可還原訊息之聯合數位簽章演算法

Abstract

針對基於解離散對數難題之公開金匙密碼系統關於數位簽章方面的演算法 設計，在本論文中我們提出了三個可還原訊息之聯合數位簽章法 (digital multisignature schemes with message recovery)，以及兩個 可確認來源之加密演算法 (authenticated encryption schemes)。所謂 可還原訊息之聯合數位簽章法就是能滿足多人同時簽署以及由聯合數位簽 章中還原被簽署之訊息兩大功能的演算法。在我們提出的聯合數位簽章演 算法中，第一個方法適用於在所有簽署人必須照順序簽署的應用?□不像 RSA 循序聯合數位簽章一般，我們的方法不要求簽署的順序須事先決定。 第二個方法則是適用於所有簽署人必須同時分別簽署文件，然後這些個別 的簽章再合併為一聯合簽章的應用上，此方法使各個簽署人能個別獨立的 簽署文件。第三個方法則是第二個方法之變形，能夠提供較大的安全等級 。這些聯合數位簽章演算法能夠防止簽章被偽造以及簽署人之密鑰被偷取 等攻擊。此外，這些演算法提供從聯合簽章中還原訊息的功能，並且不需 大量之運算。所謂可確認來源之加密演算法指得是同時具有加密功能以及 數位簽章的演算法，因此這種演算法能同時提供訊息保密性，完整性以及 可驗證性。在本論文中，我們提出了兩個可驗證來源加密演算法，一個是 結合了我們提出之循序聯合數位簽章法以及 ElGamal 公開金匙加密系統 所得之可驗證多重來源加密演算法。此方法具有合理的訊息膨脹率並能抵 禦可能之攻擊，而且不需要太複雜的運算。另一個演算法則適用在單一來 源之加密驗證，提供比現存的可驗證來源加密法更高之安全度，同時不要 求太多額外的運算並保有相同之訊息膨脹率。 In this thesis, three digital multisignature schemes with message recovery and two authenticated encryption schemes based on the discrete logarithm problem are proposed. A digital signature with message recovery means that the signed message can be recovered from the corresponding digital signature. The first of the three digital multisignature schemes allows a grou ?□ users to sign the message serially, and does not need to predetermine the signing order while RSA digital multisignature schemes must determine!the signing order in advance. The second scheme allows each user signs the same message separately and independently, and then all individual signatures can be combined into the multisignature, moreover the scheme provides fewer communication costs. The third digital multisignature scheme is the variant of the second scheme. It provides higher secure level than the second scheme, though it needs more communication costs. The first and the third schemes can withstand the attacks which aim to forge the multisignature or to get the private keys of the signers without any additional one-way hash functions and redundancy schemes. Besides, all these serial and parallel digital multisignature schemes with message recovery only need low computation cost.In addition to the three digital multisignature schemes, we also propose two authenticated encryption schemes, one is suitable for multiple origins and the other is only suitable for single origin. An authenticated encryption scheme is a scheme that can provide the security of encryption, and the authenticity and the integrity of digital signatures simultaneously. The scheme for multiple origins is to combine our serial digital multisignature scheme giving message recovery with ElGamal public key cryptosystem. The scheme provides reasonable message expansion rate and does not need much computation cost. On the other hand, the authenticated encryption scheme for single origin provides higher secure level than other proposed authenticated encryption schemes. Furthermore, the scheme has the same message expansion rate and only needs low computation cost.