利用雙線性群數對實現群體導向授權簽章

Abstract

「數位簽章」在密碼學與資訊安全領域中是一個相當重要的研究課題，它將傳統上印鑑所代表之背書與授權的功能意義以數位化的形式實現在電腦化、網路化的環境中，並提供了完整性、鑑別性與不可否認性等安全服務。在某些情況下，擁有「簽章權力」的簽章者可能無法有效地對訊息產生數位簽章，因而必須將其簽章權力授權委託給適當的代理者以維持相關流程業務的持續運作。此時，該簽章者會扮演授權者的角色去選定適當的代理者，然後將簽章權力授權給他。代理者利用所被賦予的簽章權力，便可以依據相關的授權條件來代替授權者對訊息產生簽章。這樣的簽章權力移轉概念在本論文中稱之為簽章的授權，或是「授權簽章」。 在授權簽章的概念中，本論文考量的是如何將簽章權力做「群體導向」的授權，也就是探討授權者要如何將其私有的簽章權力授權給一個包含有多個成員的代理群體，以及代理群體中的成員要如何去實施所獲得的簽章權力。在考量所有可能的應用樣態之後，本論文定義了四個群體導向授權系統模式： 〈高度授權系統模式〉 – 授權者賦予代理群體其簽章權力，使得代理群體中任一成員皆可獨力行使該權力以產生有效的代理簽章。 〈低度授權系統模式〉 – 授權者賦予代理群體其簽章權力，使得代理群體中的所有成員需一起參與並合作方能行使該權力以產生有效的代理簽章。 〈門檻策略授權系統模式〉 – 授權者賦予代理群體其簽章權力，並定義一個門檻值，使得當代理群體中任一子群體的成員數目大於等於該門檻值時，該子群體中的所有成員便可以一起參與合作以行使該簽章權力，產生有效的代理簽章。 〈一般化授權系統模式〉 – 授權者賦予代理群體其簽章權力，並定義所有的有效代理子群體，使得任意一個有效代理子群體中所有皆成員參與時，方能行使該簽章權力以產生有效的代理簽章。 根據這四個系統模式，本論文定義了相關的授權條件與安全需求，並在身分基底公開金鑰環境中提出四個具體的群體導向授權簽章機制：《高度授權簽章機制》、《低度授權簽章機制》、《門檻策略授權簽章機制》與《一般化授權簽章機制》。這四個機制是利用了雙線性群數對的設計，因此有演算法精簡與執行效率等優點。此外，本論文提出的機制皆發展自同一個身分基底簽章機制，並使用共通的參數與簽章驗證方式，所以在群體導向簽章授權的應用上提供了一個系統化的整體解決方案。

Digital signature is one of the main issues in modern cryptographic research. As hand-written signatures and seals do in real life, digital signature provides the functions of endorsement and authorization in the digitalized world of computers and networks. In terms of security services, digital signature achieves message integrity, signer authenticity, and signature undeniability. Under certain circumstances, a signer may not be able to effectively perform his private “signing power”, and has to authorize a proper delegate to sign messages on behalf of him. In this thesis, how to perform such “signature delegation” with a “group-oriented” manner is researched. Two issues are considered herein: how a signer, namely the “authority”, authorizes his signing power to a delegation group; and, how members in the delegation group cooperate to generate valid digital signatures, namely delegated signatures. Regarding all possible scenarios for group-oriented signature delegation, four system models are defined: 〈Loose-authorization model〉The authority chooses a delegation group and allows each group member to independently generate valid delegated signatures. 〈Strict-authorization model〉The authority chooses a delegation group and demands that all group members have to cooperate for generating valid delegated signatures. 〈Threshold-authorization model〉The authority chooses a delegation group of n members and defines a threshold value t < n. Then, any subgroup consisting of t or more group members can generate valid delegated signatures. 〈Generalized-authorization model〉The authority chooses a delegation group and defines qualified subgroups. Then, valid delegated signatures can only be generated via the cooperation of all members from any of the predefined qualified subgroups. In accordance with these system models, five authorization conditions and four security requirements are defined. Then, four concrete schemes are proposed to respectively realize these models. The proposed schemes are based on bilinear pairings and designated for the identity-based public key cryptosystem. Due to the bilinear pairings, the proposed schemes are simple in construction and efficient in performance. Moreover, all schemes are derived from the same basic identity-based signature scheme, and as a result constitute a systematic solution for group-oriented signature delegation.