密碼金鑰更新協定的設計及應用

Abstract

只要金鑰一旦遭到破解, 即使最精密的安全系統, 都將失去效用. 金鑰更新協定,由於可以減少金鑰 在網路上傳輸及暴露的機會, 因此在金鑰 的管理上 扮演著 重要地位. 本論文在金鑰更新協定的研究上有下列三項成果: 首先, 在非對稱密碼學上, 我們提出了兩個金鑰更新協定的設計的原則. 其一是根據代數上同態 (homomorphism) 的原則, 其二是根據密碼學上暗門( trapdoor) 的原則. 之前所提的金鑰更新協定, 僅能針對特定得加密系統 或者是特定簽章系統而運作. 相對之下, 根據這兩個設計的原則所提出的金鑰更新協定, 有著更廣泛的應用; 其適用範圍包括所有根據離散對數問題 所設計 的 加密系統 或者是簽章系統. 此外, 我們也分析這兩個金鑰更新協定的設計原則 的特性 及其 適用環境. 其次, 在對稱性密碼學上, 我們也提出了一個設計的原則. 這方面的之前的結果, 僅做一些理論的探討; 然而根據這個設計的原則, 我們提出了兩個很有效率的 的 實作方法,都只須要 數個 塊狀加密 或者單向雜湊函數 的 運算. 除此之外, 我們提出兩個金鑰更新協定的應用. 其中一個應用是在 GQ 簽章上的運用; 與之前的結果相比, 我們的應用 大大地降低 指數運算的次數, 因而減低了 計算負荷及計算時間. 另一個應用, 是有關在公開金鑰基礎建設 (PKI) 中, 認證憑證管理中心 (CA) 的應用. 我們的應用, 可以降低 未被偵測到 的偽造憑證 所造成的傷害. 最後, 我們討論了其他可能的延伸.

Over the years, sophisticate definitions, schemes, models and proofs for cryptography have been proposed. However, the security is lost if the key is compromised. To address this situation, this thesis investigates the synchronized key updating protocols in cryptography. Research consists of three parts: Part one investigates the re-keying protocols in the asymmetric cryptography. Previous papers have proposed re-keying protocols for specific public key encryption and signature schemes. In contrast, we propose two re-keying protocols for generic public key encryption and signature schemes based on the discrete logarithm problems. Also we describe the different strengths and the suitable environments for each re-keying protocol. Part two investigates the re-keying protocols in symmetric cryptography. To complement the previous theoretic research, we propose two practical approaches for designing symmetric re-keying protocols. One is based on the construction of Message Authentication Codes (MACs) and the other is based one-way hash chains and generalizations. These protocols are shown to be efficient and flexible because only block ciphers and hash functions are employed. Part three describes the two applications of re-keying protocols. One application is to build a GQ signature scheme for multiple periods with the help of re-keying. The other is to limit the damage caused by the undetected forgery of Certificate Authority (CA) by employing a dual-signature model with re-keying. Finally, we discuss the possible extensions and conclude.