雙向安全群體簽章方法

Abstract

一個群體簽章方法准許會員代表群體簽署文件。經由群體會員所簽署的文件具有匿名性和不能連接性。只有群體管理者知道有效簽章簽署者的身分。 數位簽章的鑰匙曝光問題是一非常有趣的題目。向前安全數位簽章是一個重要的解決鑰匙曝光問題方法。我們將公開金鍵的壽命分成T 個區間。每個區間代表一個週期，標示為第1,2,…,T週期。所謂的先前安全是指假如有一個攻擊者得到第i週期的秘密金鑰，則這位攻擊者可以偽造第i週期和第i週期以後的簽章，但無法偽造第i週期之前的簽章。後面安全則保證第i週期以後的簽章安全，攻擊者可以偽造第i週期和第i週期之前的簽章。我們定義雙向安全為：攻擊者只能偽造第i週期的簽章，其它週期的簽章是安全的。 在我們的論文裡,在第Ⅰ方法中，我們擴充G. Ateniese等人所提出的群體簽章方法，使之具有雙向安全的功能。雙向安全不能保護第I週期簽章的安全 (發生金鑰曝光的都期)。為了解決這個問題，驗證者可以使用金鑰曝光鍊來驗證第I週期的簽章是由攻擊者所簽署還是其他的群體成員所簽署？在第Ⅱ方法中，我們擴充J. Camenisch等人所提出的群體簽章方法，使之具有先前安全和雙向安全的功能。 在這兩個不同的方法裡，我們所提的雙向安全方法可以有效解決群體成員刪除問題和有時間限制群體成員問題。我們的方法是以強RSA假設，和選擇性Diffie-Hellman假設為安全基礎。

A group signature scheme permits group member on behalf of group to sign documents. All the documents signed by group member have the characteristics of anonymity and unlinkability. Only the group manager knows the signer’s identity of valid signature. The key exposure problem of digital signature is a very interesting topic. Forward secure digital signature is one of the important methods to solve key exposure problem. We can divide the life span of public key into T intervals. Every interval represents a period, and marked as the 1, 2, …, T period. The so-called forward secure is that if there’s an adversary gets secret key of the i period, then this adversary can forge the signatures of the i period and after the i period only, not the ones before the i period. Backward secure make sure of the signatures safety after the i period, but the adversary can forge the signatures of the i period, and before the i period. We define duplex secure as: an adversary can forge signatures of the i period only, and protect signatures in other periods from attacks. In our paper, schemeⅠ, we expand the group signature scheme of Giuseppe Ateniese, Jan Camenisch, Marc Joye, and Gene Tsudik, to have the function of duplex secure. Duplex secure scheme can’t protect the signature’s safety of the i period (the key exposure period) from attacks. To solve this problem, verifiers can use key-exposure-chain to prove the signers of the signatures in the i period – adversary, or some other group members? In schemeⅡ, we expand group signature scheme of J. Camenisch and M. Stadler, to propose our forward-secure, and duplex-secure group signature schemes. In these two different schemes, our proposed duplex-secure group signature schemes can solve the problems of group members revocation and time-limited membership efficiently. Our schemes’ securities are based on strong RSA assumptions, the decisional Diffie-Hellman assumptions.