| In cryptosystem system, the compromise of key will result in very seriousconsequences. As long as the user’s key is compromised, the entire system is no longersafe, the message signed (or encrypted) by users will lose their protection. In order tomitigate the damage brought by user’s key compromise, in1997Anderson proposedthe concept of forward security. He devided the validty time of a key pair into timeperiods, at the end of each period, the user updates the new secret key from the currenttime period in a one-way function, and deletes the private key of the current timeperiod securely. Meanwhile the public key remains the same in all of the time periods.This general approach ensures validity of all documents signed or encrypted prior tothe time period of compromise.In most of the primitive of forward security cryptosystem, the update algorithmfully controls the user’s private key. But these primitives cannot be integrate well withsome existing software architecture such as Gun Privacy Guard and S/MIME. Inthese architectures, the user’s private key is typically encrypted by a key decrievedfrom a user password. In the case where the user’s private key is leaked while thepassword is not leaked, it can guarantee the security of the system.In order to solve the problems presented above, this thesis will study new designof forward secure schemes, including digital signature schemes and public keyencryption schemes. The main research objects of this study include forward securedigital signature schemes with untrusted update and forward secure public keyencryption scheme with untrusted update. Specifically:1. We propose the first forward secure public key encryption scheme with untrustedupdate and the construction achieves security against chosen-plaintext attacksunder the decisional bilinear Diffie-Hellman assumption in the standard model.This scheme is practical, and all parameters grow at most logarithmically with thetotal number of time periods.2. Combining RSA encryption, we propose a forward secure digital signature schemes with untrusted update. The scheme is proven to be forward secure basedon the hardness of factoring, in the random oracle model. Compared with theknown schemes, the new scheme is more efficient in signing and verifying andhas short signatures.3. We propose a fast key-update forward secure digital signature scheme withuntrusted update and prove its security. In this scheme, the update algorihm onlyneeds a modular multiple and achieves fast-key update. |
PDF Full Text Request