| With the computational complexity and structural flexibility, discrete logarithm lays good security foundations for the design of cryptographic schemes. Using the best algorithm which is known to date for solving discrete logarithm, aboutΟ( n)group operations,will be taken to solve the discrete logarithm problem in any given multiplicative group with order n. By comparing with factorization, discrete logarithm is very difficult problem and is extensively adopted in design of cryptographic schemes, such as American digital signature standard DSS ,European TESS, hence discrete logarithm problem has become an important primitive in cryptography. Aiming at the discrete logarithm based cryptographic systems, the paper systematically studies its secure design and secure implementation, in order to help the designer to better design and implement cryptographic application systems.The paper systematically analyse the characteristic, performance and sphere of application of the known algorithm adopted in solving discrete logarithm problem. According to the computation complexity of the algorithms, the method of choosing safety parameters of cryptographic schemes is proposed and the design and application of commitment schemes and knowledge proof protocol are studied in detail, both of which are basic building blocks of cryptographic schemes. Using trap-door commitment schemes , an identification protocol which is secure against CR2(Concurrent-Reset-2) attack is constructed. The thesis analysized the malleability of traditional discrete logarithm based commitment schemes and devised a new non-malleable commitment scheme by applying Diffie-Hellman key agreement protocol to production of random challenges for the first time in order to prevent the malleability of the knowledge proof.The methodology on security proof of cryptographic schemes are systematically studied in this thesis. The provably security of idealized system under random ORACLE model, generic group model and witness-indistinguishable model are also investigated, the increased consideration on the reason why provable security of ideal system can not implicate that of actual systems, some issues on validity and fairness of the prove procedure are probed by using digital signature schemas as an example. It is noted that the security proof is different from inference prove in mathematics, the conclusion of security proof of cryptographic schemes is validate only within given probability bound ,there is no absolute security.A comprehensive analysis on security of cryptographic system is given in this thesis, the possibility and technique way of attacks are discussed from two aspects: mathematics structure of group which is bases of discrete logarithm problem and the details of system implementation. The security on discrete logarithm problem in multiplicative group of modulo prime, multiplicative group of modulo composite and subgroup with prime order are analysized carefully, the secure structures of these groups are given respectively so that it can prevent the enemy from attacking with generator with slippery order or composite with particular structure.Voluminous facts indicated that attacks based on low-level flaws in system implementation and leak in system execution, which are characteristics of simple implementation and low cost, have threatened to security of cryptographic system. Without randomicity and independence of ideal system, the security of actual systems can not be followed from ideal system. Hence, the secure implementation of systems has become a new research topic. In this thesis, the fundamental principle, mission and target of secure implementation are proposed and the fundamental structure of system secure implementation platform is constructed by employing the idea of security protocol engineering. Aiming at the characteristics of discrete logarithm based cryptographic systems, parameter validation, message authentication, key independence and protocol run independence scheme are studied and designed in order to prevent enemy from attacking with degenerate message, message redirection, message replay and known keys. The intrusion-tolerant idea is applied to safe implementation of cryptographic systems in this thesis. According to the fail-stop protocol, the attack-tolerant schemes which are based on message chaining authentication and time limitation are designed, the schemes make any active attacks to not lead to more leak of secret data so that the latest safe border line for the systems is setup. Even if the system is exposed to active attacks the new schemes will reduce the harm to system to an all-time low. The attack-tolerant schemes can also simplify system implementation work and make designer concentrate more on preventing passive attacks and inner attacks. With appropriate active attack action check scheme, as long as the system is safe under passive attacks, it is safe as well under active attacks. In addition, the thesis introduced and studied the function and architecture of protocols specification language and complier.
|
PDF Full Text Request