Research On Multiparty Oriented Cryptography Schemes

With the rapid development of the computer network,the activities on the network are becoming more and more frequent and complicated;lots of activeties show the characters of multiparty and group.So it is of theoretical and practical significance on study in multiparty-oriented cryptosystems.In the applications with multi participants,the tranditional secure requirments such as confidentiality,integrality,authentication and non-repudiable will have new meaning,and multiparty-oriented applications bring new secure requirements such as anonymity,traceable,fairness and etc.The research of multiparty-oriented cryptosystems is a wide area which includes multiparty-oriented encryption schemes (such as threshold encryption/decryption,broadcast encryption,group-oriented encryption and group encryption),multiparty-oriented signature schemes(such as threshold signatures,aggregation signatures,group signatures,ring signatures and concurrent signatures),and multiparty-oriented key agreement/management and so on. We mainly work on some of these fields and get some results in threshold cryptography,forward secure cryptosystems,broadcast encryption,fair contact signing and concurrent signatures.The idea of threshold cryptography is to protect the sensitive information(or computation) by fault-tolerantly distributing it among a cluster of cooperating parties. The fundamental problem of threshold cryptography is the problem of secure sharing of a secret.A secret sharing scheme allows one to distribute a piece of secret information among several parties in a way that meets the following requirements:(1) smaller than a given threshold of parties can not figure out what the secret is;(2) when it becomes necessary that the secret information be reconstructed,a large enough number of parties(a number larger than the threshold) can always do it.A very useful extension of secret sharing is function sharing.Its main idea is that a highly sensitive operation,such as decryption or signing,can be performed by a group of cooperating parties in such a way that less than threshold of parties can not to perform this operation,and none is able to prevent the more than threshold of parties from performing the operation when it is required.The contents of threshold cryptography are extensive.In this paper,we get three results in the research on threshold proxy signature schemes and the threshold ring signature schemes.1.We construct the first efficient and secure RSA-based threshold proxy signature scheme.In our scheme,a Trust Authority(TA) is not needed and all of the secret parameters are generated in a distributed way.2.We point out that there is an error in Tzeng et al's improved scheme to Hwang et al's "non-repudiable threshold proxy signature scheme with known signers".To overcome the problem that the original signer can forge the proxy signature in Hwang's scheme,we give out a new improvement and prove its security.3.We construct an efficient ID-based threshold ring signature scheme,which has provable security under the standard model.The security of the secret key is still important in multiparty-oriented cryptosystems.The exposure of secret keys can be devastating attack on a cryptosystem since such an attack typically implies that all security guarantees are lost. Beside the threshold secret sharing,there is a notion of forward secure can solve this problem.In a forward-secure cryptosystems,the lifetime of the system is divided into T time periods,with a different secret key for each time period,and there is only one public key which remains the same through all the time periods.Each secret key is used only during a particular time period and to compute a new secret key at the end of that time period and then erased.The evolution of the secret key is irreversible,it is difficult to compute the key of privioues time priod from current key.In a forward-secure cryptosystems,when the key is exposed in a time period,we must revoke the key of that time period and stop the key evolution.But how to detect the key exposure in a forward-secure scheme is not mentioned in previous works.Itkis proposed a new notion of cryptographic tamper evidence and constructed the tamper-evident signature schemes.A tamper-evident signature scheme provides an additional procedure Div which detects tampering:given two signatures,Div can determine whether one of them was generated by the forger.In this case,it might be impossible to tell which signature is generated by the legitimate signer and which by the forger,but at least the fact of the tampering will be made evident.According to farward secure encryption and farward secure signature,we get two results respectively.1.Based on the Tamper Evidence,we define a new notion of Forward-Secure Public-Key Encryption Scheme with Tamper Evidence(TE-FEnc) and propose a general method to build a TE-FEnc scheme.We also give out a concrete instance at last.In the standard model,we prove that our scheme is Forward secure,strong Forward Tamper-Evidence secure,and achieve security against chosen ciphertext attacks.2.Based on the Tamper Evidence,we define a new notion of Tamper Evidence Forward Secure Signature scheme(TE-FSig) and propose a general method to build a TE-FSig scheme.We also give out a concrete instance at last.We prove that our scheme is Forward secure,strong Forward Tamper-Evidence secure,and strongly unforgeable under the chosen-message attack.The confidentiality of data transfer is one of the most important requeriment in the information security.In the case of multiparty applications,it usually requires a sigle party sending ciphertext to multiparty,such as pay TV,distribution of digital contents and so on.Broadcast Encryption schemes are cryptosystems that enable senders to efficiently broadcast ciphertexts to a large set of receivers such that only the chosen receivers can decrypt them.We get one result in research on the broadcast encryption.We propose a new efficient dynamic identity-based broadcast encryption scheme (DIBBE),and prove its security in Random Oracle model.We also compare our scheme with the previous work and show that our scheme has a great advantage. Firstly,the proposed scheme need not to setup a max potential receivers set in advance,and it has constant size of the public key,private key and header of cipertext. Secondly,the computational costs of encryption and decryption in our scheme are also constant size.At last,it is easy to add or remove receivers.So our scheme is efficient and practical for dynamic and large receivers set.The commercial transactions always involve multiple players.Usually,the players mutually distrust one another.The fairness is the basement of the commercial behaves.A fair system must ensure that other players will not gain any advantage over the correctly behaving player.Contract signing is the most common commercial transaction.The problem of digitally contract signing over a network is more complicated than signing a contract in the real world.To solve the fair contact signing problem,there are two methods.The first one uses the fair exchange protocol and the more efficient scheme is called "optimistic contact signing".In such a protocol,a Trust Third Party(TTP) intervenes only when a problem arises,e.g.,a signer is trying to cheat or a network failure occurs at a crucial moment during the protocol.The second way is called "concurrent signature".A concurrent signature protocol allows two entities to produce two signatures in such a way that,the signer of each signature is ambiguous from any third party's point of view until the release of a secret,known as the keystone.Once the keystone is released,both signatures become binding to their respective signers concurrently.We get three results in solving the fair contact signing.1.We point out that the concurrent signature protocol proposed by Huanget.al is unsafe.At first,both the participants A and B can forge a signature about a new mesaage after the protocol completed.And second,both A and B have the ability to forge the concurrent signature of the both parties.To correct these problems,we propose an improved protocol and prove its security.2.In the previous concurrent signature schemes,the roles of participants are asymmetrical,one party which is called initial signer who needs to create the keystone fix and sends the first ambiguous signature,the other party which is called matching signer who responds to this initial signature by creating another ambiguous signature with the same keystone fix.This work mode may be bring some unfair.In this paper,we construct a perfect concurrent signature protocol for symmetric participants and prove its security.In our concept,the roles of participants are symmetrical.The keystone can not be decided by any participant and the two ambiguous signatures can be published in any order.3.Based on the controllable ring signature scheme,we construct a fair contract signing protocol without TTP,and prove its security.Compare with the previous optimistic contact signing protocols,our protocol has two advantanges:(1) our protocol uses no TTP and achieves the weak faimess;(2) in the concurrent signature protocols,the form of the signature is unregular, but in our protocol,the players can convert the signature into a regular form.