrestricted aggregate signatures. In International Colloquium on Automata, Languages, and Programming (pp. 411-422). Springer, Berlin, Heidelberg.[21] Boldyreva, A., Gentry, C., O`Neill, A., & Yum, D. H. (2007, October). Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In Proceedings of the 14th ACM conference on Computer and communications security (pp. 276-285).[22] Ahn, J. H., Green, M., & Hohenberger, S. (2010, October). Synchronized aggregate signatures: new definitions, constructions and applications. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 473-484).[23] Zhang, C., Lu, R., Lin, X., Ho, P. H., & Shen, X. (2008, April). An efficient identity-based batch verification scheme for vehicular sensor networks. In IEEE INFOCOM 2008-The 27th Conference on Computer Communications (pp. 246-250). IEEE.[24] Wasef, A., Jiang, Y., & Shen, X. (2009). DCS: An efficient distributed-certificate-service scheme for vehicular networks. IEEE Transactions on Vehicular Technology, 59(2), 533-549.[25] Xiong, H., Guan, Z., Chen, Z., & Li, F. (2013). An efficient certificateless aggregate signature with constant pairing computations. Information Sciences, 219, 225-235.[26] Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., & Yoo, S. (2004, January). Secure key issuing in ID-based cryptography. In Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation-Volume 32 (pp. 69-74).[27] Menezes, A. J., Okamoto, T., & Vanstone, S. A. (1993). Reducing elliptic curve logarithms to logarithms in a finite field. iEEE Transactions on information Theory, 39(5), 1639-1646. zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202101429 en_US
