The Research On Group-Oriented Digital Signature, Signcryption, And Contract Signing

With the development of network and communication technology, the group communication technology is developing rapidly, and the application systems based on the group communication are continually emerging. Therefore, how to perform secure communication in the insecure channel for a group of users becomes an ineluctable problem. It is obvious that the group-oriented cryptography on multi-party is technical guarantee for group communication. The confidentiality and authenticity are two important goals of cryptographic system. In general, confidentiality is provided by encryption, and authenticity is guaranteed by digital signature. For the requirements of application, the encryption schemes and signature schemes on two-party are being extended to group-oriented encryption schemes and signature schemes on multi-party.The main aim of this thesis is to study the group-oriented signature schemes, signcryption schemes, and contract signing protocols. We focus on constructing or improving of cryptographic schemes, security analysis, security proof, and designing of applied protocols. Here we construct some group-oriented signatures, signcryptions, and contract signing protocols suitable for especial requirements by using elliptic curve cryptosystems, identity-based cryptosystems, and bilinear pairings. Our research works are related to threshold signatures/signcryptions, multisignatures, aggregate signatures, verifiably encrypted signatures, and contract signing protocols. Our contributions in this thesis are the following:1. Threshold signcryption schemes based on elliptic curve cryptosystems are studied. The research works are included as follows:(1). Combining Zheng's signcryption with the authenticated encryption, we present a signcryption scheme that can perfectly integrate digital signature with public key encryption. And then based on the proposed scheme, we design a verifiable threshold signcryption scheme. Our schemes are more efficient due to they are designed based on the elliptic curve cryptosystems.(2). Taking aim at the drawbacks of the general authenticated encryption scheme with (t,n) threshold signcryption and the (k,l) threshold shared verification was introduced for the first time by Wang et al. in 2000, as well as the weakness of latter improved schemes on it, we presented a general signcryption scheme with (t,n) threshold signcryption and the (k,l) threshold shared verification based on the ideas of Zhengs's signcryption and elliptic curve cryptosystems. Our scheme has overcome the drawbacks of Wang et al's scheme and its improved schemes.(3). In order to improve the weakness of Zheng's signcryption in public verifiability and some authenticated encryption schemes in semantic security, we present a signcryption scheme with public verifiability and semantic security. Afterwards, we design a threshold signcryption scheme with (t,n) shared verification based on this signcryption scheme.In addition, we explore the implementations of arithmetic for elliptic curve cryptosystems. Here we mainly study the fast implementations of correlative arithmetics based on the NTL C++ library. We compare the efficiency of NTL with the corresponding cryptographic algorithms.2. Semantic security (IND-CCA2) is an important security goal for encryption scheme. It shows that the adversary has a non-negligible advantage to guess the ciphertext C on plaintexts M₀ and M₁ produced during the game IND-CCA2 and determine which one matches the challenge ciphertext. However, most of current signcryption schemes or authenticated encryption schemes cannot achieve semantic security. The main reason is that the plaintext is usually visible in the verification equation. In this thesis, we give several solutions for above problem. These solutions can provide not only public verifiability but also semantic security. For the advantage of elliptic curve cryptosystems, our schemes have lower communication cost and computational cost in comparison with current schemes.3. In view of the study on the identity-based threshold signcryption scheme and its provable security problem were hardly related to in the current literature. Firstly, we give a pilot study on formal security notions of identity-based threshold signcryption scheme, including semantic security and unforgeability. Secondly, we give a new identity-based threshold signcryption scheme and its security proof in the random oracle. The proposed scheme can achieve the semantic security under Decisional Bilinear Diffie-Hellman (DBDH) assumption. Besides, it can achieve unforgeability, robustness, and non-repudiation. We use such method that the private key associated with an identity rather than the master key is shared. In the threshold signcryption phase, we provide a new method to prevent the cheating that malicious member forge the partial signcryption.4. Due to the Boneh et al.'s short signature scheme couldn't provide the property of probabilistic signature, neither of the Boldyreva's threshold signature and multisignature based on Boneh et al.'s construction is probabilistic signature. Thus, there exist the possibility of comparison attacks on above schemes by collecting past signature texts. In this thesis, we propose a multisignature scheme and a threshold signature scheme based on an improved scheme of Boneh et al.'s short signature, and give their security proofs in Random Oracle model. Our constructions can prevent the risk of comparison attacks by adding probability, and their security is the same as Boldyreva's schemes.5. Aggregate signature and its applications on constructing verifiably encrypted signature scheme are studied. In general, a verifiably encrypted signature scheme requires a trusted third party (TTP) to adjudicate the disputes. In order to weaken the TTP's influences, firstly we extend Boneh et al.'s verifiably encrypted signature with single adjudicator to a multi-adjudicator scheme. Then based on the proposed verifiably encrypted signature scheme, we design a contract signing protocol with multiple adjudicators. The protocol can provide unforgeability, opacity, fairness and confidentiality. Because our verifiably encrypted signature scheme and contract signing protocol are design based on secret sharing without trusted center, and in the adjudication phase, each adjudicator only send his decryption share instead of shared decryption, they are more suitable for the situations of sensitive message exchange. For the short signature scheme and aggregate signature scheme have high efficiency and simple compution, our extension of verifiably encrypted signature is more practical for constructing fair exchange protocol with multiple TTPs.Compare to the traditional signature-then-encryption approach, signcryption has lower computational costs and communication costs. So long as we introduce the signcryption to group-oriented cryptographic systems with multi-party, the computational costs and communication costs will be reduced significantly. Such systems are suitable for group communication where both confidentiality and authenticity are required, and their applications will be very widespread. For the above reasons, we emphasize the study on signcryption approach and its group-oriented schemes.