Special Digital Signature, Theoretical Research And Applications

The idea of a "digital signature" was firstly proposed in W. Diffie and M. Hellman's seminal paper, "New directions in Cryptography". The purpose of the digital signature is to enable one person or certain organization to "digitally" sign some type of digital document. With the development of networks and the wide application of information systems, there are increasing demands on processing various digital documents in systems of E-Government and E-Commerce, even in daily life. Being a legal replacement for handwritten signatures, Digital signature is sure to be more extensively used in the near future. As time passed, many digital signatures were proposed, such as the very famous schemes of RSA, ElGamal and DSS, etc. In some applications, it is necessary to add some additional properties to standard signature schemes. As a result, many kinds of special schemes have been proposed, which can be called as signature schemes with special properties. This dissertation mainly studies theory and application of signature schemes with special properties.Since the concept of group signatures was introduced by D. Chaum and E. Heyst in 1991, the salient features of group signatures make them come to front. Many group signature schemes and cryptography protocols based on them have been proposed from then on. However, the efficiency of group signature schemes is always an involved problem. For providing anonymity and traceability (which means signatures can be opened in dispute cases) at the same time, the efficiencies of group signature schemes are usually lower. And so, analysis of efficiency on group signature schemes has come into an attractive task. In this paper, the efficiencies of several representative group signature schemes were fully analyzed and then compared with each other. As a result, it can be seen that the scheme proposed by G Ateniese, at al. in CRYPTO'2000 has higher efficiency and security, consequently it can be used widely to build cryptography protocols.Multi-group signature scheme can be regarded as a kind of generalized group signature scheme. The main challenge in applying multi-group signature schemes to real world is how to design an efficient and secure scheme. In the previous multi-group signature scheme of G. Ateniese and G.Tsudik's, the main disadvantage was the use of the inefficient signature of knowledge protocol to prove the equality of two double discrete logarithms. To over come this shortage, two improved multi-group signature schemes were made in this paper, building on more efficient signature of knowledge protocols.The security of the new schemes was analyzed quite sufficiently in the random oracle. Moreover, the efficiency of the new schemes was compared with the original scheme using specific parameters. Additionally, an improved sub-group signature scheme of G.Ateniese and G.Tsudik's was also proposed. It can be proved that all the proposed schemes possess better security, efficiency and practicality.Electronic auction is an attractive form of electronic commerce and recently many kinds of auction services are provided over the Internet. In group signature schemes, group members can be certained to have valid membership and have the ability to sign messages anonymously, in addition, group signature schemes has many special properties such as anonymity, unlinkability, traceability, coalition-resistance, non-framing etc. Therefore, many articles regard group signature schemes as a kind of effective tools in the design of auction schemes. However, as in group signature schemes, group manager has a special authority, and it is rather difficult to revoke a bidder effectively, only a few studies on auction schemes based on group signatures have been reported as long as we know, while not being satisfactory enough. In this paper, a new practical public auction scheme based on group signature was proposed, in which group manager's ability was limited, the privacy of bidder was protected, and an efficient revocation method was provided. As a result, it can be proved that the proposed scheme has salient advantages than previous ones.In a (t, n) threshold proxy signature scheme, n proxy signers of a designated group are given secret shares such that t or more of them can cooperatively sign messages on behalf of the original signer, but t-\ or less of them cannot do this. For the purpose of improving S. Kim et al.'s scheme, H. Sun suggested a nonrepudiable threshold proxy signature scheme with known signers. Later, Sun's scheme was found to be vulnerable to the conspiracy attack. By proposing a variant of the so-called "signatures of knowledge", a new nonrepudiable threshold proxy signature scheme was provided, which overcomes the difficulties in resisting the conspiracy attack and forgery attack. The unforgeability against active adversaries is proved under the random oracle model. Furthermore, it is shown that the new scheme satisfies all main properties of a practical and secure (/, n) threshold signature scheme.