Study On The Group Signature And Blind Signature

With the fast development of the technique about computer network, all kinds of network services have soaked into many aspects of the people's life. On the one hand, they bring much convience and advantage to people's life. On the other hand, they bring an unparalleled threat. The confidentiality, integrity and availability should be satisfied because some important data are transferred by network. Authentication system has been an important research topic in the cryptology. The main content of authentication system is digital signature. It resolves the problem of how to replace traditional handwritten signature and seal with e-signature rapidly from a distant place.As a special digital signature, group signatures provide the group member favourable anonymity. Group manager could reveal the identity of the signer if necessary. The salient features of group signatures make it attractive for many specialized applications, such as voting and biding. But there are still some problems need to be resolved before group signatures is applied in practice. How to efficiently revoke group membership and how to cope with key exposure are two important issues in designing group signature schemes. Up to now, there are few group schemes that can resolve the two problems at the same time and they all have drawbacks.A blind signature scheme is a protocol that involves two entities: the sender and the signer. Without leak of any information about the message and the signature, the sender could get the signature on the given message from the signer through a blind signature scheme. The concept of the blind signature was firstly proposed by Chaum in 1982. It can protect the privacy of the user effectively, so the blind signature was widely applied in many electronic payment systems. The concept and the model of identity-based cryptosystem was firstly introduced by Shamir in 1984. The advantage of identity-based cryptosystems is that it simplifies the key management process which is a heavy burden in the traditional certificate based cryptosystems. Identity-based blind signature (IBBS) is attractive since one's public key is simply his/her identity. In the last couple of years, the bilinear pairings has been applied to various applications in cryptography. They are basic tools for construction of identity-based cryptographic schemes. Although an identity-based signature scheme has the advantage of short signature size, the time-consuming computation of the pairing and the inefficient special hash function lower the efficiency of the scheme, thus restrict the application of identity-based signatures.The security of the secret key is a very important and central problem in the field of cryptology. Once a secret key is exposed, all cryptologicai operations related to this secret key are insecure no matter how strong the cryptologicai algorithm is. Therefore, the exposure of secret key threatens the security of cryptosystem greatly. How to reduce the probability of secret key exposure and how to reduce the damage by means of cryptography when secret key exposure happens are very significant research work, forward secure cryptography and key-insulated cryptography are important work related to secret key security.The motivation of forward security is to reduce the damage brought by secret key exposure. The main idea of forward security is to update the secret key periodiclly by a one-way function and delete the old secret key. It means the adversary can't know any secret key in previous periods even if the current secret key is exposed, so the operations of previous periods are still valid. Compared with forward security cryptography, key-insulated cryptography provides the stronger security for the secret key. There are two module in the key-insulated signature scheme. One is the signer, the other is peripheral device which is physically secure. The exposure of the secret key of the signer may be occur. The signer signs a message with the secret key for the current time period. There is a secure communication channel between the signer and the device. Only after the interaction between the signer and the device through the channel, key update could be achieved through the information which is got from the device. So even an adversary get the secret key for the current time period, he can not compute the secret key for other time period without the help of the device.The main work in this paper is to research on some problems about current group signature schemes and identity-based blind signature schemes. The main results are as follows:1. We discuss how to cpoe with the key exposure in the group signatures and the properties that a forward secure group signature should has. We analyse how to design the signing algorithm, the forward security and the revocation token in a forward secure group signature scheme and propose a model for CRL-based forward secure group signature. We analyse the security of a forward secure group signature scheme and propose an improved scheme to avoid the disadvantage of the original scheme.2. Based on ACJT group signature scheme, two new forward secure group signature schemes are proposed. The main trait is that they have efficiently revocable property and forward secure property at the same time. Both the schemes tackle the drawback of the witness-based revocation method and support retroactively publicly revocable group membership with backward unlinkability. The computational cost of signing and verifying is independent of the number of the current group members and the revoked group members.3. Forward secure group signatures can not provide system security after the key exposure. To avoid this disadvantage and also for the need of VLR-based applications, we propose a VLR-based key-insulated group signature scheme. A new underlying zero knowledge protocol is proposed and the signature size is shorter than that of ACJT scheme. Our scheme has efficient random-access key updates and supports backward unlinkability. The size of signature and group public key are independent of the number of revoked group members and time periods.4. According to the disadvantage of VLR-based key-insulated group signature and the property of key-insulated method, we propose a key-insulated group signature scheme with selective revocation, i.e. only revoking the member's signing ability for some periods once key exposure was found at these periods. This is because it is hard to compromise other periods with the group secret key of the current period. Our scheme has efficient random-access key updates. The size of signature and the computational cost of the verifying are independent of the number of revoked group members. The group public key is independent of the number of time periods. 5. The factors that restrict the efficiency of the identity-based signature are the pairing operation and the special hash function. In order to increase the efficiency, we propose an efficient identity-based blind signature scheme with batch verifications and prove the security in the random oracle model. The special hash function is not used. Our scheme supports type 2 and 3 batch verifications which reduce lots of verification time when multisignature need to be verified at the same time. Compared with other identity-based blind signature scheme, our schemes can have better efficiency in terms of extracting secret key, issuing and verifying.