代理簽章具有前向安全與單次特性及應用於公開金鑰建設

Abstract

網際網路越來越多使用於商業上，安全之機制的實際應用，必須要從紙式的文件世界，改為電子文件世界，而電子文件之數位簽章提供了個人簽章的功能，但此簽章很少考慮到使用於代表機關之簽章或是代理簽章。而代理簽章產生主要目標是解決這一個問題，而且不洩漏代理人之私密訊息，且具有原簽章者之簽章權利。 實際上，已經有很多代理簽章方法之建議，但很多都無法運用於實際系統，因為提出建議方法時，作者證明其方法的安全性後，又常有其他的缺失被發現。此外，其建議方法無法使用於現行之簽章方法。而DSA和ECDSA為大家所熟知之簽章方法，具有安全性，所以我們建議代理簽章使用DSA的方法，使代理簽章成為可行的簽章機制。補足簽章者之驗證問題，在實用性上，更進一步，公開金鑰建設 (Public-Key Infrastructure, PKI) 是整合密碼學與憑證機構 (Certificate Authority, CA) 之整體全球網路安全，傳統之代理簽章機制，幾乎無法使用於PKI的架構中，我們依照 PKI的特性設計新的流程，使代理簽章能使用於PKI的架構中，實際使用於應用系統，使代理簽章更能符合實用。 另一方面，我們發展了前向安全性代理簽章，它可以保證，至目前之簽章私密金鑰與資料，沒有被洩漏，保證之前資料之安全性。而且使用之方法必須簡單，特別不需要散佈資料，或者是保護儲存機制，所以不增加金鑰管理的經費。其另外應用可以使用於代理簽章之簽章的時戳和代理簽章時限，簽章者需要使用當時之合法金鑰，即有隱性時戳之功能，簽章金鑰更新超出使用時限，限制了簽章者之代理功能。 單次簽章 (one-time signature)方法的簽章和驗證優點是非常有效率，他們適用於低運算功能之晶片卡，而Lamport 是最先發明的數位簽章是基於單向雜湊函數為基礎。如果簽章資料長度很大，然而Lamport 的單次簽章方法需要很大之驗證資料與儲存空間，我們改進這大量公開金鑰，與簽章訊息之儲存空間問題。我們提出新的有效方法去簽發資料長度很大的資訊，我們也發展出單一代理簽章，使得Lamport 的單次簽章變的可用於實際系統。

As the Internet is used more and more for business, security mechanisms in the electronic world are needed to replace established practice in the paper-based world. While basic digital signature schemes are able to provide most of the functionalities of personal signature, they are less than ideal for institutional purpose or a proxy purpose. A proxy signature scheme was introduced in order to solve this problem without revealing the secret information of a person who wants to delegate his digital signature signing power to someone else. Actually, most of the proposed schemes are theoretical research, because the proxy schemes are not in practice on the field of cryptography. Digital signature Algorithm (DSA) and Elliptic curve DSA (ECDSA) which are pretty well known by their security properties. We develop a proxy signature based on the DSA in which leads the proxy signature scheme on applications in practice. Moreover, PKIs (Public-Key Infrastructures) integrate digital certificates, public cryptography, and certificate authorities into a total worldwide network security architecture. A typical PKI is less effort for utility of proxy signature. We design a new procedure to make proxy signatures adopt for PKIs leading to the proxy signature more applicable in practical application. On the other way, we develop a forward-secure proxy signature scheme. It guarantees that the secret key material at present (or up to date) does not compromise the secrecy of the earlier signature or encrypted material; and it also must be achieved in a simple way, in particular without requiring distribution or protected storage devices, and without increasing key management costs. The forward-secure proxy signature scheme also can be applied on proxy time limitation. The advantages of the one-time signature generation and verification are very efficient and useful for chip cards where low computation complexity is required. Lamport first invented a one-time digital signature scheme based on one-way functions. However, the Lamport one-time scheme requires a large amount of space for storage of authentic information if a large number of messages are signed. We improve the Lamport one-time signature on the amount of storage space for public keys and signed message saving storage space and propose an efficient scheme to sign a long message. We also develop a one-time proxy signature scheme in which we make the Lamport one-time signature useful in practice.