一個能夠抵擋動態攻擊者的門檻式簽章協定

Abstract

人們透過網路傳遞文件給某個人時時，通常會利用數位簽章的方式讓收文者確認此文件是的確是該文件傳遞者所傳送的。使用數位簽章者必須擁有一把私密金鑰並且對外公開一把公開金鑰。簽章者利用私密金鑰對文件簽署簽章，而收文者利用公開金鑰驗證簽章的正確性。 一旦簽章者私密金鑰暴露給攻擊者，攻擊者便可以偽私密金鑰擁有者的簽章。 (t,n)門檻式簽章將私密金鑰分散給$n$個簽章參與者，需要t個以上的簽章者聯合才能產生正確簽章。在本篇論文提出第一個以GQ簽章協定為基礎的門檻式簽章協定，並且可以抵擋動態攻擊者的攻擊。 另外本篇論文也提出一個門檻式前向安全簽章協定， 即使t個以上的簽章參與者被攻擊者入侵，造成私密金鑰洩漏， 攻擊者並不能偽造獲得私密金鑰時間以前的簽章。

When people want to transfer a document to some one via the internet,the deliver usually uses digital signatures to prove to the receiver that the document is transfered by the deliver. People who use digital signature must own a secret key and a public key.The signer uses the secret key to sign the document, and the receiver uses the public key to verify the signature. When the sercet key is exposed to an adversary, the adversary can forge the secret key owner's signeture. A (t,n) threshold signature protocol distributes the secret to n players, and a valid signature need above t players to participate.Our thesis proposes the first signature scheme based on the GQ signature,and this scheme can withstand any adaptive adversary. We also propose a (t,n) threshold forward secure signature scheme.If more than t players are broken by the adversary, the secret key is exposed, but the adversary can't forge a signature with a period before the time when the secret key was exposed.