Research On Some Extensions Of Proxy Signature

With the development of computer technology and network communication, application becomes more and more complex, and a lot of extended digital signature primitives have been proposed, among which proxy signature is an important one. In order to adapt the application environment, many extended proxy signature primitives have been proposed too and they are very useful in real world. Carrying on the research of proxy signatures and extended proxy signatures not only has significant academic values but also has much important significance to the national development of information security.In this thesis, we do some research on proxy signature and some extensions of proxy signature. We improve the secure model of proxy signature, and propose secure models for proxy multi-signature, multi-proxy signature, identity based proxy multi-signature. We propose security requirements for strong designated verifier proxy signature and proxy signcryption. We presents new schemes for the primitives. The main research fruits are as follows:(1) We do research on secure model of proxy signature.We formalized a notion of security for partial delegation with warrant proxy signature schemes, i.e., existentially unforgeability under an adaptive chosen-message attack and an adaptive chosen-warrant attack. We compare the new model with the previous formal models and identify their weakness. Through an existed proxy signature scheme, we showed that the secure model proposed by Boldyreva et al. didn't include all attacks in real world. Then we present a new secure proxy signature scheme from bilinear pairings based on the digital signature scheme of Cha et al. Moreover, we proved that in the random oracle model the new scheme achieved our desired security notions assuming the hardness of the computable Diffie-Hellman (CDH) problem.(2) We do research on proxy multi-signature and multi-proxy signature.Proxy multi-signature and multi-proxy signature are two important extended application of proxy signature. Although some research work has been done on them and many schemes have been presented, till now, no formalized definition and security model for them have been introduced and all of the previous schemes weren't been proved secure formally. We formalize a notion of security for proxy multi-signature and multi-proxy signature, i.e., existentially unforgeability under an adaptive chosen-message attack and an adaptive chosenwarrant attack. Based on the aggregate signature scheme proposed by Boneh et al., we put forward a new proxy multi-signature and a new multi-proxy signature. Unlike the previously proposed schemes, our new schemes have been proved secure formally assuming the hardness of computable Co-Diffie-Hellman problem. Furthermore, the new schemes have a good property that the size of a proxy multi-signature or a multi-proxy signature is independent of the number of the original signers or proxy signers and is always equal to the size of a short signature proposed by Boneh et al..(3) We do research on identity based proxy multi-signature and (strong) designated verifier proxy signature. More precisely:Identity based proxy multi-signature combines proxy multi-signature with identity based cryptography. It allows a proxy signer to sign messages on behalf of several original signers and the public keys of all participants are decided by their exclusive identities. There is no certificate authentication to issue and manage certificates, so it avoid complex certificate management mechanism. We define two security notions of identity based proxy multi-signature. One is existentially unforgeability under an adaptive chosen-message attack, an adaptive chosen-warrant attack and a given identity attack. The other is existentially unforgeability under an adaptive chosen-message attack, an adaptive chosen-warrant attack and an adaptive chosen-identity attack. And the latter one is stronger. Furthermore, we construct a concrete identity based proxy multi-signature scheme which is provably secure in the random oracle model under the computational Co-Diffie-Hellman assumption over pairing-friendly groups. The new scheme is efficient computationally.(Strong) designated verifier proxy signature combines the functionalities of (strong) designated verifier signature and proxy signature. We propose security requirements for (strong) designated verifier proxy signature, including verifiability, strong unforgeability, strong identifiability, prevention of misuse, non-transferability, and privacy of the proxy signer's identity. We also construct an identity based strong designated verifier proxy signature. In an ordinary strong designated verifier proxy signature scheme, the designated verifier must have registered public key. But in our scheme, the limitation is removed because of combining the functionality of identity based cryptography. The proxy signer can designate any user in the system to be a verifier and need not interact with him beforehand. He only need to know the public identity information of the verifier. The security of our scheme is based on the bilinear Diffie-Hellman (BDH) assumption. (4) We do research on proxy signcryption.Proxy signcryption combines the functionalities of proxy signature and encryption. A secure proxy signcryption scheme should satisfy the security requirements of proxy signature and encryption simultaneously, i.e., verifiability, strong unforgeability, strong identifiability, prevention of misuse, confidentiality, non-repudiation. According to the security requirements, we give some security analysis of Gamage et al.'s scheme which is a combination of Mambo et al.'s proxy signature scheme and Zheng's signcryption scheme. Our analysis demonstrates that their scheme cannot guarantee strong unforgeability, strong identifiability, non-repudiation, and prevention of misuse.We also present three practical and feasible proxy signcryption schemes. More precisely:We give some security analysis of Wang et al.'s signcryption scheme. In their scheme, because the signature of a message is visibility in a ciphertext, the scheme cannot satisfy the requirement of semantic security. We improve it, and based on the improved scheme we build a feasible and secure proxy signcryption scheme. The security of the new scheme is related to the difficult problems on finite field.From bilinear pairing on elliptical curve, we put forward a certificate based proxy signcryption scheme and an identity based proxy signcryption scheme. The certificate based scheme achieves great efficiency in communication cost and computation overhead. Its security is based on the bilinear Diffie-Hellman assumption. The identity based scheme is much more efficient than existed scheme in terms of computation overhead. Its security is also based on the bilinear Diffie-Hellman assumption.