安全數位盲簽章機制之設計與應用

Abstract

近年來由於網際網路應用快速地發展，使得網路購物和網路競標等電子交易服務日漸普及。目前這些服務所採用的認證方式大多為身份-密碼（ID-Password）機制，因其不具備不可否認（non-repudiation）的性質。因此，植基於公開金鑰基礎建設（PKI）之數位簽章機制能夠達到交易上之不可否認性，建立電子商務應用和服務之穩定基礎。 然而，在電子現金或電子投票等應用中，須額外滿足使用者對匿名性（anonymity）的要求，以保障使用者的隱私權。因此，數位盲簽章機制的設計即是要解決此一問題，以提供使用者達到不可追蹤性(untraceability)目的，使得在計算上簽章之簽署者事後無法識別所簽署之簽章是由何人所持有；換句話說就是要追蹤出該簽章的持有人在計算上是不可行的。 本論文主要是提出偽造即停盲簽章機制（fail-stop blind signature scheme）來解決傳統盲簽章機制在面對擁有無限計算能力的偽造者總是能夠成功地偽造簽章，且對偽造即停盲簽章機制所須具備的安全性質加以定義，並證明所提出之簽章機制是安全的。 本論文亦針對現有各種植基於整數分解、二次剩餘以及離散對數之盲簽章機制，提出一些在安全上和效率上的改善方法。同時也探討代理盲簽章機制之不可偽造性（unforgeability）和不可追蹤性（untraceability）等安全議題。最後，提出具備偽造即停盲簽章機制之電子現金系統和具備資訊隱藏和不可追蹤性之電子票卷協定，期能建構更安全的電子交易系統之理論基礎和應用服務。

Recently, Internet applications are developed rapidly, such that electronic transaction services like purchasing and bidding on Internet are more popular. The ID-Password mechanism is mainly used for authentication, but it cannot achieve the non-repudiation property. Therefore, the digital signature scheme based on PKI can achieve the non-repudiation property in electronic transactions. It can be the well-constructed basis for electronic commerce services and applications. However, in electronic cash or electronic ticket applications, the anonymity property must be satisfied for the participants to preserve their privacy. Thus, the digital blind signature scheme is proposed for this purpose. The untraceability property is an important property in digital blind signature scheme, it makes the signer computationally cannot identify the signature which is owned by someone. In the other words, the signer is computationally infeasible to trace the signature. In this dissertation, a fail-stop blind signature scheme is proposed to solve the problem that a forger with unlimited computational power can always forge a signature successfully. A secure fail-stop blind signature scheme is also defined. Moreover, our proposed signature scheme is proved secure. Some improved digital blind signature schemes, in security and efficiency, based on integer factorization, quadratic residue, and discrete logarithm cryptosystems are also be presented in this dissertation. Furthermore, the unforgeability and untraceability properties of proxy blind signature schemes are discussed. Finally, an electronic cash system based on fail-stop blind signature scheme and an electronic ticket protocol with information hiding are proposed. They can be established for more secure electronic transaction systems in theoretical basis and applications.