| Digital signature technology, one of the core technologies of information security, provides authentication, integrity and non-repudiation of message. Moreover, some digital signature schemes with additional properties are gradually satisfying the application requirements in practice. Authorization is commonly used in office automation,and is also one of important ways to establish trust relationship. Authorized activities are generally conducted in a computer network environment, but the network is open, which makes its own security be greatly threatened. Therefore, how to achieve a reliable authorization on the open network has become an important issue, which is the motivation of this dissertation.To address the above issues, this thesis will study new design of authorization–oriented signature schemes,including the authorization of generating a signature as well as the authorization of verifying a signature. The main subjects of this study include authorization-oriented of generating a signature, i.e. proxy signatures, as well as authorization-oriented of verifying a signature, i.e. designated verifier signatures. By analyzing the existing digital signature schemes with the authorization features, combined with some new cryptographic techniques, we constructed five new digital signature schemes with authorization features. Specifically:1. The security of some proxy signature schemes due to Sunitha and Amberker recently is analyzed. It was demonstrated that an adversary can forgery a valid proxy signing key on behalf of the original signer without his/her agreement and produce valid proxy signatures. The corresponding corrected algorithms are proposed to resist this kind of forgery attack. The security of Tan’s proxy blind signature scheme and his e-cash scheme based on the signature were analyzed. It was found that a malicious original signer can both forge valid proxy signature keys of arbitrary proxy signers and forge proxy blind signature on an arbitrary message with respect to any proxy signer directly. We also discuss three weaknesses in the e-cash scheme proposed by Tan.2. New constructions of proxy signature, proxy multi-signature and mutli-proxy signature which are strongly unforgeable in the standard model were proposed. The detailed security proofs were also provided. Compared with the known schemes, the three new schemes achieve the following advantages, stronger security, shorter system parameters and higher efficiency.3. We propose a new proxy signature scheme by incorporating Gentry’s partial-domain hash function and improved Rabin-type digital signatures. The employment of Williams integer, makes the public keys of the original signer and the proxy signer shorter. We also provide a formal security proof of the scheme under the factorization assumption in the random oracle model. As far as we know, the new scheme is the first provably secure proxy signature scheme from integer factorization assumption.4. By combining a Chameleon Hash Function, a strong designated verifier signature scheme with secure disavowability is proposed. The new scheme achieves the properties of unforgeability, non-transferability and secure disavowability, which make the rights and responsibilities of the signers and verifiers clearer in the designated verifier signature schemes. Performance comparison shows that our scheme outperforms the corrected Jokobsson’s scheme in terms of computational efficiency and signature length. |
PDF Full Text Request