Research On Aggregate Signature And Signcryption

From the trend of Information and communication network, it can be summarized by broadband, mobilization, integration, intelligence and ubiquitousness. Wireless mobile communication is the tendency of Mobile Internet development, which will be a significant development direction with the high-spread development of the increasing cooperation between mobile networks. And wireless mobile communication tends to be ubiquitous networks and Internet of Things ultimately. At present, Internet of Things has become a new research focus. Meanwhile, the ubiquitous network is making communicating more convenient, more connective and more intelligent, which conversely raises a great challenge for security. With the limitations of computation and storage resources and power, it becomes a new research topic to look for a more efficient technology of security.Aggregate signature means to aggregate several signatures made of messages by multiple users into a short signature, so that the verifier just needs to check the aggregated signature to confirm whether the signatures are made of messages by the multiple specific users respectively.Signcryption completes both of digital signature and data encryption within one logical step, and meanwhile, achieves the goals of confidentiality, non-counterfeit and non-repudiation with higher efficiency and lower cost than traditional methods that are "first signature, second encryption"Theoretically, they would all evolve into be more efficient technologies of security by compressing and getting rid of some redundancies and saving costs of computing and communicating.A research is made on the technologies of aggregate signature and signcryption, and a series of schemes with particular properties are designed, which has considerable value for security of the future wireless mobile communication in theory and application. There are several major achievements of the research as following:1. With an incremental nature, the aggregate signature can be verified by anyone and aggregated with their own signatures, which leads to that non-target users also can verify the aggregate signature. Hence, any verifier can tell the signers’identities, which is not applicable in most environments, such as electronic voting and bargaining in the electronic commerce. By designating the signature verifiers, only those allowed verifiers can confirm the validity of signature, for protection of the signers’identities. To achieve this, an aggregate signature scheme with specified verifiers is designed, where only those particular verifiers can verify the validity of the aggregate signature.2. In the cryptosystem based on bilinear pairings, computing is the most time-consuming. Many researchers attempted to reduce the complexity of computing, however, with little progress. According to the present best result, an operation of pairing-pairing computation in the elliptic curve E/E3163roughly equals11110operations of multiply in F3163, while an operation of point multiplying in E/F3163equals to hundreds of multiplying operations in F3163, that is, a multiply operation of points is at least11times fast as that of pairs. It is a fact that the pairing operations required in the aggregate signature scheme increases linearly with the number of users. To solve this difficulty, an aggregate signature with a constant number of pairing operation is given, which only needs4pairing operation, no matter how many users are involve in the aggregate signature.3. The ID-based cryptosystem has many advantages:user’s public key can be directly derived from his identity information by a particular public algorithm, which is supposed to be simple and easy. And the private key matching the user’s public key can obtained from Trusted Third Party, also known as Private Key Generator via some particular public algorithm. In this ID-based cryptosystem, any two users can communicate directly, without exchanging public-key certificate, without storing the list of the public key certificates, and without using online third party. Hence, in limited environments of storage and computation, the advantages of ID-based cryptosystem are obvious. Not only is a known ID-based signature scheme pointed out unsafe, but also a new ID-based aggregate signature is proposed.4. Forward secrecy can guarantee that nobody can decrypt these validate signatures signed by the user’s private key before when it gets lost. Strong equivalence transformation is made based on digital signature standard DSA, and signcryption scheme with forward secrecy is designed. Equivalent to similar schemes from the sense of security and efficiency, it can be implemented readily because of sharing many modules of DSA signatures.5. For the guarantee of confidentiality of signcryption, many signcryption schemes do not support public verification, which brings difficulties for the implementation of non-repudiation. Conventionally, it requires the third party to run zero-knowledge proof protocol to complete it, and this greatly degrades the efficiency of signcryption. Based on Paterson Signature Scheme, an ID-based and public verified signcryption scheme given in this paper, which involves only2pairing operations, is the most efficient among the similar schemes.