Study And Design Of Several Identity-Based Signature Schemes

In traditional public key cryptosystems,the public key is usually a "random" string picked by the user that is unrelated to the user's identity.To bind the public key to its legitimate owner,a certificate authority(CA) needs to digitally sign a certificate claiming this relationship between the public key and the user.As a result,any verifier must obtain and verify the corresponding certificate before performing signature verification.Nowadays,certificate management(including revocation,storage and distribution) and the computational cost of certificate verification incur the main complaint against traditional public key cryptosystems. To eliminate the burden of certificate management,Shamir introduced the notion of identity-based cryptography in 1984.In an identity-based cryptosystem,a user's public key is just his publicly available identity(e.g.real name,email address,or IP address), hence no extra effort is necessary for ensuring the authenticity of a public key,the complexity of the certificate management is released.Recently,many researchers have conducted deep research in the area of identity-based cryptosystems,including signature schemes and encryption schemes.However,as far as we know,the research on identity-based signature schemes is not ideal enough.Thereby our point in this thesis is to study and design a series of identity-based signature schemes systematically via formalization means.Our main achievements are as follows:1.Up to now,the only known direct construction of identity-based signature(IBS) scheme which is secure in the standard model is proposed by Paterson and Schuldt in 2006.The main problem of their scheme is that the public parameters include about n_u+n_m group elements,where n_u is the binary length of the identities and n_m is the binary length of the messages.In this thesis,we propose an IBS scheme with reduced public parameters which is also proven secure in the standard model.The public parameters of our scheme consist of max(n_u,n_m) group elements.Security of our scheme is reduced to the CDH problem in the underlying group.2.The notion of digital signcryption was proposed to perform the functionality of signature and encryption simultaneously and efficiently.Recently,Yu and Yang presented the first identity-based signcryption scheme without random oracles.In this thesis, however,we show that the scheme is actually not semantically secure.Then we devise an identity-based signcryption scheme without random oracles,improving on Yu and Yang's scheme.We also propose an identity-based broadcast signcryption scheme based on our identity-based signcryption scheme.3.Directed signature schemes are suitable for applications such as bill of tax and bill of health.As far as we know,directed signatures in the identity-based setting have not been formally studied yet.In this thesis,we fill this gap.We propose a reasonable formal model for identity-based directed signatures,and present a concrete scheme provably secure in this model.4.In the widely accepted model of identity-based threshold signature schemes,there are two trusted authorities(one is the private key generator PKG,the other is the private key distributor).Therefore all schemes proposed in this model have two single points of failure.To provide better robustness in practice,we propose the notion and security model of identity-based threshold signature schemes without a trusted authority,and propose a concrete construction.The signing phase of our scheme is non-interactive, therefore it is better than other identity-based threshold signature schemes in terms of communication efficiency.5.Certificateless cryptography is a sibling notion of identity-based cryptography.We propose a new certificateless threshold signature scheme,and prove it secure in terms of robustness and existential unforgeability.Our scheme improves on existing scheme in terms of both computation and communication efficiency.