單向雜湊函數在數位現金及電子選票上之應用

Abstract

由於電腦科技的快速進步，使得資料處理的效率及資訊產生的速度獲得了很大的改善；而網路通訊技術更是大幅縮短了分散於各地的用戶之通訊時間。此外，利用這些進步的技術，有許多進步的網路服務在文獻中被提出，例如數位貨幣(digital cash)及電子投票(electronic voting)等服務。在數位貨幣系統中，付款者可透過網路架構中的電子傳輸訊號來支付數位貨幣；而在電子投票系統中，投票者則可透過電子通訊網路有效率且安全地送出他的選票。 在傳統的數位貨幣(電子投票)系統中，付款者(投票者)由基本的訊息集合中選出一個明文，然後對此明文執行遮蔽(blind)的動作並將遮蔽後之訊息(blinded message)送至銀行(計票中心)處，在銀行(計票中心)收到明文所對應的遮蔽之訊息後，銀行(計票中心)將利用簽章函數(只有銀行或計票中心知道簽章函數之內容)對此遮蔽訊息進行簽章之動作並將簽章之結果送回給付款者(投票者)；最後付款者(投票者)會對簽章的結果進行解遮蔽(unblind)的動作以取得有效的數位貨幣(電子選票)。一般來說，明文是隨機選取而且並不包含任何特殊或有意義的訊息在其中；除此之外，在銀行(計票中心)發出數位貨幣(電子選票)後，數位貨幣(電子選票)的內容便己固定；然而從實際應用的角度來看，如果可以在明文中隱藏某些資訊如數位貨幣所有人的身份證明或投票者選擇的投票對象，或如果可以在數位貨幣或電子選票中附加一些具有特殊意義之訊息如數位貨幣之存款日期或電子選票之投票對象則數位貨幣及電子投票系統的實用性將可大大地被提昇。 在本論文中，我們提出了可以在明文中隱藏某些資訊及可以在數位貨幣或電子選票中附加一些具有特殊意義訊息的方法。我們所提出的方法不僅可以確保付款者或投票者之匿名性(anonymity)而且可以在不影響系統內部結構的前提下，很輕易地應用在文獻中既有的數位貨幣及電子投票系統之中；最重要的是，我們所提出的方法之額外運算僅是數個雜湊函數(hash function)計算而己。

Due to fast progress of computer technologies, the efficiency of data processing and the speed of information generation have been greatly improved. Moreover, the techniques of networks largely shorten the communicating time among distributed entities. Many advanced network services have been proposed in the literature to take the advantages of the techniques. Among these services, digital cash (or electronic cash) is a popular one since this service makes it possible for a payer in a remote site to pay his electronic cash through electronic communication networks. Another popular service is electronic voting. Because of electronic voting, a voter can securely and efficiently cast his electronic vote through electronic communication networks. In typical electronic cash (electronic voting) system, a payer (voter) chooses a plaintext message M where M is the underlying set of messages, blinds it, and sends the blinded result to the bank (tally center). After receiving the blinded version of m, the bank (tally center) signs it by its signing function (only the bank or tally center knows) and sends the signing result back to the payer (voter). Finally, the payer (voter) unblinds the signing result to obtain a valid electronic cash (electronic vote). Generally, the message m is randomly chosen and there is no specific information in it. In addition, the contents of electronic cash (electronic vote) is fixed after it was issued by the bank (tally center). However, in practical application, if we can hide some information such as cash owner's identity or voter's intentions in m or attached some specific information such as depositing date or voter's intentions to electronic cash or electronic vote, then the practicality of electronic cash and electronic voting systems will be greatly arisen. In this dissertation, we propose methods to hide information in m or attach specific information to electronic cash and electronic vote. Not only the proposed methods preserve the anonymity of payers or voters, but also they can be easily implemented on the electronic cash or electronic voting schemes in the literature without affecting their infrastructures. Most important of all, the additional overhead of most of the proposed methods is just several operations of hashing.